Overview
Expose private services through outbound-only tunnels.
rstream exposes services running in private networks through edge-hosted tunnels. The upstream service keeps running where it already is, while a CLI, agent, or SDK opens an encrypted outbound session to the engine.
The edge becomes the public entrypoint. It exposes HTTP, TLS, DTLS, or QUIC, applies stable domains, authentication, TLS policy, and access rules, then relays accepted traffic back through the outbound session.
The documentation follows that runtime model: start by opening a tunnel, then decide what the edge exposes, how the client reaches the engine, and which security controls the environment requires.
Start with the quickstart if you want a working tunnel first. Use Tunnel Basics and Security Model when you need to reason about production behavior.
Sections
Getting Started
Install the CLI, authenticate, and open a first tunnel.
Tunnels
Learn core concepts, HTTP behavior, protocols, transports, declarative setup, and self-hosted operations.
Security
Understand the security model, tokens, fine-grained scopes, and access policies.
Integrations
Connect with APIs, labels, signaling, and SDKs for automated environments.
Support
Use observability tools and support resources to diagnose and resolve issues.