Download rstream CLI
rstream CLI runs on Linux, macOS, and Windows on most hardware architectures and can be installed via package managers, one-command install scripts, Docker images, or manual binary downloads — from constrained embedded systems to large server infrastructures.
Create a project in the dashboard first; the CLI attaches tunnels to the selected project. If you already have a project, install the CLI and log in.
Install
Recommended on Debian / Ubuntu / Raspberry Pi. Installs system-wide and updates via apt.
Configure
Authenticate, then select the project that will own new tunnels.
This links the CLI to your account.
This selects the default project for subsequent commands.
Run
Create a public endpoint for a local service.
Forwards local port 8080. Change it to match your service.
Go Further
More protocols and advanced flags are documented in the Quick Start Guide.
Frequently asked questions
Can’t find the answer you’re looking for? Reach out to our customer support.
The rstream CLI is the client component of the rstream platform. It establishes secure, outbound-only tunnels from local or private environments to the rstream edge network so that internal services can be exposed as globally reachable endpoints without opening ports or changing NAT.
rstream CLI runs on Linux, macOS, and Windows and supports most common hardware architectures, including Intel/AMD x86_64 and ARM64. The same binary model allows deployment on resource-constrained embedded systems as well as large server infrastructures, as long as the underlying OS and network stack are supported.
Each tunnel is initiated from inside the environment toward the rstream edge network as an encrypted outbound connection. No inbound ports are exposed on the local network. Incoming requests are terminated or inspected at the edge, authenticated, filtered according to policy, and then relayed through the tunnel to the upstream service. This model keeps connectivity predictable and minimizes the attack surface on the origin side.
At the edge, rstream can terminate or forward endpoints using HTTP/1.1, HTTP/2, HTTP/3, WebSocket, WebTransport, TLS, QUIC, and DTLS. This covers classic HTTP APIs, streaming and bidirectional APIs, and datagram-oriented workloads, while enforcing a consistent security and policy model across these protocols.
The CLI establishes long-lived, outbound tunnels to the rstream edge network over TLS or QUIC. These tunnels carry both control traffic and application data between your environment and the edge. The choice of TLS or QUIC for this internal transport is independent from the protocol exposed at the edge (for example HTTP/3, WebSocket, or DTLS) and from the protocol used between the edge and your upstream service.
rstream can be installed via direct binary download from this page, one-command install scripts for POSIX shells and PowerShell, package managers such as Homebrew, APT, winget, or npm where available, and via Docker images. All installation methods ultimately provide the same standalone CLI binary, which can be integrated into existing tooling, images, or infrastructure-as-code workflows.
Elevated privileges are not required to run the rstream CLI for a single user. It can be installed in user space without system-wide changes. Administrator or root access is only needed when using system package managers or when installing rstream globally for all users on a machine.
Yes. Tunnels are authenticated against the rstream control plane using credentials bound to an account, typically via API tokens or similar mechanisms. This allows the platform to enforce security policies, associate tunnels with projects or organizations, and provide observability and audit information.
All control traffic between the CLI and the rstream edge network is encrypted over TLS or QUIC. Application traffic is protected according to the configured protocol and policy, with options such as public or private tunnels, mutual TLS, token or key-based authentication, rstream Auth, and additional controls such as trusted IP ranges, rate limiting, and GeoIP-based restrictions applied at the edge.
No external runtime is required. rstream is distributed as a single binary and does not depend on language runtimes or additional daemons. When installed via package managers or Docker, those mechanisms are only used for distribution; execution still relies on the same standalone binary.
Yes. The CLI is designed to operate without interactive prompts. Credentials and configuration can be provided via environment variables, configuration files, or flags, which makes it suitable for CI pipelines, ephemeral build agents, and long-lived infrastructure where tunnels must be created and destroyed automatically as part of a workflow.
Yes. In addition to the CLI, rstream provides SDKs that allow applications to create and manage tunnels directly from within the process, using the same security and transport model as the CLI. This is suitable for embedded use cases, custom control planes, or services that need tight integration with tunnel lifecycle. Usage details and examples are available in the rstream SDK documentation.