BestHub
Sign in
Operations 10 min read

How NodePass Simplifies Secure Network Tunneling Across Firewalls

NodePass is an open‑source Go‑based network tunnel tool that lets developers and ops quickly create encrypted TCP/UDP bridges through firewalls and NAT, offering server/client modes, flexible encryption, zero‑config deployment, Docker images, and detailed logging for reliable remote access.

Liangxu Linux
Liangxu Linux
Liangxu Linux
How NodePass Simplifies Secure Network Tunneling Across Firewalls

Overview

NodePass is an open‑source network tunneling utility written in Go. It creates a secure bridge between two machines, allowing services inside a private network to be accessed from anywhere without a full VPN.

Key Features

Two operating modes – server (listens for incoming connections) and client (connects to a server).

Three encryption options: tls=0 (no encryption), tls=1 (self‑signed certificate), tls=2 (custom certificate). The client automatically syncs the chosen mode with the server.

Supports both TCP and UDP traffic, suitable for web services, databases, games, and video streams.

Smart connection pool that dynamically scales, closes idle connections, and uses semaphores for high‑concurrency stability.

Zero‑configuration – all settings are passed via command‑line flags or environment variables.

Lightweight resource usage; runs on devices from Raspberry Pi to large servers and can auto‑reconnect on network failures.

Five logging levels (debug, info, warn, error, fatal) for granular troubleshooting.

Quick Start

Server

nodepass server://0.0.0.0:10101/127.0.0.1:8080?log=info&tls=1
0.0.0.0:10101

– public listening port. 127.0.0.1:8080 – local service to expose. tls=1 – use a self‑signed certificate for encryption.

Client

nodepass client://your-server.com:10101/127.0.0.1:8080?log=info
your-server.com:10101

– server’s public address. 127.0.0.1:8080 – destination on the client side.

After the client connects, the remote user can access the service via http://localhost:8080.

Docker Deployment

# Pull the official image
docker pull ghcr.io/yosebyte/nodepass:latest

# Run in server mode
docker run -d --name nodepass-server -p 10101:10101 -p 8080:8080 \
  ghcr.io/yosebyte/nodepass server://0.0.0.0:10101/0.0.0.0:8080

# Run in client mode
docker run -d --name nodepass-client \
  -e MIN_POOL_CAPACITY=32 \
  -e MAX_POOL_CAPACITY=512 \
  -p 8080:8080 \
  ghcr.io/yosebyte/nodepass client://nodepass-server:10101/127.0.0.1:8080

The container can be integrated into CI/CD pipelines or Kubernetes clusters.

Troubleshooting

Connection failures – verify firewall rules and server address.

Performance issues – adjust MIN_POOL_CAPACITY and MAX_POOL_CAPACITY to tune the connection pool.

UDP packet loss – increase UDP_DATA_BUF_SIZE or modify UDP_READ_TIMEOUT.

Unclear logs – set log=debug for detailed output.

Repository

Source code (MIT license): https://github.com/yosebyte/nodepass

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

DockerDevOpsTCPUDPnetwork tunnelingNodePass
Liangxu Linux
Written by

Liangxu Linux

Liangxu, a self‑taught IT professional now working as a Linux development engineer at a Fortune 500 multinational, shares extensive Linux knowledge—fundamentals, applications, tools, plus Git, databases, Raspberry Pi, etc. (Reply “Linux” to receive essential resources.)

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment