Tunnel Panda is a modular, secure reverseβproxy that streams your local Ollama API behind a Cloudflare Tunnel. It supports Basic Auth, API token control, and streaming over WebSocket.
- π Basic Authentication +
X-APP-TOKENprotection - βοΈ Cloudflare Tunnel exposure for local Ollama API
- π¬ Stream completions over HTTP and WebSocket
- 𧱠Modular architecture: routes, auth, logger
- π§° Interactive setup assistant (
npm run setup) - π Internal rate-limit monitor:
/β_internal/rate-status - π Winston-based JSON logging with daily rotation
- π One-line self-update:
npm run update - π₯οΈ NEW: Electron GUI Control Center with visual management
- ποΈ NEW: Feature-based architecture ready for Pro features
TunnelPanda now uses a feature-based architecture that makes it easy to add new functionality and maintain the codebase:
- Modular Features: Each feature (auth, database, ollama, etc.) is self-contained
- Shared Utilities: Common code is centralized in the shared folder
- Pro-Ready: Structure designed to easily add premium features
- Clean Separation: Core, desktop, and server concerns are separated
See ARCHITECTURE.md for detailed documentation.
tunnelpanda/
βββ apps/ # Feature-based application structure
β βββ core/ # Core features (free tier)
β β βββ features/ # Feature modules
β β β βββ auth/ # Authentication
β β β βββ database/ # Database operations
β β β βββ health/ # Health checks
β β β βββ ollama/ # Ollama API integration
β β β βββ monitoring/ # System monitoring
β β β βββ tunneling/ # Tunnel management
β β βββ shared/ # Shared utilities
β β β βββ config/ # Configuration
β β β βββ middleware/ # Common middleware
β β β βββ utils/ # Utility functions
β β βββ ui/ # Core UI components
β βββ desktop/ # Electron GUI Control Center
β β βββ main/ # Main process
β β βββ preload/ # Preload scripts
β β βββ renderer/ # Renderer UI
β βββ server/ # Express server entry point
βββ cloudflared/
β βββ config.yml
βββ logs/ # Application logs
βββ scripts/ # Development scripts
β βββ dev.js # Development helper
βββ .env.example
βββ package.json
βββ launcher.js
βββ ARCHITECTURE.md # Architecture documentation
- Node.js 18+ and npm
- Git
- cloudflared (install via official Cloudflare documentation)
sudo apt update && sudo apt install -y nodejs npm gitsudo yum install -y nodejs npm gitbrew install node@18 gitchoco install nodejs-lts git -ygit clone https://github.com/hidim/tunnelpanda.git
cd tunnelpanda
npm install
npm run setupFollow the prompts. After setup:
cloudflared tunnel --config cloudflared/config.yml run tunnelpanda
npm startgit clone https://github.com/hidim/tunnelpanda.git
cd tunnelpanda
npm install
npm run electronThe Electron GUI provides:
- ποΈ Visual Controls: Start/stop server and tunnel with buttons
- π Security Management: Configure auth, tokens, and rate limits
- π Real-time Monitoring: Live stats, logs, and WebSocket data
- ποΈ Database Console: Manage vector database connections
- π§ API Testing: Built-in endpoint tester with sample requests
- π Log Viewer: Browse and filter application logs
- βοΈ Settings Panel: Complete configuration management
Both interfaces work together - you can use npm commands or the GUI interchangeably!
All endpoints require Basic Auth and an X-APP-TOKEN header.
curl -u panda:bamboo \
-H "X-APP-TOKEN: super-secret-token" \
-H "Content-Type: application/json" \
-d '{"model":"phi4","prompt":"Write a haiku about pandas.","stream":false}' \
https://api.domain.com/api/generatecurl -u panda:bamboo \
-H "X-APP-TOKEN: super-secret-token" \
-H "Content-Type: application/json" \
-d '{"model":"phi4","messages":[{"role":"user","content":"Hello Panda"}],"stream":true}' \
https://api.domain.com/api/chatcurl -u panda:bamboo \
-H "X-APP-TOKEN: super-secret-token" \
https://api.domain.com/api/tagscurl -u panda:bamboo \
-H "X-APP-TOKEN: super-secret-token" \
-H "Content-Type: application/json" \
-d '{"model":"phi4","input":["Convert this text to vector."]}' \
https://api.domain.com/api/embeddingscurl -u panda:bamboo \
-H "X-APP-TOKEN: super-secret-token" \
https://api.domain.com/healthcurl -u panda:bamboo \
-H "X-APP-TOKEN: super-secret-token" \
https://api.domain.com/_internal/rate-statusConnect to wss://api.domain.com/db/status with the same authentication. On
connect you'll receive a JSON map of collection counts:
{ "reminders": 5, "tasks": 2 }Every time new items are added the server broadcasts { "collection": "<name>", "count": <total> }.
URL: wss://api.domain.com/api/chat
const ws = new WebSocket('ws://localhost:16014/api/chat');
ws.onopen = () => {
ws.send(JSON.stringify({
model: "phi4",
messages: [{ role: "user", content: "Hi panda!" }],
stream: true
}));
};
ws.onmessage = ({ data }) => console.log('AI:', data);
ws.onerror = (err) => console.error('WebSocket error:', err);
ws.onclose = () => console.log('WebSocket closed');Create a file .env with:
PORT=16014
BASIC_AUTH_USER=panda
BASIC_AUTH_PASS=bamboo
APP_TOKEN=super-secret-token
OLLAMA_API_URL=http://localhost:11434
OLLAMA_API_KEY=
# DB Proxy Layer
DB_PROVIDER=chroma
DB_URL=http://localhost:8003
DB_TENANT=default_tenant
DB_DATABASE=default_database
DB_API_KEY=Tunnel Panda now includes a modular DB proxy layer under /db. It exposes your local vector databases behind the tunnel with a unified HTTP API. You can configure multiple providers via the DB_PROVIDER and related environment variables. The proxy uses a factory pattern to load the appropriate connector.
Supported providers include:
- Chroma: HTTP server at
DB_URL, useDB_TENANTandDB_DATABASEto define the namespace. - Milvus
- Pinecone
- SQLite, Redis, PostgreSQL, MySQL, and more.
# Start a local Chroma HTTP server:
chromadb run --path /path/to/vector_db --host 127.0.0.1 --port 8003
# Configure Tunnel Panda environment:
export DB_PROVIDER=chroma
export DB_URL=http://localhost:8003
export DB_TENANT=default
export DB_DATABASE=vector_db
# Start Tunnel Panda:
npm startOnce running, you can proxy your vector DB calls through Tunnel Panda:
curl -u panda:bamboo -H "X-APP-TOKEN: super-secret-token" \
-X POST http://localhost:16014/db/reminders/query \
-H "Content-Type: application/json" \
-d '{"query_embeddings":[[0,0,0]],"n_results":5,"include":["documents","metadatas"]}'npm start # Start TunnelPanda server
npm run setup # Interactive setup wizard
npm run update # Update applicationnpm run electron # Start Electron GUI (production)
npm run electron-dev # Start Electron GUI (development)
npm run build-electron # Build distributable app
npm run dist # Create platform installersRun npm run build-electron on your platform to produce a desktop build in
dist/. You can target specific operating systems with flags:
npm run build-electron -- --mac # macOS DMG and app bundle
npm run build-electron -- --win # Windows installer
npm run build-electron -- --linux # Linux AppImage/DEB/RPMCross-building may require additional tooling (e.g. Wine for Windows packages).
npm install # Install dependencies
npm audit fix # Fix security vulnerabilitiesMIT β Built with β, bamboo, and tunnel magic.