Put your local app
on the public Internet.

Cruma gives anything running on your machine a public HTTPS URL — from a quick CLI tunnel to a full desktop app with request inspection. Free for personal dev, with paid tiers for custom domains, end-to-end encryption, and built in authentication.

01 One command
~/dev · zsh
$ cruma proxy http localhost:3000
https://random-id.tun.cruma.io LIVE

Anonymous tunnels are heavily rate-limited, not end-to-end encrypted, and end after 3 hours. Free registered tunnels remove the time cap but still don't support CNAMEs or E2E. Free is for individual, non-commercial dev use — paid plans unlock the full feature set.

cruma.app
Cruma desktop GUI showing request inspection and tunnel controls Cruma terminal UI running in a shell
§ Pricing

Start free. Upgrade when it earns its keep.

Free tunnels for quick testing, paid tunnels for custom domains, stronger privacy, and consistent performance. Free is for individual, non-commercial development use — not company-wide rollout.

Anonymous
$0no signup

Disposable quick tunnels

Best for trying Cruma fast or sharing a localhost app for a short test.

  • ·3-hour session limit
  • ·Heavily rate-limited
  • ×No custom domains
  • ×No end-to-end encryption
Free
$0registered

Persistent dev usage

Repeat use, moderate bandwidth, personal projects without the time cap. Fits 1–3 low-traffic sites.

  • No 3-hour session limit
  • Higher allowances than anonymous
  • ×No custom domains
  • ·Non-commercial use only
Pro
$10/ month

Higher priority under load

Same capabilities as Basic with priority traffic, plus multiple agents on one tunnel for multi-location load balancing.

  • Everything in Basic
  • Higher-priority traffic
  • Multi-agent / multi-region
  • Heavier daily usage

Need setup details or the upgrade path? Start with the Choose Your Path guide, Custom domains, and Security & TLS. Company, client, and team usage should be on a paid plan.

§ Why Cruma

A tunnel you can start in minutes and still keep using when your setup grows serious.

What changes with Cruma

From quick localhost links to a real paid workflow

The product is intentionally simple at the start: anonymous and free registered tunnels help you get moving, while paid plans add the pieces that matter for professional use.

  • Start free for personal, non-commercial development
  • Move to Basic or Pro for custom domains and E2E encryption
  • Stay in the CLI, use the TUI, or switch to the desktop app
01
Local-first instead of cloud-first

Run a tunnel from your terminal, use config files for multiple services, and avoid turning a simple localhost share into a dashboard-heavy workflow.

02
Clear upgrade boundary

Free is for individual, non-commercial development. Paid plans are where custom domains, stronger privacy, and sustained professional use begin.

03
Agent-side TLS when it matters

On paid plans, custom domains terminate TLS on the agent so payloads stay encrypted end-to-end. Assigned Cruma hostnames can also move to agent-side termination when certificates are ready.

04
Built for small teams and homelabs

Focused on developer tunnels, staging links, internal tools, and self-hosted services rather than a full enterprise edge platform. No policy engine. No ceremony.

§ Choose your path

Three ways people use Cruma.

Pick the track that matches what you're doing today. Move up whenever you want custom domains, multiple services, or a tighter setup.

Beginner
01

Get a site or local app online fast

Best for webhook testing, WIP demos, and quick localhost sharing without touching DNS or firewall rules.

  • Anonymous mode for short disposable tests
  • Free registered tunnels for ongoing personal development
  • Good fit for Stripe, GitHub, Slack, and local preview links
Intermediate
02

Run custom domains and multiple services

Where Cruma becomes a paid workflow for professional developers, shared demos, internal tools, and client-facing staging.

  • Basic is the first serious paid tier at $5/month
  • Add CNAMEs and route several hostnames through one agent
  • Agent-side TLS for end-to-end encrypted custom domains
Advanced
03

Harden and scale the tunnel setup

For homelabs, isolated services, scripted tunnel management, and heavier daily use where Pro's priority traffic is useful.

  • Split projects by tunnel for cleaner isolation
  • Config files, middleware, and multiple targets
  • Add CAA, pinning, or mTLS if your threat model requires it
Service scope

Cruma is designed for developer tunnels, internal tools, homelabs, and shared staging — not a large enterprise policy platform. No complex policy engine, no formal SLA.

Regions

Two PoPs: EU-North (FI) and US-East. Agents keep HTTP/2 and QUIC channels open to the closest region with automatic reconnects on link failure.

§ Roadmap

What we're building next.

Planned work now that Cruma is live and the core platform is in production.

PlannedR1

Kubernetes ingress

Ship a Cruma Ingress/Gateway controller so cluster services get HTTPS endpoints exposed through cruma.io automatically.

AvailableR2

Desktop app

Configure and manage tunnels directly from your machine. We'll keep improving and adding features.

PlannedR3

Raw UDP & TCP tunneling

Native TCP & UDP tunnel support for game servers, custom protocols, and other non-HTTP workloads. Planning one or more public IPv6 addresses per tunnel.

PlannedR4

Cruma Open SDK

Let applications create tunnels programmatically for ephemeral preview environments.

§ Downloads

Pick your platform. Install the agent.

The latest tunnel agent is a single binary. Use our installer scripts or grab raw artifacts.

Windows agent

Download the tunnel agent

Download cruma.exe for Windows.

Prefer automation? Open PowerShell and run:

irm https://files.cruma.io/files/tunnel-agent/install/cruma.psm1 | iex ; Install-CrumaTunnel

Uninstall with:

irm https://files.cruma.io/files/tunnel-agent/install/cruma.psm1 | iex ; Uninstall-CrumaTunnel
Run with PowerShell

Getting started

Once installed, run it in your preferred terminal:

cruma

Prefer the TUI? Run cruma --tui. For full docs visit cruma.io/docs.

Broader Windows distribution through WinGet and other package managers is in progress.

§ Comparison

How Cruma stacks up.

Cruma is a focused tunnel for developers, small teams, and homelabs. We optimize for fast setup, local-first tooling, and privacy options rather than enterprise policy suites. For anonymous tunnels Cruma terminates TLS at our edge; on subscribed plans TLS terminates on the agent (or your own proxy) for end-to-end encryption. Custom domains (CNAMEs) require a Basic or Pro subscription. High-level comparison with Cloudflare Tunnel and ngrok based on publicly documented features.

Legend Available ~Limited / extra config $Paid plans ×Not available
Feature Cruma Cloudflare Tunnels ngrok
Account-free quick tunnels
YesAnonymous mode for quick tunnels without an account. Aggressively rate-limited for fair usage.
YesSupported via "Quick Tunnels" at trycloudflare.com. Aggressively rate-limited; relaxed with a free account.
×
NoRequires an account and auth token.
Custom domains with E2E encryption
$
Yes (subscribed)Create a CNAME pointing to your tunnel's assigned domain. The agent terminates TLS locally and forwards to your app. Requires a paid subscription.
×
No (for E2E)Custom domains supported, but HTTP(S) terminates at Cloudflare's edge using Cloudflare-managed certs, so plaintext is visible at that point.
$
PaidCustom domains on paid plans (see pricing).
Multi-endpoint
YesServe any number of endpoints using different hostnames.
YesServe any number of endpoints using different hostnames.
$
PaidMultiple endpoints on paid plans only.
Protocol forwarding
~
TCPTCP forwarding today; UDP is on the roadmap.
TCP & UDPcloudflared supports UDP forwarding (Warp/QUIC proxies require Zero Trust setup).
~
TCPngrok's public service currently supports TCP forwarding.
Agent uplink protocols
QUIC + HTTP/2Agents maintain TLS-encrypted QUIC and HTTP/2 sessions for lower latency and better resilience.
QUIC + HTTP/2cloudflared can use QUIC uplinks and HTTP/2 over TLS in supported configs.
~
HTTP/2ngrok speaks HTTP/2 to its control plane; no public QUIC uplink.
Local UX & tooling
TUI + desktop appDesktop app for configuration and request inspection, plus a terminal-based TUI. Headless mode available.
~
CLI + hosted dashboardConfigured via CLI and Cloudflare's Zero Trust dashboards; no full-featured local web UI.
~
CLI + remote inspectorRequest inspector and many config options live in the cloud dashboard.
HTTP request inspection
Local UIInspection in both the TUI and the desktop app; request logs never leave your machine.
~
Zero Trust dashboardsRoutes through Cloudflare's edge so logs live in their SaaS; no local inspector.
×
Remote-onlyPrimary inspector UI runs in their cloud dashboard.
Serve local directories
Built-in directory serverServe a local directory directly from the agent — no nginx needed.
×
No built-in static serverRun your own web server or use Cloudflare Pages/Sites.
×
No built-in static serverRun a local server yourself and point ngrok at it.
Built-in access controls
IP allow-lists, forms & API keysAllow-list source IPs per tunnel (enforced at cruma.io), or put form-based auth or header API-key enforcement in front of any HTTP(S) backend.
~
Via Zero Trust policiesHTTP access control via Cloudflare Access and Zero Trust, managed in their SaaS control plane.
$
PaidAccess control and traffic-shaping on paid plans.
End-to-end encryption
Supported (subscribed)TLS terminates on the agent as soon as a certificate is generated (automatic), so Cruma's servers only see control-plane metadata and encrypted payloads. TLS passthrough also supported for CNAME/custom domains.
×
Not provider-blindFor standard HTTP(S) tunnels, TLS terminates at Cloudflare's edge, so plaintext is visible. Additional encryption to origin is possible, but Cloudflare remains in the trust chain.
SupportedTLS passthrough and agent-side TLS termination keep keys local.

ngrok is closest to Cruma in tunnel and security capabilities. Cruma's differentiators are terminal-first tooling, simpler setup for non-specialists, and a pricing model that aims to stay affordable for individual developers and small teams.

Comparisons based on publicly documented capabilities as of Q1 2026. Spot an error? Email [email protected] and we'll update the table.

Ready?

One command from localhost to the public web.

Anonymous tunnels need no signup. Paid plans start at $5/month.