DASHBOARD
System overview — auto-refreshes every 10 s
Total Users
—
registered accounts
Admins
—
admin accounts
LIVE
Active Sessions
—
logged in now
Total Tunnels
—
lifetime (all users)
—
Active Tunnels
—
Active Connections
—
Total Bytes RX
—
Total Bytes TX
LIVE
Active Sessions
—
your login sessions
Your Tunnels
—
lifetime
Quick Connect
HTTP
ms-client -T http -l 8080 -t TOKEN
HTTPS
ms-client -T https -l 443 -t TOKEN
TCP/SSH
ms-client -T tcp -l 22 -n myhost -t TOKEN
UDP
ms-client -T udp -l 27015 -t TOKEN
Auto-reconnect
ms-client -T http -l 3000 -R --log-file /var/log/ms.log -t TOKEN
USERS
Manage registered accounts
Registered Users
| ID | Username | Role | Status | Token (preview) | Created | Last Login | Tunnels | Sessions | Actions |
|---|---|---|---|---|---|---|---|---|---|
ACTIVE SESSIONS
Currently logged-in users — click to revoke
MY TOKEN
Your tunnel authentication token
Auth Token
—
⚠ Keep this secret. Anyone with this token can create tunnels under your account.
Example Commands
HTTP
ms-client -T http -l 8080 -t TOKEN
HTTPS
ms-client -T https -l 443 -t TOKEN
TCP
ms-client -T tcp -l 22 -n ssh-box -t TOKEN
UDP
ms-client -T udp -l 27015 -t TOKEN
w/ Log File
ms-client -T http -l 3000 -R --log-file /var/log/ms.log -t TOKEN
MY PROFILE
Account info & settings
Account Info
Change Password
ADD USER
Create a new account
New User
AUDIT LOG
Recent admin actions
Log Entries (newest first)
Loading…
CLIENT SETUP
One-click install & TLS certificate download
① Install Client
One-liner
Manual
Download binary from server or build from source:
apt-get install build-essential libssl-dev && make
② Download Server Certificate
Certificate
Save to
~/.config/minisocket/server-cert.pem
(auto-used by setup.sh)
Note
If your server uses Let's Encrypt, skip this step — system trust store is used automatically.
For self-signed certs, download and place this file on your client machine.
③ Client Config File
Select cert mode:
④ Connect
⑤ Automated Setup Script
Run this
What it does
✓ Installs dependencies (apt/dnf/brew)
✓ Downloads & installs minisocket-client binary
✓ Downloads server certificate →
✓ Creates config file →
✓ Tests TLS connection
✓ Registers as systemd service (optional)
✓ Downloads & installs minisocket-client binary
✓ Downloads server certificate →
~/.config/minisocket/server-cert.pem✓ Creates config file →
~/.config/minisocket/client.conf✓ Tests TLS connection
✓ Registers as systemd service (optional)
Download
⑥ Environment Variables
ℹ
Precedence order (highest → lowest):
CLI flags
›
config file
›
environment variables.
Use
MS_TOKEN or MS_TOKEN_FILE to keep secrets out of shell history.
| Variable | Description | Copy |
|---|---|---|
| Authentication | ||
MS_TOKEN
★ SECRET
|
Auth token — recommended for secrets, keeps token out of process list & shell history | |
MS_TOKEN_FILE
|
Path to a file containing the token — useful for Docker secrets or credential files | |
| Connection | ||
MS_SERVER |
Server address / hostname | |
MS_PORT |
Server port | |
MS_LOCAL_PORT |
Local port to forward | |
MS_LOCAL_ADDR |
Local address to bind / forward to | |
MS_TYPE |
Tunnel type — http / https / tcp / udp |
|
MS_SUBDOMAIN |
Requested subdomain name | |
| TLS / mTLS | ||
MS_TLS_CA |
Custom CA bundle path — for self-signed or private CA certs | |
MS_TLS_CERT
mTLS
|
Client certificate path for mutual TLS authentication | |
MS_TLS_KEY
mTLS
|
Client private key path for mutual TLS authentication | |
| Behavior & Logging | ||
MS_RECONNECT |
Set to 1 to enable auto-reconnect on disconnect |
|
MS_LOG_LEVEL |
Log verbosity: 0=quiet 1=errors 2=info 3=debug |
|
| Systemd Integration | ||
CREDENTIALS_DIRECTORY
systemd
|
Base directory set by systemd LoadCredential=.
When present, client auto-reads token from $CREDENTIALS_DIRECTORY/ms_token
|
|
⑦ Environment Variable Examples
Basic HTTP
Token via env, one-shot connect
# Export vars, then run client export MS_TOKEN=your_token_here export MS_SERVER=example.com export MS_TYPE=http export MS_LOCAL_PORT=8080 minisocket-client
Token File
Token stored in a file — keeps secrets off the command line
# Write token to a file with restricted permissions echo "your_token_here" > ~/.config/minisocket/token chmod 600 ~/.config/minisocket/token export MS_TOKEN_FILE=~/.config/minisocket/token export MS_SERVER=example.com export MS_TYPE=http export MS_LOCAL_PORT=3000 minisocket-client
Self-signed TLS
Custom CA bundle for self-signed certificate
export MS_TOKEN_FILE=~/.config/minisocket/token export MS_SERVER=example.com export MS_TYPE=https export MS_LOCAL_PORT=443 export MS_TLS_CA=~/.config/minisocket/server-cert.pem minisocket-client
mTLS
Mutual TLS with client certificate + key
export MS_TOKEN_FILE=~/.config/minisocket/token export MS_SERVER=example.com export MS_TYPE=https export MS_LOCAL_PORT=443 export MS_TLS_CA=~/.config/minisocket/ca.pem export MS_TLS_CERT=~/.config/minisocket/client.crt # mTLS export MS_TLS_KEY=~/.config/minisocket/client.key # mTLS minisocket-client
Systemd Unit
Secure credential injection via systemd LoadCredential
# /etc/systemd/system/minisocket.service [Unit] Description=MiniSocket Tunnel After=network-online.target [Service] Type=simple # systemd securely injects token — CREDENTIALS_DIRECTORY auto-set LoadCredential=ms_token:/etc/minisocket/token Environment=MS_SERVER=example.com Environment=MS_TYPE=http Environment=MS_LOCAL_PORT=8080 Environment=MS_RECONNECT=1 Environment=MS_LOG_LEVEL=2 ExecStart=/usr/local/bin/minisocket-client Restart=on-failure [Install] WantedBy=multi-user.target
Docker
Pass env vars at runtime — never bake token into image
docker run --rm \ -e MS_TOKEN_FILE=/run/secrets/ms_token \ -e MS_SERVER=example.com \ -e MS_TYPE=http \ -e MS_LOCAL_PORT=8080 \ -e MS_RECONNECT=1 \ --secret ms_token \ minisocket-client