Skip to content
/ sarab Public

Sarab (سراب) — The Illusionist for your local ports. A clean, robust CLI that turns your localhost into a public mirage.

License

View license
26 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

meedoomostafa/sarab

BranchesTags

Repository files navigation

Sarab

Sarab is a CLI tool designed to creates temporary public URLs for local services using Cloudflare Tunnels. It automates the process of creating tunnels, DNS records, and ingress rules, providing a streamlined experience for exposing local ports to the internet.

Features

  • Instant Exposure: Quickly expose local ports (e.g., localhost:3000) to public subdomains.
  • Multi-Identity Support: Manage and switch between multiple Cloudflare API tokens.
  • Zero-Configuration: Automates DNS CNAME creation, tunnel setup, and ingress routing.
  • Automatic Cleanup: Removes tunnels and DNS records upon exit to prevent stale records.
  • Self-Contained: Distributed as a single binary with no external runtime dependencies.

Installation

Quick Install (One-Liner)

Linux / macOS:

curl -sL https://raw.githubusercontent.com/meedoomostafa/sarab/main/install.sh | bash

Windows (PowerShell):

irm https://raw.githubusercontent.com/meedoomostafa/sarab/main/install.ps1 | iex

Mobile (Termux / iSH / a-Shell):

curl -sL https://raw.githubusercontent.com/meedoomostafa/sarab/main/mobile-install.sh | bash

Note: Ensure ~/.local/bin (Linux/macOS) or the install directory (Windows) is in your PATH.

From Source

If you prefer to build from source:

Prerequisites:

  • .NET 10 SDK
  • Cloudflare Account (for API Tokens)

Linux:

git clone https://github.com/meedoomostafa/sarab.git
cd sarab
chmod +x install.sh && ./install.sh

Windows:

git clone https://github.com/meedoomostafa/sarab.git
cd sarab
.\install.ps1

Manual Build

Linux:

dotnet publish Sarab.Cli/Sarab.Cli.csproj -r linux-x64 --self-contained true -o ./publish

macOS:

dotnet publish Sarab.Cli/Sarab.Cli.csproj -r osx-x64 --self-contained true -o ./publish

Windows:

dotnet publish Sarab.Cli/Sarab.Cli.csproj -r win-x64 --self-contained true -o ./publish

Uninstallation

Linux / macOS:

curl -sL https://raw.githubusercontent.com/meedoomostafa/sarab/main/uninstall.sh | bash

Windows (PowerShell):

irm https://raw.githubusercontent.com/meedoomostafa/sarab/main/uninstall.ps1 | iex

Manual Removal:

# Linux/macOS
rm ~/.local/bin/sarab
rm -rf ~/.sarab

# Windows (PowerShell)
Remove-Item "$env:LOCALAPPDATA\sarab" -Recurse -Force

Usage

1. Initialization

Initialize the Sarab environment. This command creates the local database (~/.sarab/sarab.db) and downloads the required cloudflared binary if it is not present.

sarab init

2. Token Management

Sarab requires a Cloudflare API Token to interact with your account. You can manage multiple tokens using aliases.

Add a Token:

sarab token add <alias> <token>
  • <alias>: A unique name for this token (e.g., personal, work).
  • <token>: Your Cloudflare API Token (Permissions required: Zone.DNS, Account.Tunnel).

List Tokens: Displays all stored tokens and their status.

sarab token list

Remove a Token:

sarab token rm <alias>

3. Expose Services

The primary command to expose a local service to the internet.

sarab expose <port> [options]

Modes:

  • Quick Tunnel (Default): If no tokens are added, Sarab creates a random *.trycloudflare.com URL. No account required.
  • Authenticated Tunnel: If a token is added, Sarab uses your Cloudflare account to create a stable, named tunnel on your custom domain.

Arguments:

  • <port>: The local port number to expose (e.g., 8080).

Options:

  • --subdomain <name>: Request a specific subdomain (Authenticated mode only).
  • --identity <alias>: Use a specific token alias.
  • --local-host <url>: Override the local host address (e.g., 127.0.0.1, [::1]). Useful if localhost resolution is ambiguous.
  • --scheme <protocol>: Specify the local protocol (http or https). Default is http.
  • --no-tls-verify: Disable TLS verification for local HTTPS services (useful for self-signed certificates).

Examples:

# Expose port 3000 (standard)
sarab expose 3000

# Expose a local HTTPS service with self-signed certs
sarab expose 8000 --scheme https --no-tls-verify

# Force IPv4 binding if 'localhost' defaults to IPv6
sarab expose 5280 --local-host 127.0.0.1

# Authenticated mode: Expose port 5000 as 'api-v1.yourdomain.com'
sarab expose 5000 --subdomain api-v1 --identity work

4. SSH Tunneling

Sarab allows you to SSH into machines without a public IP using Cloudflare Tunnels.

Host Machine (The one being accessed): Expose port 22 with the ssh scheme.

sarab expose 22 --scheme ssh
# Output: Copied to clipboard: ssh://user@random-name.trycloudflare.com

Client Machine (The one connecting): Use the connect command. This handles the proxying automatically.

sarab connect user@random-name.trycloudflare.com
  • --identity-file (-i): Specify a private key file if needed.

Note: SSH support works in any shell (Bash, Zsh, Fish, PowerShell) as it wraps the native SSH client.

5. Maintenance

List Active Tunnels: Displays a list of active tunnels created by Sarab across all configured identities.

sarab list

Nuke (Emergency Cleanup): If Sarab was terminated forcefully and left "ghost" records, use this command to delete all tunnels and DNS records associated with Sarab.

sarab nuke
  • Warning: This will delete all resources named with the sarab- prefix.

License

MIT

About

Sarab (سراب) — The Illusionist for your local ports. A clean, robust CLI that turns your localhost into a public mirage.

Resources

Readme

License

View license

Contributing

Contributing
Activity

Stars

26 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases 7

v1.2.2 Latest
Feb 12, 2026
+ 6 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages