How to Create Your First HTTPS Tunnel in 30 Seconds

ASD CLI creates secure HTTPS tunnels from your local machine to the internet. With one command, you get a public URL for any local service — no port forwarding, no firewall rules, no certificates to manage. This guide gets you from zero to a working tunnel in under a minute.

What you'll build

By the end of this guide, you'll have a local web server accessible via a public HTTPS URL that anyone can open in their browser.

Your laptop                    The internet
localhost:3000  ──SSH tunnel──▶  https://app-abc123.cicd.eu1.asd.engineer
                                 (public, HTTPS, auto-certificate)

Prerequisites

• A terminal (Linux, macOS, or Windows)
• A local service running on any port, or we'll start one

Step 1: Install ASD CLI

Run the one-line installer for your platform:

Linux / macOS:

curl -fsSL https://raw.githubusercontent.com/asd-engineering/asd-cli/main/install.sh | bash

Windows (PowerShell):

powershell -ExecutionPolicy Bypass -c "irm https://raw.githubusercontent.com/asd-engineering/asd-cli/main/install.ps1 | iex"

After installation, verify it works:

asd --version

Step 2: Start a local server

If you already have a local dev server running (Next.js, Vite, Django, Rails, etc.), skip to Step 3. Otherwise, start a quick test server:

Python:

python -m http.server 3000

Node.js:

npx serve -p 3000

Confirm it works by visiting http://localhost:3000 in your browser.

Step 3: Expose it

One command creates the tunnel:

asd expose 3000

You'll see output like:

Local:  http://localhost:3000
Caddy:  http://app.localhost
Tunnel: https://app-abc123.cicd.eu1.asd.engineer

That's it. The tunnel URL is public, HTTPS-secured with an automatic certificate, and works from anywhere in the world. Share it with a teammate, paste it into a webhook config, or open it on your phone.

Step 4: Customize the URL (optional)

Give your tunnel a recognizable name:

asd expose 3000 --name myapp

Result:

Tunnel: https://myapp-abc123.cicd.eu1.asd.engineer

The --name sets a prefix in the URL, making it easier to identify when you have multiple tunnels running.

Managing your tunnels

See what's running and stop tunnels when you're done:

# List all active tunnels
asd expose list

# Stop a specific tunnel
asd expose stop myapp

# Stop by port
asd expose stop 3000

Example asd expose list output:

myapp
    Port:     3000
    Local:    http://myapp.localhost
    Tunnel:   https://myapp-abc123.cicd.eu1.asd.engineer
    Status:   ✅ Online
    Uptime:   🕐 2h 15m

Authentication setup

Before using tunnels, you need credentials. Choose the method that fits your use case:

Quick testing (no account needed):

# Get 5-minute ephemeral credentials
curl -X POST https://asd.engineer/functions/v1/create-ephemeral-token

For longer sessions:

Create tunnel credentials at asd.host → Account → Tunnel Tokens, then set them in your .env file:

ASD_TUNNEL_TOKEN=your-token
ASD_TUNNEL_USER=your-user

How it works under the hood

When you run asd expose 3000, three things happen:

1. ASD starts a local Caddy reverse proxy (if not already running)
2. An SSH tunnel connects your machine to the ASD cloud
3. ASD cloud provides a public HTTPS URL with automatic certificates

Browser → HTTPS → ASD Cloud → SSH Tunnel → Caddy (local) → localhost:3000

Your service stays on your machine. The tunnel encrypts all traffic. The HTTPS certificate is provisioned automatically.

What's next

• Expose Local Services — multiple services, custom subdomains, and the asd.yaml workflow
• Configure asd.yaml — project configuration for daily development
• Add Basic Authentication — protect your tunnel with a password