One command gives your local dev server a public URL.
Share webhooks, demos, and APIs with anyone, instantly.
Macha (மச்சா) is a Tamil word — the way you call your closest friends. "Macha, come look at this." "Macha, got a minute?" It's warm, casual, no-ceremony. That's the vibe this tool aims for: a close friend who opens a tunnel for you, no account, no credit card, no questions asked.
Three components, zero configuration. Your app never needs to change.
Any server on localhost — Express, FastAPI, Rails, anything. Macha doesn't touch your code.
The macha agent dials out to macha.live, registers your subdomain, and pre-warms 5 idle connections so requests are instant.
Anyone visiting myapp.macha.live is transparently bridged to localhost:3000. No headers changed. WebSocket, gRPC, all protocols work.
Browser ──▶ macha.live:443 (nginx + TLS) ──▶ macha server :8080 ──▶ pre-warmed idle socket ──▶ macha agent (your laptop) ──▶ localhost:3000
The agent always dials out — so NAT and firewalls are never a problem. The server speaks to your machine through connections your machine opened.
Three steps from zero to a live public URL.
Pick your platform. No dependencies, no runtime — just a single binary.
curl -fsSL https://macha.live/install.sh | bash
Downloads a pre-built binary for Apple Silicon or Intel Mac.
curl -fsSL https://macha.live/install.sh | bash
Statically linked binary — works on any Linux (x86-64, ARM64). No libc required.
# Run in PowerShell
irm https://macha.live/install.ps1 | iex
Installs to %LOCALAPPDATA%\macha\bin and adds it to your user PATH.
cargo install macha
Requires Rust. Compiles from source — takes about a minute.
Macha works with any server — it doesn't care what language or framework you use. Just make sure it's running.
# Node.js / Express node app.js # running on :3000 # Python / FastAPI uvicorn main:app # running on :8000 # Anything else ./my-server # running on :8080
Tell it which port your app is on and what subdomain you want. That's it.
macha --port 3000 --subdomain myapp
You'll see:
Dashboard → http://127.0.0.1:4040 ✓ Tunnel: https://myapp.macha.live
Share https://myapp.macha.live with anyone. Open localhost:4040 to watch requests in real-time.
Need more options? Auth tokens, TLS, library API, custom servers —
Full documentation →Production-grade internals, simple on the outside.
localhost:4040 — method, path, size, duration, in real time.
*.macha.live subdomains are served over TLS. Your local app gets HTTPS for free.
macha to Cargo.toml and embed tunneling directly in your app.
Full control, no trust required. Your traffic stays on your infrastructure.
A VPS with Docker installed and a domain with a wildcard DNS record
(*.tunnel.yourcompany.com → your-vps-ip).
Caddy handles TLS automatically — no certificate management needed.
services:
macha:
image: ghcr.io/dhineshk/macha-server:latest
restart: unless-stopped
ports:
- "80:8080"
- "9000:9000"
- "9001:9001"
environment:
DOMAIN: tunnel.yourcompany.com
AUTH_TOKEN: change-me-to-a-long-random-secret
docker compose up -d
macha --port 3000 --subdomain myapp \
--server tunnel.yourcompany.com \
--token your-secret
The tunnel URL will read https://myapp.tunnel.yourcompany.com — fully under your domain.
| Variable | What it does | Default |
|---|---|---|
| DOMAIN | Base domain for tunnel URLs | macha.live |
| PUBLIC_SCHEME | http or https in tunnel URLs | https |
| AUTH_TOKEN | Agents must present this token to register | none (open) |
| PUBLIC_PORT | Port the public HTTP listener binds on | 8080 |
| CONTROL_PORT | Port agents use to register | 9000 |
| DATA_PORT | Port agents use for idle pool connections | 9001 |
| TLS_CERT | Path to PEM certificate for ports 9000/9001 | none |
| TLS_KEY | Path to PEM private key for ports 9000/9001 | none |
Full CLI reference, library API, TLS configuration,
auth tokens, Caddy setup guides, and more.