Share your local web app globally

Developing a web app locally is easy; showing it to the world usually is not. The traditional route is to deploy to a remote server behind a reverse proxy like Caddy or nginx, then keep the remote copy synchronized, upgraded and restarted every time you change something.

There is a lighter way. Keep running your app on your own machine — say on http://localhost:5000 — and forward it out over a single SSH command. No server to rent, nothing to configure remotely.

How it works

Point an SSH remote-forward at app@ssh.my-ns.me:

ssh -R80:localhost:5000 app@ssh.my-ns.me

On your first login with a given SSH key, a Bitcoin Lightning invoice is shown right in the terminal (as text and as a QR code). Pay it once — 1000 satoshi — and your key is admitted for good. You immediately receive a permanent subdomain of the form <name>.app.my-ns.me, where <name> is a random 4-letter shortname. (The invoice itself expires after 1 hour — if it lapses, the next login simply shows a fresh one.)

Payment is tied to the SSH key, not to an account — there is no signup, no login, no password. As long as you connect with the same key, the same subdomain stays yours for the lifetime of the project. HTTPS for your subdomain is terminated by our reverse proxy, so visitors reach your local app at https://<name>.app.my-ns.me.

Port 80 above is just a convention — you are forwarding your plain HTTP server to the remote side, and the proxy wraps it in TLS.

For scripts and AI agents

The onboarding works without an interactive terminal, so it can be driven by a script or by an LLM agent. The invoice is printed on a stable line — Please pay: <bolt11> — that you can grep for:

ssh app@ssh.my-ns.me </dev/null | grep 'Please pay:'

If you are wiring this up from an autonomous agent, there is a machine-readable guide with the exact steps (get the invoice, pay it or hand it to the user, then bring up the tunnel): /SKILL.md.

SSH host keys

On the very first connect ssh cannot know this server's identity and asks you to trust an unverified fingerprint. You can do better: this page is served over HTTPS, so pin the host keys through it before connecting — the prompt then never appears, and later connects are verified:

curl -s https://app.my-ns.me/known_hosts >> ~/.ssh/known_hosts

The /known_hosts fragment is generated from the live host keys. If you prefer to answer the first-use prompt manually, compare the fingerprint it shows against this list:

SHA256:mL8pdWH4vfP7tfjMnbm0/GqH3fwrtZH2C2TwyrxpRBU (ecdsa-sha2-nistp256)
SHA256:BoNo8doPQP1G8Su1NH6XLP+uzQj73PvJHuTSzl2XPqc (ssh-rsa)
SHA256:17T0vjZHyr/vjOmxs8T+dAK3j+cSXdhFCNYnzOcrUVQ (ssh-ed25519)