Trust

NeedPorts security model

Understand what NeedPorts exposes, how the outbound tunnel works, what metadata is needed to operate the service, and how to safely publish SSH, APIs, dashboards, and Docker apps.

Core model

NeedPorts provides public reachability through an outbound tunnel. You choose which local services and local ports are forwarded to your assigned public endpoint. NeedPorts does not automatically expose your LAN, Docker network, or services you did not configure.

What NeedPorts can see

Assigned endpoint and public port routing.
Tunnel health, heartbeats, bandwidth, and operational events.
Connection metadata needed for reliability, support, billing, and abuse handling.

What remains encrypted

Protocols such as SSH and HTTPS remain encrypted at the protocol/application layer between the connecting client and your service. NeedPorts can route the connection, but it does not need your SSH private keys or application passwords.

Safe exposure checklist

Use SSH keys for SSH and avoid password-exposed root login.
Put authentication on dashboards and APIs.
Use HTTPS/TLS for sensitive HTTP services.
Expose one service at a time and test from another network.
Keep a private fallback path for critical administration.

Have a question before using NeedPorts?

Review the related trust pages or contact support before exposing production services.

Contact support Read guides