Hi HN, I built Outbound, a minimal self-hosted HTTP tunneling tool in Go.
An agent running behind a firewall opens a long-lived bidirectional gRPC stream to an edge server. The edge accepts inbound HTTP requests and forwards them over the stream to the agent, which proxies them to local services and streams the response back.
It is intentionally small: single-tenant pre-shared secret auth for agent registration, keepalives, and TLS termination handled by a reverse proxy (Caddy/nginx) in front of the edge.
I would love any feedback on the design, security assumptions, ergonomics, and what you would change or add if you were using this.
