Sharing Local Services

broch share creates a public HTTPS tunnel to a service running on your local machine. The tunnel stays open as long as the CLI process is running.

What You Can Share

Any HTTP or HTTPS service reachable from the machine running the CLI. The --target URL controls both where the connection is made and the Host header sent to your local app.

# Standard local dev server
broch share my-app --target http://localhost:3000

# Local app that expects a specific hostname (e.g. virtual hosting or mkcert)
broch share my-app --target http://myapp.local:3000

# Local HTTPS with a self-signed cert
broch share my-app --target https://localhost:8443

# A service on another machine on your network
broch share staging --target http://192.168.1.50:8080

The hostname in --target matters. The proxy rewrites the Host header to whatever hostname you specify in the target URL. If your local app uses virtual hosting, enforces Host header matching, or was set up with a custom local domain (e.g. via /etc/hosts or mkcert), use that hostname in --target rather than localhost.

You can run multiple tunnels simultaneously — each gets its own public URL:

broch share frontend --target http://localhost:5173
broch share api --target http://localhost:8080

Tunnel URLs

Tunnel URLs follow the format {name}-{slug}.tunnels.yourcompany.com. Set your slug once with:

broch user slug yourname

After that, broch share my-app always produces my-app-yourname.tunnels.yourcompany.com.

For details on what the proxy rewrites and known limitations, see Proxy Behavior & Limitations.