Environment Variables
List of environment variables supported by the tuna client.
Global
| Name | Description |
|---|---|
| TUNA_CONFIG | Path to the configuration file |
| TUNA_LOG | Path to the log file: /file/to/file.log, stdout, stderr (default "stdout") |
| TUNA_LOG_LEVEL | Logging level: debug, info, warn, error, fatal (default "info") |
| TUNA_LOG_FORMAT | Logging format: text, json (default "text") |
Common
| Name | Description |
|---|---|
| TUNA_PORT | Port or destination address (e.g., 8080 or 10.0.0.10:5432) |
| TUNA_TOKEN | Token for creating a tunnel |
| TUNA_LOCATION | Connection region (nl or ru) |
| TUNA_API_KEY | API key |
For HTTP tunnels
| Name | Description |
|---|---|
| TUNA_BASIC_AUTH | Add basic authentication (e.g., user:pass) |
| TUNA_CIDR_ALLOW | Reject connections that do not match the specified CIDR |
| TUNA_CIDR_DENY | Reject connections that match the specified CIDR |
| TUNA_CORS | Enable CORS headers and automatic OPTIONS request handling |
| TUNA_DOMAIN | Reserved domain |
| TUNA_FILE_SERVER | Path to directory for publishing files via HTTP |
| TUNA_FILE_SERVER_SPA | Path to directory for publishing SPA site |
| TUNA_HTTPS_REDIRECT | Redirect requests to HTTPS (true or false) |
| TUNA_INSPECT | Enable or disable request inspector (true or false) |
| TUNA_INSPECT_ADDR | Set address for the request inspector |
| TUNA_KEY_AUTH | Add authentication key passed in X-Token header |
| TUNA_POLICY_FILE | Path to configuration file with rules (default .tuna.yml) |
| TUNA_QR_CODE | Generate and display QR code |
| TUNA_RATE_LIMIT | Limit the number of requests to your application (e.g., 20 for 20 requests/sec) |
| TUNA_REQUEST_HEADER | Add headers to pass to local service (e.g., host:tuna.am) |
| TUNA_RESPONSE_HEADER | Add headers to pass to client (e.g., env:test) |
| TUNA_SUBDOMAIN | Reserved subdomain |
| TUNA_TLS_SKIP_VERIFY | Skip TLS verification |
| TUNA_VERIFY_WEBHOOK | Verify if webhooks are signed by this provider (e.g., gitlab) |
| TUNA_VERIFY_WEBHOOK_SECRET | Secret used by the provider to sign webhooks, if any |
| TUNA_WEBDAV | Path to directory for publishing files via WebDAV |
For TCP tunnels
| Name | Description |
|---|---|
| TUNA_TCP_PORT | Reserved port number or alias |
| TUNA_QR_CODE | Generate and display QR code |
| TUNA_CIDR_ALLOW | Reject connections that do not match the specified CIDR |
| TUNA_CIDR_DENY | Reject connections that match the specified CIDR |
For SSH tunnels
| Name | Description |
|---|---|
| TUNA_TCP_PORT | Reserved port number or alias |
| TUNA_SSH_AUTH | Set static username/password |
| TUNA_SSH_PASSWORD_AUTH | Enable or disable login/password authentication |
| TUNA_RECORD_SESSION | SSH session recording |
| TUNA_CIDR_ALLOW | Reject connections that do not match the specified CIDR |
| TUNA_CIDR_DENY | Reject connections that match the specified CIDR |
For TRIGGER tunnels
| Name | Description |
|---|---|
| TUNA_TCP_PORT | Reserved port number or alias |
| TUNA_TRIGGER_SMTP_USERNAME | Username for SMTP connection |
| TUNA_TRIGGER_SMTP_PASSWORD | User password for SMTP connection |
| TUNA_TRIGGER_WEBHOOK_SECRET | Secret to be verified against X-Webhook-Secret header value |
For Postgres/Redis tunnels
| Name | Description |
|---|---|
| TUNA_TCP_PORT | Reserved port number or alias |
| TUNA_QR_CODE | Generate and display QR code |
| TUNA_INSPECT | Enable or disable request inspector (true or false) |
| TUNA_INSPECT_ADDR | Set address for the request inspector |
| TUNA_CIDR_ALLOW | Reject connections that do not match the specified CIDR |
| TUNA_CIDR_DENY | Reject connections that match the specified CIDR |
Service creation and management
| Name | Description |
|---|---|
| TUNA_SERVICE_NAME | Service name |
| TUNA_SERVICE_INSTALL_USER | User under which the service will run |
| TUNA_SERVICE_INSTALL_PASSWORD | Password when specifying a different user (Windows only) |
Multiple tunnel startup
| Name | Description |
|---|---|
| TUNA_START_TUNNELS_FILE | Path to configuration file with tunnels (default .tuna.yml) |
| TUNA_START | Tunnel name to start |
| TUNA_START_TAGS | Tunnel tags to start |
| TUNA_START_ALL | Start all tunnels |
Port detection
| Name | Description |
|---|---|
| TUNA_DETECT_SECONDS | Time interval allocated for port detection |
Secrets
| Name | Description |
|---|---|
| TUNA_SECRETS_SCOPE | Directory configuration for scope (default .) |
| TUNA_SECRETS_PROJECT | Project alias |
| TUNA_SECRETS_CONFIG | Configuration alias |
| TUNA_SECRETS_FORMAT | Output format (json, yaml or env) (default json) |
| TUNA_SECRETS_NO_FILE | Print to stdout (default false) |
| TUNA_SECRETS_WATCH | Automatically restart process when secrets change (default false) |
Working with direnv
direnv is an environment variable manager for the terminal. It allows you to automatically load and unload environment variables depending on the current directory – this allows you to have environment variables specific to each project you work on.
Before each prompt, direnv checks for the presence of a .envrc file in the current and parent directories, and if the file exists, it is loaded into a bash subshell, and all exported variables are then captured by direnv and become available to the shell.
Before using direnv, you need to install it. Installation instructions are available in the official documentation. After that, create a .envrc file in your project directory with tuna settings, for example:
export TUNA_PORT=8080
export TUNA_SUBDOMAIN=my-project
When navigating to the project directory and running the tuna http command, a tunnel will be created with the settings from the .envrc file:
% tuna http
INFO[13:00:00] Welcome to Tuna
INFO[13:00:00] Account: test (Paid till 05.04.2024)
INFO[13:00:00] Web Interface: http://127.0.0.1:4040
INFO[13:00:00] Forwarding https://my-project.ru.tuna.am -> 127.0.0.1:8080