Postgres tunnel

info

Available only with a subscription.

Overview

Postgres tunnel allows you to provide access to a PostgreSQL database and track executed SQL queries in the inspector.

note

Postgres tunnels are designed for debugging and working locally or in test environments, they do not support SSL connections, so you need to use sslmode=disable. We do not recommend using this type of tunnels in production environments.

Examples

note

You can view all current flags, hints, and examples by calling help:

tuna postgres --help

Almost all flags have corresponding environment variables.

Basic example

tuna postgres 5432

With IP address

tuna postgres 10.0.0.1:5432

Specifying a token

You can specify a particular token using the --token flag or the TUNA_TOKEN environment variable. Overriding follows the configuration ordering policy.

tuna postgres 5432 --token=tt_***

Specifying a connection region

You can specify a particular region using the --location/-l flag or the TUNA_LOCATION environment variable. Overriding follows the configuration ordering policy.

tuna postgres 5432 --location=nl

Static port

The value of the --port/-p flag can be an alias or an assigned port. You can reserve ports in the dashboard, and after restarting the tunnel the address will remain the same. For more details about ports, see the dedicated guide.

tuna postgres 5432 --port=postgres
tuna postgres 5432 --port=35000

IP subnet access restriction

You can define a whitelist of subnets in CIDR format:

tuna postgres 5432 --cidr-allow="10.0.0.1/32"

Or prohibit access from specific subnets:

tuna postgres 5432 --cidr-deny="10.0.0.1/32"

You can combine them, for example specify a wide network and subtract private IPs:

tuna postgres 5432 --cidr-allow="10.0.0.1/24" --cidr-deny="10.0.0.33/32"

You can also pass lists separated by commas:

tuna postgres 5432 --cidr-allow="10.0.0.1/24,192.168.0.1/24" --cidr-deny="10.0.0.33/32,192.168.0.33/32"

Query inspector

The request inspector lets you debug incoming requests, view headers and other information that can make application development easier. It is controlled by the --inspect flag or the TUNA_INSPECT environment variable.

Configuration

The request inspector is enabled by default and is available at http://127.0.0.1:4040. If port 4040 is busy, the next free port will be selected. The address or port can be overridden using the TUNA_INSPECT_ADDR environment variable or the inspectAddr parameter in the configuration file.

TUNA_INSPECT_ADDR=0.0.0.0 — listen on all interfaces
TUNA_INSPECT_ADDR=0.0.0.0:8080 — listen on all interfaces on port 8080; if the port is busy, the next free one will be selected
TUNA_INSPECT_ADDR=8080 — listen on 127.0.0.1 on port 8080; if the port is busy, the next free one will be selected

The resulting address will be printed to the console at startup:

Interface

On the left, a list of sessions is displayed, and on the right, the output of commands that were executed within the sessions.

Overview​

Examples​

Basic example​

With IP address​

Specifying a token​

Specifying a connection region​

Static port​

IP subnet access restriction​

Query inspector​

Configuration​

Interface​