Self-HostingConnectivity

Connectivity

Expose your self-hosted HeySummon instance to the internet.

Cloudflare Tunnel (Recommended)

Best for production. Free, custom domains, DDoS protection.

Setup

  1. Go to Cloudflare Zero Trust → Networks → Tunnels
  2. Create a tunnel named hitlaas
  3. Add a public hostname (e.g., hitlaas.yourdomain.com) pointing to http://app:3000
  4. Copy the tunnel token
  5. Run bash scripts/setup.sh and choose option 1

How It Works

Internet → Cloudflare Edge → cloudflared container → app:3000

No inbound ports needed. Outbound-only connection.

Security

  • No open inbound ports
  • All traffic encrypted
  • DDoS protection included
  • Access policies via Cloudflare Zero Trust

Tailscale Funnel

Best for internal/team use. Built on WireGuard.

Setup

  1. Enable Funnel in your ACL policy
  2. Generate a reusable auth key with tags
  3. Run bash scripts/setup.sh and choose option 2

How It Works

URL: https://hitlaas.<tailnet>.ts.net

Can restrict to Tailscale-only access using --serve instead of --funnel.

Ngrok

Best for quick testing. URL changes on restart (free tier).

Setup

  1. Create account at ngrok.com
  2. Copy auth token
  3. Run bash scripts/setup.sh and choose option 3

Notes

  • Free URLs are random and change on restart
  • Update NEXTAUTH_URL when URL changes
  • Paid plans offer custom domains and IP restrictions
  • Inspect traffic at http://localhost:4040

Direct / Manual

If you have a VPS with a public IP or your own reverse proxy:

docker compose up -d

Configure your reverse proxy (Nginx, Caddy, etc.) to forward traffic to port 3000.

Docker SetupSetup Wizard