https://github.com/andydunstall/pico Skip to content Navigation Menu Toggle navigation Sign in * Product + Actions Automate any workflow + Packages Host and manage packages + Security Find and fix vulnerabilities + Codespaces Instant dev environments + Copilot Write better code with AI + Code review Manage code changes + Issues Plan and track work + Discussions Collaborate outside of code Explore + All features + Documentation + GitHub Skills + Blog * Solutions For + Enterprise + Teams + Startups + Education By Solution + CI/CD & Automation + DevOps + DevSecOps Resources + Learning Pathways + White papers, Ebooks, Webinars + Customer Stories + Partners * Open Source + GitHub Sponsors Fund open source developers + The ReadME Project GitHub community articles Repositories + Topics + Trending + Collections * Pricing Search or jump to... Search code, repositories, users, issues, pull requests... Search [ ] Clear Search syntax tips Provide feedback We read every piece of feedback, and take your input very seriously. [ ] [ ] Include my email address so I can be contacted Cancel Submit feedback Saved searches Use saved searches to filter your results more quickly Name [ ] Query [ ] To see all available qualifiers, see our documentation. Cancel Create saved search Sign in Sign up You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert {{ message }} andydunstall / pico Public * Notifications * Fork 5 * Star 359 * A reverse proxy to connect to external networks (tunnelling) License MIT license 359 stars 5 forks Branches Tags Activity Star Notifications * Code * Issues 0 * Pull requests 0 * Actions * Security * Insights Additional navigation options * Code * Issues * Pull requests * Actions * Security * Insights andydunstall/pico This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository. main BranchesTags Go to file Code Folders and files Name Name Last commit Last commit message date Latest commit History 143 Commits .github .github agent agent assets/images assets/images build build cli cli docs docs monitoring/ monitoring/ dashboards dashboards pkg pkg server server status status tests tests workload workload .gitignore .gitignore .golangci.yml .golangci.yml LICENSE LICENSE Makefile Makefile README.md README.md go.mod go.mod go.sum go.sum main.go main.go View all files Repository files navigation * README * MIT license Pico Build Pico is an open-source alternative to Ngrok, designed to serve production traffic and be simple to host (particularly on Kubernetes). Such as you may use Pico to expose services in a customer network, a bring your own cloud (BYOC) service or to connect to IoT devices. The proxy server may be hosted as a cluster of nodes for fault tolerance, scale and zero downtime deployments. Upstream services connect to Pico and register endpoints. Pico will then route requests for an endpoint to a registered upstream service via its outbound-only connection. This means you can expose your services without opening a public port. Incoming HTTP(S) requests identify the ID of the target endpoint using either the Host header or an x-pico-endpoint header. If multiple upstream services have registered the same endpoint, Pico load balances requests for that endpoint among the registered upstreams. overview Contents * Design Goals * Getting Started * Docs Design Goals Production Traffic Pico is designed to serve production traffic rather than as a tool for testing and development. Such as you could use Pico to: * Access customer networks * Build a bring your own cloud (BYOC) solution * Access IoT devices To support this, Pico may run as a cluster of nodes in order to be fault tolerant, scale horizontally and support zero downtime deployments. It also has observability tools for monitoring and debugging. Hosting Pico is built to be simple to host on Kubernetes. A Pico cluster may be hosted as a Kubernetes StatefulSet behind a HTTP load balancer or Kubernetes Gateway. Upstream service connections and proxy client requests may be load balanced to any node in the cluster and Pico will manage routing the requests to the correct upstream. Secure Upstream services connect to Pico via an outbound-only connection. Pico will then route any requests to the upstream via that connection. Therefore the upstream never has to open a port to listen for requests. Pico supports authenticating upstream services before they can register endpoints. Since Pico can be self-hosted, you can host it in the same network as your proxy clients so never accept requests from an external network. Such as you may have authenticated upstream services register from the Internet over TLS, then only provide an internal route for proxy clients in the same network as Pico. Getting Started See Getting Started. Docs * Getting Started * Architecture + Overview * Manage + Overview + Configure + Kubernetes + Observability About A reverse proxy to connect to external networks (tunnelling) Topics golang http http-proxy reverse-proxy tunneling Resources Readme License MIT license Activity Stars 359 stars Watchers 2 watching Forks 5 forks Report repository Releases 1 tags Packages 0 No packages published Languages * Go 99.7% * Other 0.3% Footer (c) 2024 GitHub, Inc. Footer navigation * Terms * Privacy * Security * Status * Docs * Contact * Manage cookies * Do not share my personal information You can't perform that action at this time.