Chisel, a fast TCP/UDP tunnel transported over HTTP and secured via SSH, from a single self contained binary.
Chisel is a fast TCP/UDP tunnel, transported over HTTP and secured via SSH. A single self contained Go binary is both the server and the client: it multiplexes tunnelled connections over one HTTP connection and authenticates the endpoints with an SSH key exchange, so it traverses restrictive firewalls and proxies while staying end to end encrypted.
It suits teams that need to reach a service behind a firewall or NAT, forward a database or admin port to a workstation, build a lightweight encrypted jump point into a private network, or run a SOCKS capable proxy hop, all authenticated and fingerprint pinned.
cloudimg delivers Chisel fully installed and running as a server under systemd, so a tunnel endpoint is listening within minutes of launch. The image is secure by default: there is no password or server key baked in, and a unique username, password and SSH server key are generated on the machine's first boot and never shipped inside the image. The server is started with an authentication file so unauthenticated clients are rejected, and reverse tunnels are left off so clients cannot open inbound listeners on the server. The operating system ships fully patched with unattended security updates enabled, and every image includes 24/7 cloudimg support and a step by step deploy guide tested against the exact image you launch.