Access your agent's web UI from anywhere and share it with others — secure remote access with automatic HTTPS and SSO, powered by HLE (Home Lab Everywhere).
When to use
Use this skill when the user wants to:
- Access their agent's Control UI (port 18789) remotely — from a phone, laptop, or another network
Share their agent UI with a friend or collaborator via SSO (Google, GitHub)
Expose any local service the agent manages — Home Assistant, Grafana, Portainer, Jupyter, dev servers
Manage tunnel access control (SSO, PIN, share links, basic auth)
Do not use this skill for general networking, port forwarding within a LAN, or VPN setup.
Setup
Before exposing services, the user needs an HLE account and API key:
1. Sign up at https://hle.world and create an API key in the dashboard
Run hle auth login to save the key (opens browser), or set the HLE_API_KEY environment variable
Check auth status with hle auth status.
Usage
Access your agent UI remotely
CODEBLOCK0
The command runs in the foreground and prints the public URL (e.g. https://my-agent-x7k.hle.world). Anyone you --allow can log in via Google or GitHub SSO — no account sharing needed.
Expose services your agent manages
CODEBLOCK1
List active tunnels
CODEBLOCK2
Access control
CODEBLOCK3
Common options for hle expose
Flag
Description
INLINECODE6
Local service URL (required)
INLINECODE7
Subdomain label (e.g. my-agent -> my-agent-x7k.hle.world) |
| --auth sso\|none | Auth mode (default: sso) |
| --allow EMAIL | Allow email for SSO access (repeatable) |
| --websocket/--no-websocket | WebSocket proxying (default: on) |
| --verify-ssl | Verify local service SSL cert |
| --upstream-basic-auth USER:PASS | Inject Basic Auth to upstream |
| --forward-host | Forward browser Host header to local service |
Run with Docker
If Docker is available, you can run HLE as a container instead of installing the CLI.
Headless (tunnels only, no UI)
CODEBLOCK4
With Web UI
CODEBLOCK5
Open http://localhost:8099 to manage tunnels from a browser.
Docker Compose
CODEBLOCK6
Important notes
- The hle expose command runs in the foreground. To run as a background service, use nohup, tmux, screen, or a process manager.
Self-signed certificates on local services are accepted by default (no --verify-ssl needed).
The public URL format is https://<label>-<user_code>.hle.world.
By default, only you (the account owner) can access the tunnel. Use --allow to grant access to others via SSO.
API key can be set via --api-key flag, HLE_API_KEY env var, or ~/.config/hle/config.toml.
Installation
If hle is not installed:
CODEBLOCK7
HLE 隧道
随时随地访问您的代理 Web 界面,并与他人共享——通过 HLE(家庭实验室无处不在) 提供自动 HTTPS 和 SSO 支持的远程安全访问。
