Skip to main content
Want SyneHQ to query data that lives only inside your network or on your laptop? Local Connections let you create a secure tunnel so your database stays private and SyneHQ can still reach it—no firewall surgery, no public exposure.

​
What you’ll do (2 minutes)

  • Create a tunnel in SyneHQ to get a secure token and port
  • Point your database connection in SyneHQ to localhost:<port>
  • Start the Rabbit Tunnel Client (CLI or Docker) to open the secure TCP tunnel

Open TCP Tunnel in SyneHQ

Create a tunnel to receive your token and port

Add a Connection

Use localhost and your tunnel port for the host/port

​
Step-by-step

  • Go to the Tcp Tunnel page (sidebar) → Tunnels
  • Click Create Tunnel to generate your token and port
  • Copy both; you’ll need them for the client
These credentials only allow access through the secure tunnel—your database itself stays private.
Create Tunnel UI
  • Navigate to Add Connection
  • Set the host to localhost
  • Set the port to the value from your tunnel
  • Enter DB credentials as usual
Add Connection UI
Using localhost makes your database appear local to SyneHQ—traffic still flows through the encrypted tunnel.
  • Install CLI via curl
  • Install CLI via wget
  • Run via Docker
curl -fsSL https://github.com/SyneHQ/rabbit.go/blob/sudo/scripts/setup.sh | bash
Only run install scripts or containers you trust. Review the script or image if your security policy requires it.
Now start the tunnel (replace placeholders). For the CLI binary:
rabbit.go tunnel --server rabbit.synehq.com:9999 --token YOUR_TOKEN --local-port 3000
  • Use your actual YOUR_TOKEN or TUNNEL_TOKEN from step 1
  • Set --local-port to your service’s real port (e.g., 5432 for Postgres, 3306 for MySQL)
That’s it—you can now query your private data from SyneHQ without exposing it to the internet.

​
What the tunnel does (plain English)

  • Creates an encrypted TCP channel from your machine/network to SyneHQ
  • Keeps your database private—no inbound rules or public endpoints required
  • Automatically reconnects with exponential backoff if the network blips
  • Works great for dev and production with health checks and graceful shutdown

​
Quick example: Local PostgreSQL

export TUNNEL_TOKEN=your-token
rabbit.go tunnel --server rabbit.synehq.com:9999 --token $TUNNEL_TOKEN --local-port 5432
SyneHQ can now talk to your local Postgres as if it were in the cloud—query, analyze, visualize.

​
Best practices

TipWhy it helps
Store tokens in env varsAvoids accidental leakage in shell history and scripts
Use limited retries in devKeeps logs clean; --max-retries 0 for dev is fine
Run under a supervisorUse Docker, systemd, or PM2 for HA and auto‑restart
Restrict DB credentialsLeast-privilege DB user reduces blast radius
export TUNNEL_TOKEN=your-token
rabbit.go tunnel --server rabbit.synehq.com:9999 --token $TUNNEL_TOKEN --local-port 3000

​
Troubleshooting

  • Verify DB accepts connections from localhost
  • Check the port matches your service (e.g., 5432 for Postgres)
  • Confirm DB user/password and database name
  • Ensure your DB SSL mode matches your setup (disable in local dev if needed)
  • Behind corporate proxies? Check proxy/SSL inspection rules
  • Prefer wired over flaky Wi‑Fi for long‑running sessions
  • Try a closer region or contact support for routing help
For advanced usage, configuration flags, and integration scenarios, see the full Rabbit Tunnel Client guide.

Tunnel Client Usage Guide

Explore advanced flags, service configs, and automation patterns