Home Lab Everywhere — Expose homelab services to the internet with built-in SSO
Project description
HLE Client
Home Lab Everywhere — Expose homelab services to the internet with built-in SSO authentication and WebSocket support.
One command: hle expose --service http://localhost:8080
Your local service gets a public URL like myapp-x7k.hle.world with automatic HTTPS and SSO protection.
Install
pip (or pipx)
pip install hle-client
# or
pipx install hle-client
Curl installer
curl -fsSL https://get.hle.world | sh
Installs via pipx (preferred), uv, or pip-in-venv. Supports --version:
curl -fsSL https://get.hle.world | sh -s -- --version 1.13.1
Homebrew
brew install hle-world/tap/hle-client
Quick Start
-
Sign up at hle.world and create an API key in the dashboard.
-
Save your API key:
hle auth login
This opens the dashboard in your browser. Copy your key and paste it at the prompt. The key is saved to ~/.config/hle/config.toml.
- Expose a service:
hle expose --service http://localhost:8080
CLI Usage
hle expose
Expose a local service to the internet.
hle expose --service http://localhost:8080 # Basic usage
hle expose --service http://localhost:8080 --label ha # Custom subdomain label
hle expose --service http://localhost:3000 --auth none # Disable SSO
hle expose --service http://localhost:8080 --no-websocket # Disable WS proxying
hle expose --service http://localhost:8080 --allow user@gmail.com # Allow a specific user
hle expose --service http://localhost:8080 --allow google:user@gmail.com --allow github:dev@co.com
Options:
--service— Local service URL (required)--label— Service label for the subdomain (e.g.ha→ha-x7k.hle.world)--auth— Auth mode:sso(default) ornone--allow— Allow an email to access the tunnel (repeatable). Format:emailorprovider:email--websocket/--no-websocket— Enable/disable WebSocket proxying (default: enabled)--verify-ssl— Enable SSL certificate verification for the local service (default: off, accepts self-signed)--upstream-basic-auth USER:PASS— Inject Basic Auth into requests forwarded to the local service--forward-host— Forward the browser's Host header to the local service--api-key— API key (also readsHLE_API_KEYenv var, then config file)
hle auth
Manage your API key.
hle auth login # Save key (opens dashboard)
hle auth login --api-key hle_xxx # Save key non-interactively
hle auth status # Show current key source
hle auth logout # Remove saved key
hle tunnels
List your active tunnels.
hle tunnels
hle access
Manage per-tunnel email allow-lists for SSO access.
hle access list myapp-x7k # List access rules
hle access add myapp-x7k friend@example.com # Allow an email
hle access add myapp-x7k dev@co.com --provider github # Require GitHub SSO
hle access remove myapp-x7k 42 # Remove rule by ID
hle pin
Manage PIN-based access control for tunnels.
hle pin set myapp-x7k # Set a PIN (prompts for 4-8 digit PIN)
hle pin status myapp-x7k # Check PIN status
hle pin remove myapp-x7k # Remove PIN
hle share
Create and manage temporary share links.
hle share create myapp-x7k # 24h link (default)
hle share create myapp-x7k --duration 1h # 1-hour link
hle share create myapp-x7k --max-uses 5 # Limited uses
hle share create myapp-x7k --label "demo" # Label for reference
hle share list myapp-x7k # List share links
hle share revoke myapp-x7k 42 # Revoke a link
hle basic-auth
Manage HTTP Basic Auth access control for tunnels.
hle basic-auth set myapp-x7k # Set credentials (prompts for username & password)
hle basic-auth status myapp-x7k # Check Basic Auth status
hle basic-auth remove myapp-x7k # Remove Basic Auth
Global Options
hle --version # Show version
hle --debug ... # Enable debug logging
Configuration
The HLE client stores configuration in ~/.config/hle/config.toml:
api_key = "hle_your_key_here"
API key resolution order:
--api-keyCLI flagHLE_API_KEYenvironment variable~/.config/hle/config.toml
Development
git clone https://github.com/hle-world/hle-client.git
cd hle-client
uv venv && source .venv/bin/activate
uv pip install -e ".[dev]"
# Run tests
pytest
# Lint
ruff check src/ tests/
ruff format --check src/ tests/
License
MIT — see LICENSE.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file hle_client-1.13.1.tar.gz.
File metadata
- Download URL: hle_client-1.13.1.tar.gz
- Upload date:
- Size: 47.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
df5ec32427604dad53f619412783a86a72e11ff0a6f94677364da2711d1623ed
|
|
| MD5 |
b1c7ad0a54bebaca2bef6fe7aadeb7b7
|
|
| BLAKE2b-256 |
2b66d4c277ed7eaddf03579a0e565328ac8c4a4a9b0ed59c967d44ee40a5c089
|
File details
Details for the file hle_client-1.13.1-py3-none-any.whl.
File metadata
- Download URL: hle_client-1.13.1-py3-none-any.whl
- Upload date:
- Size: 26.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8e5075ea5ec30d871f6fe34bb3a82bcf458e01c6ac06fa70d13ef387b40b3e99
|
|
| MD5 |
ae181ceacabedc3627fbcb3aec10b4de
|
|
| BLAKE2b-256 |
ada05e45804477a8e86903bedec99508af92132382f56066616bd53726e521fa
|
