Drip LogoDrip

All Commands

Complete list of available commands and flags.

Tunnel Commands

drip http

Expose a local HTTP server:

bash
drip http <port> [flags]
FlagShortDescriptionDefault
--subdomain-nCustom subdomain(auto-generated)
--address-aLocal address to forward to127.0.0.1
--transportTransport protocol (auto/tcp/wss)auto
--daemon-dRun in backgroundfalse
--server-sServer address(from config)
--token-tAuthentication token(from config)
--authHTTP Basic Auth passwords (comma-separated)(none)
--allow-ipAllow only these IPs/CIDRs(none)
--deny-ipBlock these IPs/CIDRs(none)
--verbose-vVerbose outputfalse
--insecure-kSkip TLS verificationfalse

Examples:

bash
# Basic HTTP tunnel
drip http 3000

# Custom subdomain
drip http 3000 -n myapp

# Forward to LAN device
drip http 8080 -a 192.168.1.100

# Run in background
drip http 3000 -d

# With HTTP Basic Auth
drip http 3000 --auth secret123

# With IP restriction
drip http 3000 --allow-ip 192.168.0.0/16

# Use WebSocket transport (CDN-friendly)
drip http 3000 --transport wss

drip https

Expose a local HTTPS server (same flags as drip http):

bash
drip https <port> [flags]

Use this when your local server already has TLS configured.

drip tcp

Expose a TCP service (same flags as drip http, except --auth):

bash
drip tcp <port> [flags]

Examples:

bash
# PostgreSQL
drip tcp 5432

# MySQL
drip tcp 3306

# SSH
drip tcp 22

# Redis with IP restriction
drip tcp 6379 --allow-ip 10.0.0.0/8

Predefined Tunnels

drip start

Start predefined tunnels from config file:

bash
drip start [tunnel-names...] [flags]
FlagShortDescription
--all-aStart all configured tunnels

Examples:

bash
# List available tunnels
drip start

# Start a specific tunnel
drip start web

# Start multiple tunnels
drip start web api db

# Start all configured tunnels
drip start --all

Configuration example (~/.drip/config.yaml):

yaml
tunnels:
  - name: web
    type: http
    port: 3000
    subdomain: myapp

  - name: api
    type: http
    port: 8080
    subdomain: api
    transport: wss

  - name: db
    type: tcp
    port: 5432
    allow_ips:
      - 192.168.0.0/16

Daemon Management

drip list

List all running background tunnels:

bash
drip list [flags]
FlagShortDescription
--interactive-iInteractive selection mode

Aliases: drip ls, drip ps, drip status

Output shows:

  • Tunnel type (HTTP/HTTPS/TCP)
  • Local port
  • Public URL
  • Process ID (PID)
  • Uptime

drip attach

Attach to a running tunnel's logs:

bash
drip attach [type] [port]

Examples:

bash
# Attach to specific tunnel
drip attach http 3000
drip attach tcp 5432

# Interactive selection (if no args)
drip attach

Press Ctrl+C to detach (tunnel keeps running).

Aliases: drip logs, drip tail

drip stop

Stop running tunnels:

bash
drip stop <type> <port>
drip stop all

Examples:

bash
# Stop specific tunnel
drip stop http 3000

# Stop all running tunnels
drip stop all

Alias: drip kill

Configuration

drip config init

Interactive configuration setup:

bash
drip config init

Prompts for:

  1. Server address (e.g., tunnel.example.com:443)
  2. Authentication token

drip config show

Display current configuration:

bash
drip config show [flags]
FlagDescription
--fullShow full token (not masked)

drip config set

Set configuration values:

bash
drip config set [flags]
FlagDescription
--serverServer address
--tokenAuthentication token

Examples:

bash
drip config set --server tunnel.example.com:443
drip config set --token YOUR_SECRET_TOKEN

drip config reset

Delete configuration file:

bash
drip config reset [flags]
FlagDescription
--forceSkip confirmation

drip config validate

Validate configuration:

bash
drip config validate

Checks:

  • Server address format (host:port)
  • Token presence
  • TLS settings

Server Commands

drip server

Start the Drip server:

bash
drip server [flags]
FlagShortDescriptionDefault
--port-pServer listening port8443
--public-portPort shown in URLssame as --port
--domain-dServer domaintunnel.localhost
--token-tAuthentication token(required)
--tls-certTLS certificate path(required if TLS enabled)
--tls-keyTLS private key path(required if TLS enabled)
--tls-enabledEnable TLStrue
--tcp-port-minMin TCP tunnel port20000
--tcp-port-maxMax TCP tunnel port20100
--metrics-tokenToken for /metrics endpoint(optional)
--debugEnable debug loggingfalse
--pprofEnable pprof on port(disabled)
--config-cConfig file path/etc/drip/config.yaml

Examples:

bash
# Direct TLS mode
drip server \
  --port 443 \
  --domain tunnel.example.com \
  --tls-cert /path/to/cert.pem \
  --tls-key /path/to/key.pem \
  --token YOUR_SECRET_TOKEN

# Behind reverse proxy (no TLS)
drip server \
  --port 8443 \
  --domain tunnel.example.com \
  --tls-enabled=false \
  --public-port 443 \
  --token YOUR_SECRET_TOKEN

# Using config file
drip server --config /etc/drip/config.yaml

drip server config

Display server configuration:

bash
drip server config [flags]
FlagDescription
--fullShow full tokens (not masked)

Other Commands

drip version

Print version information:

bash
drip version [flags]
FlagDescription
--shortPrint version without styling

Global Flags

These flags work with all tunnel commands:

FlagShortDescription
--server-sServer address
--token-tAuthentication token
--verbose-vVerbose output
--insecure-kSkip TLS verification

Environment Variables

Configuration can also be set via environment variables:

VariableDescription
DRIP_SERVERServer address
DRIP_TOKENAuthentication token
DRIP_TLSEnable TLS (true/false)

Priority: Command flags > Environment variables > Config file

Exit Codes

CodeMeaning
0Success
1General error
2Configuration error
3Connection error
4Authentication error

Reconnection Behavior

The client automatically reconnects on connection loss:

  • Max attempts: 5 retries
  • Retry interval: 3 seconds between attempts
  • Non-retryable errors: Authentication failures, subdomain conflicts

Errors that stop reconnection:

  • "subdomain is already taken"
  • "subdomain is reserved"
  • "invalid subdomain"
  • "Invalid authentication token"
Docker DeploymentServer Configuration