Skip to main content

Web dashboard

Every raba instance ships with a web dashboard, served by the same binary as the tunnels themselves — no separate service to run, no separate port to open (it's reachable at your instance's own domain, alongside your tunneled projects).

What's in it

  • Projects — create, list, delete, and regenerate secrets for HTTP/TCP/UDP projects, see which are currently online (a live signal from whether a Client is actually connected, not just "exists in the database").
  • Traffic stats — request count, requests/sec, average connection duration, and bytes in/out, per project or rolled up per team, over a configurable trailing window. The same data raba stats shows from the CLI.
  • Request logs — a paginated log of completed connections per project (metadata only — see Byte-level forwarding & privacy for what is and isn't captured).
  • Teams — membership, per-team roles, invite links, and the custom-domain setup flow (add a domain, see the DNS records to add, verify once they're in place).
  • Settings — instance-wide configuration (whether public signup is allowed) and user management, for instance admins.

Auth

The dashboard uses its own session mechanism (a short-lived, httpOnly, Secure, SameSite=Strict JWT cookie) — separate from the Personal Access Tokens the CLI uses and the opaque secrets Clients use to authenticate tunnel connections. Logging into the dashboard doesn't give you a PAT, and a PAT can't log you into the dashboard; they're deliberately non-interchangeable.