Web dashboard
Every raba instance ships with a web dashboard, served by the same binary as the tunnels themselves — no separate service to run, no separate port to open (it's reachable at your instance's own domain, alongside your tunneled projects).
What's in it
- Projects — create, list, delete, and regenerate secrets for HTTP/TCP/UDP projects, see which are currently online (a live signal from whether a Client is actually connected, not just "exists in the database").
- Traffic stats — request count, requests/sec, average connection duration, and bytes
in/out, per project or rolled up per team, over a configurable trailing window. The same
data
raba statsshows from the CLI. - Request logs — a paginated log of completed connections per project (metadata only — see Byte-level forwarding & privacy for what is and isn't captured).
- Teams — membership, per-team roles, invite links, and the custom-domain setup flow (add a domain, see the DNS records to add, verify once they're in place).
- Settings — instance-wide configuration (whether public signup is allowed) and user management, for instance admins.
Auth
The dashboard uses its own session mechanism (a short-lived, httpOnly, Secure,
SameSite=Strict JWT cookie) — separate from the Personal Access Tokens the CLI uses and the
opaque secrets Clients use to authenticate tunnel connections. Logging into the dashboard
doesn't give you a PAT, and a PAT can't log you into the dashboard; they're deliberately
non-interchangeable.