Table of Content
Table of Content
Raspberry Pi is a popular platform for running lightweight web applications — Node-RED dashboards, Python Flask data loggers, Grafana monitoring interfaces, custom IoT control panels, NodeJS apps and API services. These apps are immediately useful on the local network, but making them accessible from the internet hits the same wall that all Raspberry Pi remote access scenarios face: the Pi is behind a NAT router, and there’s no practical way to expose an HTTP port to the public without port forwarding (often impossible with CGNAT) or a static IP (often unavailable or expensive).
TL;DR — Expose your Raspberry Pi web app in 3 steps:
- Start your web app on the Pi (e.g.,
node myapp.json port 3000) - Install SocketXP and run
socketxp connect http://localhost:3000 - SocketXP returns a permanent public HTTPS URL — share it or open it from any browser, anywhere
No port forwarding, no static IP, no reverse proxy configuration, no VPN.

The Core Problem: Pi Web Apps Are Not Internet-Reachable by Default
A web app running on localhost:3000 on your Raspberry Pi is only accessible from devices on the same local network. The Pi has a private IP address (192.168.x.x or 10.x.x.x) that is not routable from the internet. Options like port forwarding require a public IP on your router — which many ISPs don’t provide (CGNAT), and which changes frequently even when available.
SocketXP solves this with a secure HTTP/HTTPS reverse proxy tunnel: the SocketXP agent on the Pi initiates an outbound TLS connection to the SocketXP cloud gateway, which assigns a permanent public HTTPS URL to your app. Requests to that URL are forwarded through the tunnel to your Pi’s local HTTP port — no router changes, no firewall rules, no static IP.
Step 1: Run Your Web Application on the Raspberry Pi
Any HTTP server running locally on the Pi works. Here are two common examples.
NodeJS Web App (Express / http module)
$ cat myapp.js
var http = require('http');
http.createServer(function (req, res) {
res.writeHead(200, {'Content-Type': 'text/html'});
res.write("<h2>Hello from Raspberry Pi!</h2>");
res.end();
}).listen(3000);
$ node myapp.js
Verify locally: open http://localhost:3000 in a browser on the Pi.
Python Flask Web App
$ cat myapp.py
from flask import Flask
app = Flask(__name__)
@app.route('/')
def hello():
return '<h2>Hello from Raspberry Pi!</h2>'
if __name__ == '__main__':
app.run(host='127.0.0.1', port=3000, debug=True)
$ python myapp.py

Step 2: Install the SocketXP Agent on Your Raspberry Pi
Step 2.1: Download and Install
Follow the download and install instructions to install the SocketXP agent on your Raspberry Pi. The agent provides arm (32-bit) and arm64 (64-bit) binaries for all Pi models.
Step 2.2: Get Your Authentication Token
Sign up at the SocketXP Web Portal and retrieve your authentication token.

Authenticate the SocketXP agent:
$ socketxp login [your-auth-token-goes-here]
Step 3: Create an HTTPS Tunnel to Your Raspberry Pi Web App
Run the following command to create a secure HTTPS tunnel from SocketXP’s cloud gateway to your web app’s local port:
$ socketxp connect http://localhost:3000 Public URL -> https://679aa48b-1162-44f7-b6c6-59129dd68b58.socketxp.com
SocketXP assigns a permanent public HTTPS URL to your web application. This URL does not change between agent restarts and remains active until you manually remove it from the portal.
Access Your Web App from Any Browser, Anywhere
Open the public URL in any browser on any device — laptop, phone, tablet — from anywhere in the world:

You can share this URL with colleagues, embed it in a mobile app, or use it as a webhook endpoint.
Common Raspberry Pi Web App Use Cases
Node-RED Dashboard Remote Access
Node-RED runs on port 1880 by default. Expose it:
$ socketxp connect http://localhost:1880 Public URL -> https://679aa48b-1162-44f7-b6c6-59129dd68b58.socketxp.com
Access your Node-RED dashboard from any browser worldwide.
Home Assistant Remote Access
Home Assistant typically runs on port 8123:
$ socketxp connect http://localhost:8123 Public URL -> https://679aa48b-1162-44f7-b6c6-59129dd68b58.socketxp.com
Grafana Dashboard Remote Access
Grafana runs on port 3000 by default:
$ socketxp connect http://localhost:3000 Public URL -> https://679aa48b-1162-44f7-b6c6-59129dd68b58.socketxp.com
Remotely Access and Download Files from Raspberry Pi
A Python Flask file server lets you access any file on the Pi remotely via the SocketXP public URL:
$ cat get_files.py
from flask import Flask, send_from_directory
app = Flask(__name__)
@app.route('/<path:path>')
def serve_file(path):
return send_from_directory('/', path)
if __name__ == '__main__':
app.run(host='127.0.0.1', port=3000, debug=True)
$ python get_files.py $ socketxp connect http://localhost:3000
Use curl or a browser to download any file from the Pi:
$ curl https://679aa48b-1162-44f7-b6c6-59129dd68b58.socketxp.com/var/log/syslog $ curl https://679aa48b-1162-44f7-b6c6-59129dd68b58.socketxp.com/home/pi/data/sensor_readings.csv
This is useful for retrieving logs, sensor data files, captured images, or configuration backups from a remote Raspberry Pi without needing SSH.
Why SocketXP Outperforms ngrok and Tailscale for Raspberry Pi Web App Access
| Criterion | ngrok | Tailscale | SocketXP |
|---|---|---|---|
| Permanent public HTTPS URL | No (changes on restart, free tier) | No | Yes |
| Works behind CGNAT | Yes | Yes | Yes |
| Session time limits | Yes (free tier) | No | No |
| IoT fleet management portal | No | No | Yes |
| Remote OTA updates | No | No | Yes |
| Device monitoring | No | No | Yes |
| Scales to 10,000+ Pi devices | Not designed for IoT | Mesh complexity | Native IoT architecture |
| Access without VPN client | Yes | No | Yes |
ngrok is a development tool — URLs change on every restart unless you pay for a reserved domain, the free tier imposes session limits, and there is no IoT device management. For production Raspberry Pi web app deployments, ngrok is unsuitable.
Tailscale creates a mesh VPN and requires installing the Tailscale client on every device that needs access to the web app. It provides no HTTPS URL, no IoT fleet management, and no OTA update delivery.
SocketXP provides a permanent HTTPS URL for your Raspberry Pi web app, scales to tens of thousands of devices, and is part of a complete IoT Remote Access and Device Management platform — covering SSH, VNC, HTTP, OTA updates, and device monitoring from a single portal.
Security Best Practices
- Restrict access using SocketXP’s RBAC to limit which users can reach your Pi’s web app public URL
- Enable authentication at the application layer — add login/session handling to your Flask or Express app so the public URL is not open to anonymous users
- Use HTTPS only — SocketXP’s public URLs are always HTTPS; never expose sensitive Pi web apps over plain HTTP
- Rotate your SocketXP auth token periodically; revoke tokens for decommissioned Pi devices immediately
- Run SocketXP as a systemd service so the tunnel auto-restarts after reboots and network disruptions
Web App Types Supported on Raspberry Pi
SocketXP’s HTTP tunnel works with any web application framework that serves HTTP on a local port:
- NodeJS: Express, Fastify, Koa, http module
- Python: Flask, FastAPI, Django, Bottle, aiohttp
- Go: net/http, Gin, Echo, Fiber
- Java: Spring Boot, Jetty, Tomcat
- Ruby: Sinatra, Rails
- Dashboards: Node-RED, Grafana, Home Assistant, Jupyter Notebook, Streamlit
- Servers: NGINX, Apache (if running locally on the Pi)
Conclusion
Exposing a web application running on a Raspberry Pi to the internet is a one-command operation with SocketXP: socketxp connect http://localhost:<port>. The agent creates a secure outbound HTTPS tunnel, SocketXP assigns a permanent public URL, and your Pi’s web app is immediately accessible from any browser worldwide — no port forwarding, no static IP, no router configuration.
For production deployments managing web apps across multiple Raspberry Pi devices, SocketXP’s portal provides centralized access control, device health monitoring, and OTA update delivery alongside the HTTP tunneling capability — all from a single lightweight agent on each Pi.
For the complete Raspberry Pi remote access solution — SSH, VNC, headless setup, Windows, Mac, and mobile — see the full SocketXP solution page.
Frequently Asked Questions (FAQs)
General FAQs About IoT Remote Access
What is IoT remote access and why is it important?
IoT remote access allows you to securely connect to and manage devices (like Raspberry Pi, ESP32, BeagleBone, or industrial gateways) over the internet. It’s essential for developers and enterprises to update firmware, debug issues, monitor logs, or control devices deployed in remote locations without physically being there.
Why is remote access to microcontroller boards or embedded Linux devices challenging?
Most IoT devices sit behind NAT routers or firewalls, making them unreachable directly over the internet. Setting up port forwarding or static IPs can be complex and insecure. Solutions like SocketXP remove these hurdles by providing secure tunneling without reconfiguring networks.
How does SocketXP make remote IoT access easier compared to VPNs or port forwarding?
Unlike VPNs like Tailscale, SocketXP doesn’t require installing a VPN client on every access device. It creates a permanent public HTTPS URL for your web app and scales to tens of thousands of IoT devices without network-level reconfiguration.
Security & Networking FAQs
Is remote access to IoT devices safe?
It can be unsafe if done via insecure methods like port forwarding. SocketXP ensures safety by using TLS-encrypted tunnels, access tokens, and role-based access control, protecting devices against unauthorized access.
What are the risks of using port forwarding for IoT devices?
Port forwarding exposes your device to the public internet, making it vulnerable to brute force attacks, malware, and unauthorized logins. SocketXP eliminates this risk by not exposing any public IP or open port.
How does SocketXP ensure secure remote connections?
SocketXP uses end-to-end encrypted tunnels (TLS 1.2/1.3), token-based authentication, and allows fine-grained access control. It ensures that only authorized users can connect, keeping devices safe from cyberattacks.
Device & Platform-Specific FAQs
Which Raspberry Pi models support web app remote access with SocketXP?
All Raspberry Pi models — Pi Zero W, Pi Zero 2W, Pi 3, Pi 4, Pi 5 — are supported. SocketXP provides arm (32-bit) and arm64 (64-bit) agent binaries for all models.
Can I expose multiple web apps on the same Raspberry Pi?
Yes. Run socketxp connect for each local port. Each gets its own permanent public HTTPS URL. You can expose SSH (port 22), Node-RED (port 1880), and Grafana (port 3000) simultaneously from the same Pi.
Pricing & Business FAQs
Is SocketXP free to use?
SocketXP offers a free tier for developers and hobbyists with limited devices. Paid plans unlock more devices, features, and enterprise support.
Does SocketXP offer a free trial for IoT developers?
Yes. You can try SocketXP for free and later upgrade to paid plans as your deployment grows.
Can I use SocketXP for commercial IoT products?
Yes. SocketXP supports enterprise deployments, OEM integrations, and white-label options for commercial products.