STVC Webhook A Distributed Reverse-Proxy System
Self-hosted · Open architecture

Bring your local services to the public internet — on your own terms.

STVC Webhook is a distributed reverse-proxy system you run yourself. A central Server on your public infrastructure accepts persistent connections from one or many Clients behind NAT, firewalls, or private networks — and securely multiplexes real HTTP traffic to them in real time.

Get started See how it works
  • HTTP/1.1 · HTTP/2 · HTTP/3
  • WebSocket tunnel
  • TLS & cert pinning
  • YARP-friendly
  • No database
Why STVC Webhook

Built for engineers who want control back.

Every byte flows through infrastructure you own. No third-party traffic inspection, no quotas, no surprise pricing pages.

Truly self-hosted

Deploy the Server on any VPS, dedicated host, or your own datacenter. There is no STVC cloud — you are the cloud.

Hardened transport

End-to-end TLS on both legs, API-key auth, optional certificate pinning, and per-key mapping restrictions.

Multiplexed tunnel

One persistent WebSocket carries many concurrent requests. Bodies stream in 64 KiB chunks up to 16 MiB per frame.

Modern HTTP

Choose HTTP/1.1, HTTP/2, or HTTP/3 (QUIC) for the tunnel. The public listener negotiates with ALPN.

Many clients, one gateway

Each client claims a unique mapping URI. Route /api, /dev, /iot — all from one server.

YARP-ready

Drop the Server behind YARP (or any reverse proxy). Forwarded headers and known proxies are first-class.

Zero database

Configuration lives in a single config.json. Boot fast, ship faster, audit easily.

Faithful headers

All non-hop-by-hop headers pass through both ways. The gateway adds X-Forwarded-For, X-Real-IP, and friends.

How it works

One persistent tunnel. Real HTTP on both ends.

The Client establishes an outbound WebSocket to the Server. From then on, every public request is framed, multiplexed, and answered — bidirectionally streamed — without opening a single inbound port on your network.

  1. 1

    Client connects out

    The Client opens GET /_stvc/tunnel to the Server with X-API-Key and X-Mapping-Uri. No inbound firewall rules required.

  2. 2

    Server validates & registers

    Key is checked against config.json. The mapping URI is reserved. A HelloAck frame confirms the session.

  3. 3

    Public traffic arrives

    Anyone calls https://yourdomain/api/anything. The Server matches the prefix and converts it into a Request + BodyChunk frames.

  4. 4

    Client dispatches locally

    The Client forwards to your real local endpoint, e.g. http://127.0.0.1:8080/api/anything, with all original headers.

  5. 5

    Streamed response

    ResponseHead + body chunks flow back over the same tunnel. The visitor receives a normal HTTP response — they never know there's a tunnel.

Architecture

Two components. Both yours.

The Server is the public face. The Client is the bridge to your private services. They communicate over a single, authenticated, multiplexed tunnel.

Public side

STVC Webhook · Server

  • Public listener — accepts inbound HTTP(S) on the port you choose.
  • Tunnel listener — accepts authenticated WebSocket connections from clients.
  • API key registry — per-key allowed mappings & public prefix rewrites.
  • Forwarded headers — trust upstream proxies (e.g. YARP) cleanly.
  • Status endpointGET /_stvc/status lists active tunnels.
Private side

STVC Webhook · Client

  • Outbound only — opens a single WebSocket; no inbound ports needed.
  • Local target — forwards to any IPv4/IPv6 endpoint, HTTP or HTTPS.
  • Cert pinning — pin the server's TLS leaf by SHA-256 fingerprint.
  • Auto-reconnect — configurable retry interval after drops.
  • Stable identity — optional ClientId for observability.

Not a cloud service. Self-hosted by design.

STVC Webhook is software you run on infrastructure you control. There is no managed offering, no shared tenancy, and no traffic ever transits a vendor's network. Run the Server on a $5 VPS, on a Raspberry Pi at the edge, in Kubernetes, or on bare metal — the project ships you the components and stays out of your way.

Use cases

What you'll build with it.

Webhooks for local development

Point Stripe, GitHub, or any provider at a stable public URL while your handler runs on localhost.

Demo & preview environments

Share work-in-progress with stakeholders without deploying. Each branch gets its own mapping URI.

Edge & IoT bridging

Reach devices behind carrier-grade NAT. The client opens out, the server stays reachable in.

Hybrid private APIs

Expose internal services through a hardened public gateway you fully audit and control.

Multi-tenant routing

Issue per-tenant API keys, restrict each to its own mapping prefix, and rewrite public paths transparently.

Resilient field deployments

Auto-reconnecting clients survive flaky uplinks. Configure retry intervals to match your SLOs.

Get started

Up and running in two terminals.

Clone the solution, drop your settings into config.json, and run both projects with the .NET CLI.

Build the solution 
# Restore + compile both Server and Client
dotnet build STVC-Webhook.sln
Terminal 1 · Server (your public host) 
dotnet run --project src/STVC.Webhook.Server

# Listens on the public + tunnel ports from config.json
Terminal 2 · Client (anywhere on the planet) 
dotnet run --project src/STVC.Webhook.Client

# Forwards public traffic to your local service
# e.g. http://127.0.0.1:8080
Try it 
curl https://your-public-host/my-app/anything

# → tunneled to http://127.0.0.1:8080/my-app/anything
# → response streamed back through the same WebSocket
Contact

Questions, feedback, or partnership?

Reach out directly — every message is read.

stevatech.stvc@gmail.com