Skip to content
Codux Codux AI

Web Tunnel Browser

Web Tunnel Browser lets a Codux Desktop controller open web apps that are running on a paired remote host. It is designed for dev servers such as Vite, Next.js, Astro, Rails, Laravel, or any other HTTP app that binds to the host machine.

When you click the globe Web Tunnel Browser button in a remote project, Codux opens a proxy-isolated Chromium browser. That browser sends HTTP, HTTPS, WebSocket, and HMR traffic through the encrypted Iroh link to the host.

If the host runs a dev server at:

http://127.0.0.1:5173/

that address is the host’s localhost, not the desktop controller’s localhost. Open the same URL in Web Tunnel Browser and Codux resolves it on the host side.

The same tunnel also works for:

  • localhost and 127.0.0.1 services running on the host
  • LAN addresses reachable from the host
  • .local names
  • VPN routes visible to the host
  • development domains bound by the host’s DNS or /etc/hosts
  • HTTPS, WebSocket, and HMR upgrade traffic

Every codux-agent 2.0+ host serves a built-in diagnostic page:

http://127.0.0.1:8765/

Click the globe Web Tunnel Browser button. Codux opens this page by default so you can verify:

  • tunnel health
  • live round-trip latency
  • whether the browser is actually using the Web Tunnel proxy

Testing on one computer still exercises the same tunnel path. To verify real cross-machine reachability, run codux-agent on a different machine and connect to it from Codux Desktop.

Codux intentionally opens a Chromium-based browser with a temporary, proxy-isolated profile. This keeps the Web Tunnel proxy separate from your normal browser session and avoids changing your system browser proxy settings.

Codux tries installed Chromium browsers in this order on macOS:

  1. Google Chrome
  2. Chromium
  3. Microsoft Edge
  4. Brave Browser

If none is available, Codux shows an error instead of falling back to Safari or the system default browser, because Safari cannot reliably launch a per-window proxy-isolated session.

The local 127.0.0.1 proxy listener on the controller is only the browser entry point into the encrypted tunnel. It is not the target server and does not mean the requested URL is resolved on the controller. The target host, DNS, and network reachability are evaluated by the paired Codux host.