The Fastest Way to Give Claude Code (or Cursor) an HTTPS URL on Your Laptop

A 60-second walkthrough: install rustunnel, expose your local server over HTTPS, and drop the URL straight into Claude Code's MCP config or Cursor's extension. The MCP server tunnel for Claude Code, end-to-end.

João Henrique·May 11, 2026·6 min read

Claude Code, Cursor, Windsurf, and the rest of the AI coding agents need an HTTPS URL. They speak MCP (the Model Context Protocol) over HTTPS, they call your local servers when you wire up tools, and they sometimes — increasingly often — need to reach a webhook on your laptop while you're iterating. localhost doesn't cut it. They need a real URL with a real cert.

This post is the shortest path from a Rust binary install to a working https://... URL pasted into Claude Code's MCP config. Total time: about 60 seconds, most of which is waiting on brew install.

We'll cover:

The 60-second install + tunnel.
Wiring the URL into Claude Code (MCP).
Wiring the URL into Cursor (web fetch + custom tools).
The same flow for Claude Desktop, Windsurf, and any other MCP host.
What to do when your laptop sleeps (the bit nobody documents).

The 60-second install + tunnel

# macOS (Homebrew)
brew install joaoh82/rustunnelcli/rustunnel
 
# Linux
curl -fsSL https://rustunnel.com/install.sh | sh

Sign up at rustunnel.com/register and grab a token (the free Hobby tier is fine — 2 concurrent tunnels, random subdomains).

# Start a tunnel pointing at your local MCP server on :3333
rustunnel http 3333 \
  --token rt_xxxxxxxxxxxxxxxxxxxxxxxx

Output:

✓ Connected to eu.edge.rustunnel.com
✓ Tunnel up: https://small-otter-9f3a.eu.rustunnel.com → http://localhost:3333
  Press Ctrl+C to close.

That HTTPS URL is real. Real DNS, real Let's Encrypt cert, no --insecure flag, no Cloudflare warning interstitial. Paste it anywhere a service expects a URL.

If you want a stable URL that survives between sessions (so Claude Code's MCP config doesn't need updating every morning), upgrade to the pay-as-you-go tier ($3/month minimum, pricing breakdown here) and add --subdomain my-mcp:

rustunnel http 3333 \
  --token rt_xxxxxxxxxxxxxxxxxxxxxxxx \
  --subdomain my-mcp
# → https://my-mcp.eu.rustunnel.com

Wiring into Claude Code

Claude Code reads MCP server definitions from ~/.claude/claude_desktop_config.json (and per-project claude.json). The tunnel URL goes in the httpUrl field for HTTP-transport MCP servers:

{
  "mcpServers": {
    "my-local-mcp": {
      "transport": "http",
      "httpUrl": "https://my-mcp.eu.rustunnel.com",
      "headers": {
        "Authorization": "Bearer dev-token"
      }
    }
  }
}

Restart Claude Code. The new server appears in the MCP server list (/mcp slash command). Test it by asking the agent to call one of your tools — Claude will hit the rustunnel URL, rustunnel forwards it to your laptop's :3333, your MCP server responds, the answer flows back.

There's a more detailed guide at docs/guides/claude-plugin covering the rustunnel-as-MCP-server angle (where Claude can open tunnels itself), but for the local-MCP-server-needs-an-HTTPS-URL case, the JSON above is the whole thing.

Wiring into Cursor

Cursor's MCP config lives at ~/.cursor/mcp.json (or in Cursor Settings → Features → MCP). The shape is the same as Claude Code:

{
  "mcpServers": {
    "my-local-mcp": {
      "url": "https://my-mcp.eu.rustunnel.com"
    }
  }
}

For Cursor's Web tool (the agent's web-fetch capability), no config is needed — paste the rustunnel URL into chat and Cursor will call it.

Wiring into Claude Desktop, Windsurf, OpenClaw, anything else

The pattern is identical. Every MCP host accepts url (or httpUrl / endpoint / address — the spec is consolidating but the names vary). Drop in https://<your-tunnel>.eu.rustunnel.com. Done.

For a longer walkthrough on the inverse flow — where the AI agent itself calls rustunnel's MCP server to open and close tunnels on demand — see MCP Tunnel for Claude Code: How AI Agents Open Tunnels for You. The two posts complement each other: this one is "give Claude my localhost"; that one is "let Claude give itself a tunnel".

What about authentication?

The tunnel URL is public. Anyone with the URL can hit your local MCP server. Two ways to lock it down:

1. Bearer token in the MCP host config. Most MCP hosts (Claude Code, Cursor) let you add headers. Set Authorization: Bearer <secret> in the host config and check it in your MCP server. The secret never leaves your laptop's MCP server config + the MCP host config — both local files.

2. rustunnel basic_auth flag (managed cloud only):

rustunnel http 3333 \
  --basic-auth user:s3cret \
  --subdomain my-mcp

Now the tunnel itself rejects unauthenticated requests with a 401 before they reach your laptop. Browser-friendly, but most MCP hosts don't speak basic auth — option 1 is the realistic answer.

The bit nobody documents — what happens when your laptop sleeps?

You close the lid, you walk away for coffee, you come back. The tunnel disconnected when the WiFi died. Two failure modes:

Free tier: the random subdomain is gone. The next rustunnel http 3333 gets a new random subdomain. Claude Code's config still points at the old one — 502 forever.

Paid tier with --subdomain: the subdomain is stable, but the tunnel takes ~2 seconds to reconnect after rustunnel http 3333 is re-run. Claude Code retries failed tool calls, so this is mostly invisible — but if you start an MCP-heavy session at exactly the wrong moment, you'll get a transient error.

Production-grade fix: run rustunnel as a launchd / systemd service that auto-restarts:

# macOS — drop into ~/Library/LaunchAgents/com.rustunnel.mcp.plist
<?xml version="1.0" encoding="UTF-8"?>
<plist version="1.0">
<dict>
  <key>Label</key>
  <string>com.rustunnel.mcp</string>
  <key>ProgramArguments</key>
  <array>
    <string>/opt/homebrew/bin/rustunnel</string>
    <string>http</string>
    <string>3333</string>
    <string>--token</string>
    <string>rt_xxxxxxxxxxxxxxxxxxxxxxxx</string>
    <string>--subdomain</string>
    <string>my-mcp</string>
  </array>
  <key>RunAtLoad</key>
  <true/>
  <key>KeepAlive</key>
  <true/>
</dict>
</plist>

launchctl load ~/Library/LaunchAgents/com.rustunnel.mcp.plist

Now the tunnel comes back up automatically when you wake the laptop. The MCP server itself needs the same treatment (or to be running in tmux / screen).

Why this matters

LLM coding agents are the single biggest growth driver in the developer-tools market right now, and every one of them needs an HTTPS URL to your localhost for tool use, MCP, webhooks, and live preview. ngrok works for this — but it's $8/month, the URL is random, and you don't own the relay.

rustunnel is the same shape with three differences: the binary is 8 MB of Rust, the cloud is pay-as-you-go ($0 at idle), and there's an MCP server so the agent can drive the tunnel itself.

Next steps

Get the rustunnel CLI (90-second install)
Read the MCP server guide (let the agent open tunnels for you)
Read the Claude plugin guide (deeper Claude Code integration)
Star us on GitHub

TL;DR. brew install joaoh82/rustunnelcli/rustunnel → rustunnel http <port> --subdomain my-mcp → paste the resulting https://... URL into Claude Code's mcpServers config. Done. Then drop a launchd plist on it so it survives a closed laptop lid.