docs/kanban/remote-access.mdx
By default, Kanban binds to 127.0.0.1:3484 and is only accessible from the machine it's running on. This guide shows how to enable remote access for mobile devices, remote machines, or team collaboration.
To make Kanban accessible to other devices on your local network (like a phone or tablet on the same WiFi), bind to 0.0.0.0 instead of 127.0.0.1.
kanban --host 0.0.0.0
This makes Kanban available at http://<your-machine-ip>:3484 from any device on your network.
KANBAN_RUNTIME_HOST=0.0.0.0 cline
When you run cline, it will launch Kanban bound to 0.0.0.0.
Tailscale provides secure remote access without exposing ports to the internet. Once configured, you can access Kanban from your phone while on the road, from a coffee shop, or anywhere else.
KANBAN_RUNTIME_HOST=0.0.0.0 cline
http://your-machine-name.tail1234.ts.net:3484
Your Tailscale hostname is visible in the Tailscale app or admin console.
<Tip> Tailscale creates a secure mesh VPN, so your connection is encrypted and doesn't require opening any firewall ports. This is the safest option for remote access. </Tip>Run Kanban in a Docker container for isolated deployments or server environments.
FROM node:22
WORKDIR /app
EXPOSE 3484
CMD ["npx", "--yes", "kanban@latest", "--host", "0.0.0.0"]
docker build -t npx-kanban .
docker run -it -p 3484:3484 npx-kanban
Then navigate to http://localhost:3484 from your browser.
SSH tunneling creates a secure connection between your local machine and a remote server. This requires SSH access to the remote machine where Kanban is running.
On the remote machine, run Kanban normally (it can bind to 127.0.0.1):
kanban
On your local machine, create an SSH tunnel:
ssh -L 3484:localhost:3484 user@remote-hostname
Then navigate to http://localhost:3484 in your local browser. The SSH tunnel securely forwards the connection to the remote machine.
Ngrok creates a public HTTPS URL that tunnels to your local Kanban instance. Useful for quick demos or sharing with collaborators.
# Install ngrok (macOS)
brew install ngrok
# Add your auth token (create a free account at ngrok.com)
ngrok config add-authtoken $YOUR_AUTHTOKEN
# Start Kanban
kanban
# In another terminal, create the tunnel
ngrok http 3484
Ngrok will display a public URL like https://1234-5678-9012.ngrok-free.app. Share this URL to give others access to your Kanban board.
Cloudflare Tunnels provide production-grade remote access with custom domains, access controls, and HTTPS.
Follow the Cloudflare Tunnel guide to create a tunnel. Then configure your application route with these settings:
kanban)HTTPlocalhost:3484Deploy Kanban on EC2 with Cloudflare Tunnel using AWS CDK:
import * as cdk from "aws-cdk-lib/core";
import * as ec2 from "aws-cdk-lib/aws-ec2";
import * as iam from "aws-cdk-lib/aws-iam";
import { Construct } from "constructs";
export class KanbanEc2Stack extends cdk.Stack {
constructor(scope: Construct, id: string, props?: cdk.StackProps) {
super(scope, id, props);
// Tunnel token from env or CDK context
const tunnelToken =
process.env.TUNNEL_TOKEN || this.node.tryGetContext("tunnelToken");
if (!tunnelToken) {
throw new Error(
"Missing tunnel token. Set TUNNEL_TOKEN env var or pass -c tunnelToken=xxx",
);
}
// VPC + Security Group
const vpc = ec2.Vpc.fromLookup(this, "DefaultVpc", { isDefault: true });
const sg = new ec2.SecurityGroup(this, "KanbanSg", {
vpc,
allowAllOutbound: true,
description: "Kanban EC2 security group",
});
sg.addIngressRule(ec2.Peer.myIp(), ec2.Port.tcp(22), "SSH access");
// User data script
const userData = ec2.UserData.forLinux();
userData.addCommands(
"set -x",
"exec > >(tee /var/log/user-data.log) 2>&1",
// 1) Install git and cloudflared first for tunnel connectivity
"sudo dnf install -y git",
"curl -L --output /tmp/cloudflared.rpm https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-x86_64.rpm",
"sudo yum localinstall -y /tmp/cloudflared.rpm",
// 2) Start cloudflared tunnel so the instance is reachable
`sudo cloudflared service install ${tunnelToken}`,
// 3) Install Node.js 22 via NodeSource
"curl -fsSL https://rpm.nodesource.com/setup_22.x | sudo bash -",
"sudo dnf install -y nodejs",
// 4) Clone and build the app
"git clone -b main https://github.com/cline/kanban.git /opt/kanban",
// 5) Create systemd service for the kanban app
`cat > /etc/systemd/system/kanban.service << 'UNIT'
[Unit]
Description=Kanban App
After=network.target
[Service]
Type=simple
WorkingDirectory=/opt/kanban
ExecStart=/usr/bin/kanban
Restart=always
RestartSec=5
Environment=NODE_ENV=production
Environment=HOME=/root
Environment=PATH=/usr/bin:/usr/local/bin
[Install]
WantedBy=multi-user.target
UNIT`,
"systemctl daemon-reload",
"systemctl enable --now kanban.service",
);
// IAM role with SSM access
const role = new iam.Role(this, "KanbanInstanceRole", {
assumedBy: new iam.ServicePrincipal("ec2.amazonaws.com"),
managedPolicies: [
iam.ManagedPolicy.fromAwsManagedPolicyName(
"AmazonSSMManagedInstanceCore",
),
],
});
// EC2 Instance
const instance = new ec2.Instance(this, "KanbanInstance", {
vpc,
instanceType: ec2.InstanceType.of(
ec2.InstanceClass.T3,
ec2.InstanceSize.SMALL,
),
machineImage: ec2.MachineImage.latestAmazonLinux2023(),
securityGroup: sg,
vpcSubnets: { subnetType: ec2.SubnetType.PUBLIC },
associatePublicIpAddress: true,
userData,
role,
});
// Outputs
new cdk.CfnOutput(this, "InstanceId", { value: instance.instanceId });
new cdk.CfnOutput(this, "PublicIp", {
value: instance.instancePublicIp,
});
}
}
Deploy with:
TUNNEL_TOKEN=<your_tunnel_token> cdk deploy
| Method | Security | Complexity | Use Case |
|---|---|---|---|
| Local Network | Low (LAN only) | Easy | Phone/tablet on same WiFi |
| Tailscale | High (encrypted VPN) | Easy | Remote access from anywhere |
| Docker | Medium (isolated) | Medium | Server deployments |
| SSH Tunnel | High (encrypted) | Medium | Secure remote access |
| Ngrok | Low (public URL) | Easy | Temporary demos/sharing |
| Cloudflare | High (custom domain) | Complex | Production deployments |