By default, Kanban binds to 127.0.0.1:3484 and is only accessible from the machine it’s running on. This guide shows how to enable remote access for mobile devices, remote machines, or team collaboration.
When exposing Kanban beyond localhost, ensure you trust all devices and users with access. Kanban provides full access to your git repository and terminal.
Local Network Access
To make Kanban accessible to other devices on your local network (like a phone or tablet on the same WiFi), bind to 0.0.0.0 instead of 127.0.0.1.
Using CLI Flag
This makes Kanban available at http://<your-machine-ip>:3484 from any device on your network.
Using Environment Variable
KANBAN_RUNTIME_HOST=0.0.0.0 cline
cline, it will launch Kanban bound to 0.0.0.0.
Security Note: Binding to 0.0.0.0 exposes Kanban to your entire local network. Only use this on networks you trust, such as your home WiFi.
Tailscale (Recommended for Remote Access)
Tailscale provides secure remote access without exposing ports to the internet. Once configured, you can access Kanban from your phone while on the road, from a coffee shop, or anywhere else.
Setup
- Install Tailscale on both your development machine and your phone/remote device
- Sign in to the same Tailscale account on both devices
- Launch Kanban with network binding:
KANBAN_RUNTIME_HOST=0.0.0.0 cline
- Access from your phone: Navigate to your machine’s Tailscale hostname on port 3484:
http://your-machine-name.tail1234.ts.net:3484
Tailscale creates a secure mesh VPN, so your connection is encrypted and doesn’t require opening any firewall ports. This is the safest option for remote access.
Docker Deployment
Run Kanban in a Docker container for isolated deployments or server environments.
Dockerfile
FROM node:22
WORKDIR /app
EXPOSE 3484
CMD ["npx", "--yes", "kanban@latest", "--host", "0.0.0.0"]
Build and Run
docker build -t npx-kanban .
docker run -it -p 3484:3484 npx-kanban
http://localhost:3484 from your browser.
To access the Kanban container from other machines on your network, use http://<docker-host-ip>:3484.
SSH Tunnel
SSH tunneling creates a secure connection between your local machine and a remote server. This requires SSH access to the remote machine where Kanban is running.
Setup
On the remote machine, run Kanban normally (it can bind to 127.0.0.1):
On your local machine, create an SSH tunnel:
ssh -L 3484:localhost:3484 user@remote-hostname
http://localhost:3484 in your local browser. The SSH tunnel securely forwards the connection to the remote machine.
Replace user with your SSH username and remote-hostname with the IP address or hostname of your remote machine. If using SSH keys, add -i /path/to/key.pem before the username.
Ngrok
Ngrok creates a public HTTPS URL that tunnels to your local Kanban instance. Useful for quick demos or sharing with collaborators.
Setup
# Install ngrok (macOS)
brew install ngrok
# Add your auth token (create a free account at ngrok.com)
ngrok config add-authtoken $YOUR_AUTHTOKEN
# Start Kanban
kanban
# In another terminal, create the tunnel
ngrok http 3484
https://1234-5678-9012.ngrok-free.app. Share this URL to give others access to your Kanban board.
Ngrok URLs are publicly accessible on the internet. Anyone with the URL can access your Kanban board. Only use this for temporary access and stop the tunnel when finished.
Cloudflare Tunnels
Cloudflare Tunnels provide production-grade remote access with custom domains, access controls, and HTTPS.
Setup
Follow the Cloudflare Tunnel guide to create a tunnel. Then configure your application route with these settings:
- Hostname.subdomain: Choose any subdomain (e.g.,
kanban)
- Hostname.Domain: Your domain configured with Cloudflare
- Hostname.Path: Leave empty
- Service.Type:
HTTP
- Service.URL:
localhost:3484
AWS CDK Example
Deploy Kanban on EC2 with Cloudflare Tunnel using AWS CDK:
import * as cdk from "aws-cdk-lib/core";
import * as ec2 from "aws-cdk-lib/aws-ec2";
import * as iam from "aws-cdk-lib/aws-iam";
import { Construct } from "constructs";
export class KanbanEc2Stack extends cdk.Stack {
constructor(scope: Construct, id: string, props?: cdk.StackProps) {
super(scope, id, props);
// Tunnel token from env or CDK context
const tunnelToken =
process.env.TUNNEL_TOKEN || this.node.tryGetContext("tunnelToken");
if (!tunnelToken) {
throw new Error(
"Missing tunnel token. Set TUNNEL_TOKEN env var or pass -c tunnelToken=xxx",
);
}
// VPC + Security Group
const vpc = ec2.Vpc.fromLookup(this, "DefaultVpc", { isDefault: true });
const sg = new ec2.SecurityGroup(this, "KanbanSg", {
vpc,
allowAllOutbound: true,
description: "Kanban EC2 security group",
});
sg.addIngressRule(ec2.Peer.myIp(), ec2.Port.tcp(22), "SSH access");
// User data script
const userData = ec2.UserData.forLinux();
userData.addCommands(
"set -x",
"exec > >(tee /var/log/user-data.log) 2>&1",
// 1) Install git and cloudflared first for tunnel connectivity
"sudo dnf install -y git",
"curl -L --output /tmp/cloudflared.rpm https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-x86_64.rpm",
"sudo yum localinstall -y /tmp/cloudflared.rpm",
// 2) Start cloudflared tunnel so the instance is reachable
`sudo cloudflared service install ${tunnelToken}`,
// 3) Install Node.js 22 via NodeSource
"curl -fsSL https://rpm.nodesource.com/setup_22.x | sudo bash -",
"sudo dnf install -y nodejs",
// 4) Clone and build the app
"git clone -b main https://github.com/cline/kanban.git /opt/kanban",
// 5) Create systemd service for the kanban app
`cat > /etc/systemd/system/kanban.service << 'UNIT'
[Unit]
Description=Kanban App
After=network.target
[Service]
Type=simple
WorkingDirectory=/opt/kanban
ExecStart=/usr/bin/kanban
Restart=always
RestartSec=5
Environment=NODE_ENV=production
Environment=HOME=/root
Environment=PATH=/usr/bin:/usr/local/bin
[Install]
WantedBy=multi-user.target
UNIT`,
"systemctl daemon-reload",
"systemctl enable --now kanban.service",
);
// IAM role with SSM access
const role = new iam.Role(this, "KanbanInstanceRole", {
assumedBy: new iam.ServicePrincipal("ec2.amazonaws.com"),
managedPolicies: [
iam.ManagedPolicy.fromAwsManagedPolicyName(
"AmazonSSMManagedInstanceCore",
),
],
});
// EC2 Instance
const instance = new ec2.Instance(this, "KanbanInstance", {
vpc,
instanceType: ec2.InstanceType.of(
ec2.InstanceClass.T3,
ec2.InstanceSize.SMALL,
),
machineImage: ec2.MachineImage.latestAmazonLinux2023(),
securityGroup: sg,
vpcSubnets: { subnetType: ec2.SubnetType.PUBLIC },
associatePublicIpAddress: true,
userData,
role,
});
// Outputs
new cdk.CfnOutput(this, "InstanceId", { value: instance.instanceId });
new cdk.CfnOutput(this, "PublicIp", {
value: instance.instancePublicIp,
});
}
}
TUNNEL_TOKEN=<your_tunnel_token> cdk deploy
Summary
| Method | Security | Complexity | Use Case |
|---|
| Local Network | Low (LAN only) | Easy | Phone/tablet on same WiFi |
| Tailscale | High (encrypted VPN) | Easy | Remote access from anywhere |
| Docker | Medium (isolated) | Medium | Server deployments |
| SSH Tunnel | High (encrypted) | Medium | Secure remote access |
| Ngrok | Low (public URL) | Easy | Temporary demos/sharing |
| Cloudflare | High (custom domain) | Complex | Production deployments |
For personal remote access, Tailscale offers the best balance of security and ease of use. For production team access, consider Cloudflare Tunnels with access controls.
