Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.harbormcp.ai/llms.txt

Use this file to discover all available pages before exploring further.

The Lighthouse page is the control panel for Harbor’s HTTP/SSE gateway. It lets you start, stop, and monitor the gateway that exposes your MCP servers over the network — and publish them to the internet via a secure tunnel.

Controls

ControlDescription
Start/Stop toggleLaunch or shut down the gateway
Expose to networkToggle between localhost-only (127.0.0.1) and network-accessible (0.0.0.0)
Bearer tokenSet a token required for remote (non-localhost) access
Endpoint URLShows the gateway URL — click to copy

Publish to Internet

The Publish section lets you expose your gateway to the internet without opening firewall ports or configuring a static IP. Click Publish and Harbor establishes an outbound QUIC tunnel to the relay server. Once published:
FieldDescription
Public URLThe internet-accessible endpoint — click to copy
Bearer tokenAuto-generated token required by remote callers — click to copy

Advanced options

Expand Advanced before publishing to set a custom subdomain (e.g. mynamemyname.relay.harbormcp.ai). Leave blank for a random auto-assigned subdomain.

Connecting from another machine

Use the public URL and bearer token to connect any MCP client: 
# Claude Code
claude mcp add harbor --transport http https://abc123.relay.harbormcp.ai/mcp \
  --header "Authorization: Bearer hbr_..."

# curl
curl -X POST https://abc123.relay.harbormcp.ai/mcp \
  -H "Authorization: Bearer hbr_..." \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","method":"tools/list","params":{},"id":1}'
You can also add it as a remote server in another Harbor instance via Servers → Add Server → Remote. See the Publishing guide for self-hosting, security details, and CLI usage.

Signal Log

The Lighthouse page includes a live log viewer that streams gateway activity in real-time:
  • Auto-scrolls to the latest entries
  • Export logs to a file
  • Clear the log

Security

When exposed to the network (0.0.0.0), configure a bearer token for authentication. Localhost connections are always trusted — no token required. Remote connections without a valid Authorization: Bearer <token> header are rejected with 401. Published tunnels are always protected by a bearer token — unauthenticated requests are rejected at the relay before they reach your machine. See the gateway guide for endpoint details and configuration.