Modal logo
Changelog API Reference modal.Appmodal.Clientmodal.CloudBucketMountmodal.Clsmodal.Cronmodal.Dictmodal.Errormodal.FilePatternMatchermodal.Functionmodal.FunctionCallmodal.Imagemodal.Periodmodal.Proxymodal.Queuemodal.Retriesmodal.Sandboxmodal.SandboxSnapshotmodal.Secretmodal.Tunnelmodal.Volumemodal.asgi_appmodal.batchedmodal.billingmodal.call_graphmodal.concurrentmodal.container_processmodal.current_function_call_idmodal.current_input_idmodal.enable_outputmodal.entermodal.exitmodal.fastapi_endpointmodal.file_iomodal.forwardmodal.gpumodal.interactmodal.io_streamsmodal.is_localmodal.methodmodal.parametermodal.web_endpointmodal.web_servermodal.wsgi_appmodal.exceptionmodal.config CLI Reference modal appmodal billingmodal configmodal containermodal dashboardmodal deploymodal dictmodal environmentmodal launchmodal profilemodal queuemodal runmodal secretmodal servemodal setupmodal shellmodal tokenmodal volume

modal.forward

Expose a port publicly from inside a running Modal container, with TLS.

If unencrypted is set, this also exposes the TCP socket without encryption on a random port number. This can be used to SSH into a container (see example below). Note that it is on the public Internet, so make sure you are using a secure protocol over TCP.

If h2_enabled is set, the TLS server will advertise support for HTTP/2.

Important: This is an experimental API which may change in the future.

Usage:

Raw TCP usage:

SSH example: This assumes you have a rsa keypair in ~/.ssh/id_rsa{.pub}, this is a bare-bones example letting you SSH into a Modal container.

If you intend to use this more generally, a suggestion is to put the subprocess and port forwarding code in an @enter lifecycle method of an @app.cls, to only make a single ssh server and port for each container (and not one for each input to the function).