Remote Access
Macuse runs a local HTTP server on your Mac. To use it with web-based AI tools like Claude.ai or other remote MCP clients, you need to make the server accessible over the internet.
A tunnel service creates a secure public URL that forwards traffic to your local Macuse server. This guide covers two options: Tailscale Funnel and Cloudflare Tunnel.
Your Mac must be running with Macuse open for remote access to work. If Macuse is closed or your Mac is asleep, the tunnel can't reach the server.
Option A: Tailscale Funnel
Tailscale Funnel is the simplest option. One command gives you a stable HTTPS URL.
Prerequisites
- Install Tailscale on your Mac
- Sign in to your Tailscale account
- Enable Funnel for your account (see Tailscale Funnel docs)
Start the Tunnel
tailscale funnel 35729Tailscale assigns a stable URL like:
https://your-machine.tail1234.ts.netYour MCP endpoint is available at:
https://your-machine.tail1234.ts.net/mcpKeep It Running
To run the tunnel in the background:
tailscale funnel --bg 35729To stop the tunnel:
tailscale funnel --resetOption B: Cloudflare Tunnel
Cloudflare Tunnel provides a free, stable URL with global CDN. It requires more setup but works well for long-term use.
Prerequisites
- A Cloudflare account (free plan works)
- Install
cloudflared:
brew install cloudflare/cloudflare/cloudflaredQuick Start (Temporary URL)
For a quick test without a custom domain:
cloudflared tunnel --url http://127.0.0.1:35729This gives you a temporary *.trycloudflare.com URL. The URL changes each time you restart.
Your MCP endpoint is available at:
https://random-name.trycloudflare.com/mcpPermanent Setup (Custom Domain)
For a stable URL, set up a named tunnel with your own domain:
- Authenticate with Cloudflare:
cloudflared tunnel login- Create a tunnel:
cloudflared tunnel create macuse- Point your domain to the tunnel:
cloudflared tunnel route dns macuse mcp.your-domain.com- Create a config file at
~/.cloudflared/config.yml:
tunnel: macuse
credentials-file: ~/.cloudflared/macuse.json
ingress:
- hostname: mcp.your-domain.com
service: http://127.0.0.1:35729
- service: http_status:404- Start the tunnel:
cloudflared tunnel run macuseYour MCP endpoint is now available at:
https://mcp.your-domain.com/mcpRun as a System Service
To keep the tunnel running after closing the terminal:
sudo cloudflared service installWhich One Should I Use?
| Tailscale Funnel | Cloudflare Tunnel | |
|---|---|---|
| Setup time | ~2 minutes | ~10 minutes |
| Custom domain | No (uses *.ts.net) | Yes |
| Stable URL | Yes | Yes (with named tunnel) |
| Free tier | Yes | Yes |
| Best for | Personal use, quick setup | Long-term use, custom domain |
Connect from Web-Based AI Tools
Once your tunnel is running, use the public URL to connect from any MCP-compatible AI tool.
Claude.ai
- Go to claude.ai and open Settings
- Find the MCP or Integrations section
- Add a new MCP server with your tunnel URL:
https://your-tunnel-url/mcp- Claude will initiate an OAuth authorization flow
- Approve the connection in Macuse on your Mac
Other AI Tools
Any AI tool that supports remote MCP servers can connect using the same URL:
{
"mcpServers": {
"macuse": {
"url": "https://your-tunnel-url/mcp"
}
}
}Using Bearer Tokens
Some AI tools don't support OAuth. For these, use Bearer Token authentication:
- Connect from your AI tool using the tunnel URL (without authentication)
- After a few failed attempts, Macuse detects the client doesn't support OAuth
- A popup appears in Macuse asking you to generate a token
- Copy the token and configure your AI tool:
{
"mcpServers": {
"macuse": {
"url": "https://your-tunnel-url/mcp",
"headers": {
"Authorization": "Bearer mcp_your_token_here"
}
}
}
}See Bearer Token Authentication for more details.
Security Notes
Tunnel services encrypt all traffic with HTTPS automatically. Combined with Macuse's built-in authentication, your server stays protected when exposed to the internet.
- Every new client needs approval. Remote users can't bypass the authorization step in Macuse.
- Revoke unused connections. Manage active connections in Macuse Settings → Connections.
- Custom port. If you changed the Macuse server port, use that port in your tunnel command instead of
35729.
Troubleshooting
Tunnel connects but AI tool gets errors
Make sure Macuse is running and the local server is active. Check the server status in the Macuse menu bar panel.
OAuth flow doesn't complete
The authorization popup appears in Macuse on your Mac. If you're away from your Mac, you won't be able to approve the connection. Consider using Bearer Tokens for unattended access.
Slow response times
Tunnel services add some latency. This is usually minimal (under 100ms) and shouldn't affect normal usage. If latency is a concern, choose a tunnel provider with servers close to your location.