Pomerium logo
Log In Contact Sign Up
Mobile Menu
Pomerium Zero Pomerium Enterprise Secure Human Access Secure Service Access Secure Agentic Access
Mobile Menu
Secure Human Access
 Secure Internal Access Scoped Contractor Access Time-Bound Access Just-In-Time Access Policy Change History Native SSH Access
Secure Service Access
 Kubernetes Security Secure Internal APIs Multi-tenant Environments Third-party Tools
Secure Agentic Access
 AI Agents Prompts & Autonomous Workflows Audit Agent Actions Control Agentic Sprawl Model Endpoints
Pricing
Mobile Menu
Comparisons Integrations Blog eBooks Glossary Customer Stories
Mobile Menu
Get Started with Zero Quickstart Fundamentals Architecture Changelog Guides Discuss Forum GitHub Careers

Hosted Clusters in Pomerium Zero & MCP Hacking (endpoints from localhost via ssh)

December 24, 2025
Share on Bluesky
Stay Connected

Stay up to date with Pomerium news and announcements.

If you’re building an MCP server and you want a public model (ChatGPT, Claude, or Gemini) to actually call it, you hit the same wall: All the frontier models need a public HTTPS URL.

So instead of hacking on whatever MCP tool you were working on, now you’ve got to figure out tunneling, infra, or weird gNAT issues when you are just trying to hack.

Hosted Clusters in Pomerium Zero (beta)

Today we shipped Hosted Clusters in Pomerium Zero — our first hosted data plane — built for remote MCP servers.

If you’ve got SSH (and you do), just type

Shell (Bash)
ssh -R 0 pom.run

In the terminal from the machine where your MCP server is listening. 

Sign in, and Pomerium hands you a public HTTPS URL that forwards back to your localhost over an SSH reverse tunnel. No public NAT? No problem.

Now ChatGPT, Gemini, Claude — anything that can hit an MCP endpoint — can reach the MCP server you’re hacking on without you needing to deploy infra.

What this saves you from

This replaces the whole “I just need a URL” dance:

  • no tunnel or VPN client to install (vs ngrok, funnels, Cloudflare Tunnel, etc.)

  • no TLS setup

  • no fiddling with ephemeral URLs

  • you still get sign-in + policy (the way Pomerium works), instead of “here’s a public URL, hope nothing weird happens”

Best of all, it’s just SSH. And you’ve already got it.

What I’ve been using it for

I’ve been testing a little SQLite MCP server locally. Tools like list_tables, query, that kind of thing.

Now the flow is:

  • run the server

  • ssh -R 0 pom.run

  • paste the HTTPS URL into ChatGPT’s Apps SDK (here’s a template)

  • ask ChatGPT to call a tool

  • it hits my laptop immediately

That’s it. MCP dev loop stays tight and light.

Try it

Hosted clusters are now live for everyone in Pomerium Zero.  Right now these tunnels are MCP-only. We want this specific workflow to feel great before we broaden it. So give us feedback (feedback@pomerium.com).

docs: https://www.pomerium.com/docs/guides/local-mcp

template for ChatGPT apps SDK: https://github.com/pomerium/chatgpt-app-typescript-template 

Happy hacking this holiday season 🎄, Bobby

Share: Share on Bluesky

Stay Connected

Stay up to date with Pomerium news and announcements.

More Blog Posts

See All Blog Posts
Blog
Announcing Pomerium v0.32
Announcement
Blog
Why Kubernetes Ingress Needs an Identity Layer
Kubernetes
Kubernetes Access Control
Blog
Replacing Ingress-NGINX: A Modern Approach to Secure Kubernetes Access
Kubernetes Access Control
NGINX Kubernetes

Revolutionize
Your Security

Embrace Seamless Resource Access, Robust Zero Trust Integration, and Streamlined Compliance with Our App.

Try Now

Company

About Privacy Policy Terms of Service Newsletter Careers

Use Cases

VPN Replacement Secure Remote Access Zero Trust Application Access Clientless Access Continuous Verification Context-Aware Access Secure Kubernetes

Quicklinks

Comparisons Integrations Customer Stories Resources Docs

Stay Connected

Stay up to date with Pomerium news and announcements.

Pomerium logo
© 2026 Pomerium. All rights reserved