Remote Access
JarVS can connect your Apple Vision Pro to your host machine from anywhere, not just your local network. Enable remote access on your host, add the URL on your Vision Pro, and you can code from a coffee shop, hotel, or airport.
How it works
By default, JarVS connects over your local WiFi network using Bonjour/mDNS. Remote access extends this so your Apple Vision Pro can reach your host machine from any network.
There are two modes. The default uses Cloudflare Tunnel to create a secure tunnel from your machine to the internet. The tunnel binary (cloudflared) is downloaded automatically the first time you enable it. No Cloudflare account is needed. Alternatively, if you already expose your server publicly (e.g. behind a reverse proxy), you can provide your own URL directly.
What happens when you enable remote access:
- JarVS downloads
cloudflared(once, on first use) - A tunnel is established from your machine to Cloudflare
- Your Apple Vision Pro connects through the tunnel instead of your local network
- All traffic is encrypted with TLS end-to-end
Prerequisites
- The host machine needs an internet connection to establish the tunnel.
Connecting from the Vision Pro
You can add a static URL directly from the JarVS visionOS app. Open Settings, enter your server URL, and connect. No local pairing step is needed.
This works well when your host machine is in a data center or any location you cannot physically access with your headset.
Enabling on Mac
Open the JarVS menu bar app and toggle Remote Access on. That is it. JarVS handles the rest: downloading the tunnel binary, starting the tunnel, and registering the URL so your Apple Vision Pro can find it.
The setting persists across restarts. When you reboot your Mac, JarVS will re-establish the tunnel automatically.
Enabling on Linux
Use the jarvs remote command to manage remote access:
# Enable with Cloudflare tunnel (recommended) jarvs remote enable # Or use your own public URL jarvs remote enable --url https://my-domain.com:9999 # Check current status jarvs remote status # Disable jarvs remote disable
The setting is saved to ~/.jarvs/remote-access.json and restored automatically when the server restarts.
When you run jarvs pair for the first time, you will also be prompted to enable remote access interactively.
Direct URL mode
If you already have your JarVS server exposed publicly (for example behind a reverse proxy with a static IP or domain), you can skip the Cloudflare tunnel and provide the URL directly.
In the remote access settings, switch to Direct URL mode and enter your public URL. JarVS will verify the URL points to a running JarVS server before accepting it.
Requirements for direct URLs:
- Must be publicly accessible (not a private/local IP)
- Must point to a running JarVS server
- HTTPS is recommended
Example: nginx reverse proxy
If you want to expose your JarVS server behind your own domain instead of using the Cloudflare tunnel, here is how to set up nginx as an HTTPS reverse proxy with WebSocket support.
- Install nginx:
# Debian/Ubuntu sudo apt install nginx # macOS (Homebrew) brew install nginx
- Get a TLS certificate. Any valid certificate works (e.g. Let's Encrypt, Cloudflare Origin, or a self-signed one). Here is the quickest option, a self-signed cert:
sudo mkdir -p /etc/ssl/jarvs sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \ -keyout /etc/ssl/jarvs/key.pem \ -out /etc/ssl/jarvs/cert.pem \ -subj "/CN=your-domain.com"
- Create the nginx config at
/etc/nginx/sites-available/jarvs(Linux) or/opt/homebrew/etc/nginx/servers/jarvs.conf(macOS):server { listen 443 ssl; server_name your-domain.com; ssl_certificate /etc/ssl/jarvs/cert.pem; ssl_certificate_key /etc/ssl/jarvs/key.pem; location / { proxy_pass https://127.0.0.1:9999; proxy_ssl_verify off; proxy_http_version 1.1; # WebSocket support proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # Disable buffering for real-time streams proxy_buffering off; # Long-lived WebSocket connections proxy_read_timeout 86400s; proxy_send_timeout 86400s; } } - Enable and reload:
# Linux sudo ln -s /etc/nginx/sites-available/jarvs /etc/nginx/sites-enabled/ sudo nginx -t && sudo systemctl reload nginx # macOS (Homebrew) # Place config in /opt/homebrew/etc/nginx/servers/jarvs.conf sudo nginx -t && brew services restart nginx
- Verify it works:
curl -k https://your-domain.com/health
You should get a JSON response with"status":"ok". If something is wrong, check the nginx logs:# Linux tail -f /var/log/nginx/error.log # macOS (Homebrew) tail -f /opt/homebrew/var/log/nginx/error.log
- Use the URL in JarVS: set
https://your-domain.comas your direct URL in the Vision Pro settings or via the CLI:jarvs remote enable --url https://your-domain.com
Security
All remote connections are encrypted with TLS, whether using the Cloudflare tunnel or a direct URL. Your code never leaves the encrypted channel.
The tunnel URL changes each time the tunnel restarts, and only your paired Apple Vision Pro knows the current URL. There is no static endpoint for anyone to discover.
In tunnel mode, no ports are opened on your machine and no firewall changes are needed. The connection is outbound-only from your host to Cloudflare.
Troubleshooting
Remote access says 'downloading' and nothing happens
The tunnel keeps disconnecting
My Vision Pro can't find the server remotely
Can I use remote access over cellular?
Need help getting set up? Getting started guide covers the initial pairing process. CLI reference covers all available commands.