Which is the best way to access opencode from my phone remotely?

Tailscale is the best default. It puts your phone and server on the same encrypted private network, requires no open ports and no public URL, and stays connected as you move between Wi-Fi and cellular. Use a Cloudflare Tunnel or ngrok only if you specifically need a public HTTPS URL.

Do I need to open ports on my router to use opencode from my phone?

No. With Tailscale or a Cloudflare/ngrok tunnel you do not open any inbound ports. Avoid forwarding the opencode port directly to the public internet; it is safer to use a tunnel or a private mesh network.

Is my code safe when I access opencode remotely?

Yes. The opencode agent and your AI provider keys stay on your own server. Tailscale traffic is end-to-end encrypted (WireGuard); Cloudflare Tunnel and ngrok serve over HTTPS/TLS. OpenCode Mobile only stores your server URL and password, kept in the Android Keystore. There is no telemetry by default.

Does opencode keep running when my phone screen is off?

Yes. The agent runs on your server, not the phone, so long tasks continue even if your phone sleeps or loses connection. When you reopen the app and reconnect, you pick the session back up.

Access opencode from your phone, remotely

The hardest part of running an AI coding agent from your phone isn't the app — it's reaching your opencode server when you're away from home. This page covers the three reliable ways to do it from OpenCode Mobile on Android: Tailscale (recommended), a Cloudflare Tunnel, and ngrok — with the trade-offs of each.

OpenCode Mobile is a thin client. The agent and your AI provider keys live on a machine you control; the app just connects to it over the network. So the goal here is simply: make your server reachable from your phone, securely, from anywhere.

Before you start: make sure opencode serve runs and you can connect on the same Wi-Fi first. If that works, remote access is only about reaching the same server from elsewhere. New here? Start with the setup guide.

Which method should I use?

Method	Best for	Open ports?	Public URL?	Cost
Tailscale	Your own daily use. Private, always-on, set-and-forget.	No	No (private 100.x IP)	Free
Cloudflare Tunnel	A stable public HTTPS URL, e.g. behind your own domain.	No	Yes (HTTPS)	Free
ngrok	Quick one-off testing from anywhere.	No	Yes (HTTPS)	Free tier

For your own phone, Tailscale is the right default: nothing is exposed to the public internet, it survives switching between Wi-Fi and cellular, and there are no ports to open. Use a tunnel only when you specifically need a public URL.

Don't port-forward the raw opencode port to the internet. Use a private mesh (Tailscale) or an authenticated tunnel. Whatever you pick, always set OPENCODE_SERVER_PASSWORD so the agent isn't open to anyone who finds the address.

Option 1 — Tailscale (recommended)

Tailscale puts your server and phone on the same private, encrypted network (a "tailnet") built on WireGuard. Your server gets a stable 100.x.x.x IP that only your devices can reach — from any network, with no ports opened.

Install Tailscale on your server

Install it on the machine running opencode and sign in:
```
curl -fsSL https://tailscale.com/install.sh | sh
sudo tailscale up
```
Find the server's tailnet IP:
```
tailscale ip -4
# e.g. 100.101.102.103
```
Install Tailscale on your phone

Install the Tailscale app from F-Droid or Google Play and sign in with the same account. Both devices now share one private network. (You don't need a VPN profile for anything else — Tailscale only routes traffic to your tailnet.)
Run opencode bound to the network with a password

Bind to 0.0.0.0 so it accepts tailnet connections, and set a password:
```
OPENCODE_SERVER_PASSWORD=yourpassword \
  opencode serve --hostname 0.0.0.0 --port 4096
```
Tailscale already restricts who can reach the port to your own devices; the password is a second layer.
Connect from OpenCode Mobile

Open the app → Add Connection → use the Tailscale IP and port, then enter the password:
```
http://100.101.102.103:4096
```
That's it. This URL works from your home Wi-Fi, a coffee shop, or cellular — anywhere your phone has internet.

Tip: enable MagicDNS and you can use the machine's name instead of the IP, e.g. http://my-laptop:4096.

Option 2 — Cloudflare Tunnel

A Cloudflare Tunnel gives your server a public HTTPS URL with no open ports. Good when you want a stable address (optionally on your own domain) rather than a private IP.

Install cloudflared on your server

Install Cloudflare's cloudflared daemon (see Cloudflare's downloads for your OS).
Start opencode with a password
```
OPENCODE_SERVER_PASSWORD=yourpassword \
  opencode serve --hostname 127.0.0.1 --port 4096
```
With a tunnel you can keep opencode bound to localhost — cloudflared connects to it locally and exposes it.
Open a quick tunnel

For a throwaway URL, no account needed:
```
cloudflared tunnel --url http://localhost:4096
```
It prints a URL like https://random-words.trycloudflare.com. For a permanent URL on your own domain, use a named tunnel instead.
Connect from the app

Add a connection in OpenCode Mobile using the full HTTPS URL and your password:
```
https://random-words.trycloudflare.com
```

Option 3 — ngrok

ngrok is the fastest way to get a public URL for a quick test. Great for trying things out; for daily use prefer Tailscale or a named Cloudflare Tunnel.

Install ngrok and add your authtoken

# install per https://ngrok.com/download, then:
ngrok config add-authtoken YOUR_TOKEN

Run opencode with a password

OPENCODE_SERVER_PASSWORD=yourpassword \
  opencode serve --hostname 127.0.0.1 --port 4096

Expose the port
```
ngrok http 4096
```
ngrok prints a forwarding URL like https://abcd-1234.ngrok-free.app.
Connect from the app

Use the ngrok HTTPS URL and your password in OpenCode Mobile. Note the URL changes each run on the free tier.

Remote-access troubleshooting

Connects on Wi-Fi but not remotely? You're likely using the LAN IP (192.168.x.x), which only works on the same network. Switch to the Tailscale IP or your tunnel URL.
Tailscale shows offline? Confirm both devices are signed into the same account and listed as connected in the Tailscale admin console, then retry the 100.x IP.
Tunnel URL refuses the connection? The tunnel must point at the exact port opencode is listening on. If opencode is on 127.0.0.1:4096, the tunnel target must be localhost:4096.
HTTPS tunnel but app can't connect? Use the full https:// URL with no trailing path. Don't mix http and https.
Wrong password? The app password must match OPENCODE_SERVER_PASSWORD exactly.
Long task, flaky signal? The agent runs server-side, so work continues even if the phone disconnects. Reopen the app and reconnect to resume the session.

More fixes on the troubleshooting page.

Get the app and connect from anywhere

Set up Tailscale once and you'll reach your AI coding agent from your phone wherever you are — encrypted, with your keys staying on your own machine.

Get it on F-Droid Download APK Full setup guide

Access opencode from your phone, remotely

Which method should I use?

Option 1 — Tailscale (recommended)

Install Tailscale on your server

Install Tailscale on your phone

Run opencode bound to the network with a password

Connect from OpenCode Mobile

Option 2 — Cloudflare Tunnel

Install cloudflared on your server

Start opencode with a password

Open a quick tunnel

Connect from the app