
Localtunnel.me - p_m_g
http://localtunnel.me/
======
shtylman
Author of the project here.

I want to clarify why this project exists (as many seem to point out that
other projects or methods exist for doing this).

TL;DR; If you think of localtunnel as just a shitty ngrok (or name your
project here), you are missing the point and probably don't have the same use
cases I do.

1\. It was made overnight at some hackathon because I was not satisfied with
the other tunneling options I found. They required either an account or some
stupid ssh setup. I got to thinking of ways to create a tunnel that simply had
an CLI tool and instantly get a tunnel no setup. It worked, I kept it.

2\. It is written as a library first, CLI tool second. This means it can be
used to create tunnels in a test suite if you want to use services like
saucelabs to run browser tests (see
[https://github.com/defunctzombie/zuul](https://github.com/defunctzombie/zuul)).
This is leveraged by projects like socket.io and engine.io (among others).
This is perhaps the main reason I keep it around despite there being
alternative CLI tools.

3\. Both the client and server code are availably and easy to install and use.
Companies do this when they want to run their own tunnels for privacy (or
whatever their reasons... I don't care).

4\. Yes, I know the name is identical to the old ruby?python? one. Whatever.
That one seems defunct now anyway.

~~~
inconshreveable
Very cool.

ngrok doesn't have a programmatic API, but I'd love to add one soon. I've
built out a library for this in [https://github.com/inconshreveable/go-
tunnel](https://github.com/inconshreveable/go-tunnel) that will be the
foundation for ngrok's next version providing a library in addition to the CLI
tool.

Unfortunately, one of Go's weaknesses is that it doesn't embed into other
languages like C, so I'd need a ground-up rewrite (in C, probably) with
bindings to other languages.

If ngrok the command-line tool had a well defined programmatic interface (like
RESTful JSON) would that useful, or is the burden of a separate binary/process
to manage still too painful?

~~~
shtylman
To me the ease of having the library be installable with the "canonical"
package manager of my platform is too convenient; just "feels" more natural
and simpler. I actually thought about writing a node.js ngrok client but then
gave up on the idea since localtunnel was working well enough and I personally
didn't need the other features from ngrok which I didn't have in localtunnel.

I wouldn't worry about the whole rewrite in c thing. If your server protocol
is simple enough, writing clients in the native languages will be better than
writing bindings. Installing bindings trips up a lot of users that are not
used to compiled software.

~~~
inconshreveable
Make sense and I agree. Thanks for the feedback! Unfortunately, ngrok's new
protocol is optimized very heavily for speed which comes with a cost in
complexity of both the protocol and the clients that implement it.

~~~
namtrac
Well thank you for ngrok!

My daily routine is

ngrok start ssh && go home

Stupid firewalls.

------
kevinburke
I'm confused, there is an existing project called localtunnel that does
exactly the same thing and dominates search results for "localtunnel". At the
very least, pick a different name.

[http://progrium.com/localtunnel/](http://progrium.com/localtunnel/)

~~~
pennig
Yeah, that's what I thought this was at first. Naming it the same as an
existing project with the same purpose is negligent at best.

------
julianwachholz
You can also use ngrok.com which has been around for quite a while. The
developer even responds very quickly to support requests.

As a bonus, you also get:

\- Custom (sub) domains

\- TLS tunnels if you want, not mandatory

\- Other protocols than just HTTP/S

~~~
nXqd
Yes, I still find that ngrok works quite well :D

------
thaumaturgy
This seems like a bad idea. localtunnel.me is redirecting non-tunnel'd
subdomains to its main page, while inactive tunnel'd subdomains return
"localtunnel error: no active client for 'adbc'". So, with a little poking,
you find that tunnel'd subdomains seem to be [a-z0-9]{4}.localtunnel.me ...
which isn't too terribly large of a search space to crawl. If it gets popular,
it should be easy to find works-in-progress that might give up access to the
user's computer, or keys to prod, or any of the other stuff that people are a
little sloppy about on their work machines.

edit: I was wrong, I should've been a little more thorough. Looks like it's
[a-z0-9]{4,10}.localtunnel.me, which is significantly larger.

------
JamyDev
I suggest you don't use it until they have upgraded OpenSSL...

WARNING: server returned more data than it should - server is vulnerable!
(Heartbleed)

~~~
vayarajesh
I think it is alright to use it.. its just to share the work in progress so it
doesnt matter if it is vulnerable

~~~
JamyDev
I've already seen PHPMyAdmin login and tokens pass by, so I don't think it's
only used for showing progress but also to have a reverse tunnel back home..

~~~
drunkcatsdgaf
the slogan is "expose yourself to the world"

------
jancborchardt
Oh nice! This looks very similar to
[https://pagekite.net](https://pagekite.net) (which is also open source),
minus the need for an account. Good call.

~~~
yownie
Yep, was going to chime in here as the dev of a pagekite is a friend of mine.
Glad someone else appreciates it too!

~~~
lubos
Pagekite dependency on Python was deal-breaker for me a few years ago. If they
would have clients in multiple programming languages so it can be easily
embeddable, they would get a lot of business. Prices could be easily higher
too.

------
rabino
Also: Vagrant has added a "vagrant share" command that publishes access to
your vagrant box, which should be safer than publishing access to your full
machine.

[http://docs.vagrantup.com/v2/share/](http://docs.vagrantup.com/v2/share/)

------
tedchs
Personally I would rather just use "ssh -R", the built in remote port
forwarding. You either need to flip a setting on the server to allow listening
on an interface besides localhost, or configure Nginx/etc as a reverse proxy.

For example:

ssh -f -N -q -R 2222:localhost:22 my_name@remote.example.com

Decent writeup here:

[http://www.noah.org/wiki/SSH_tunnel](http://www.noah.org/wiki/SSH_tunnel)

~~~
thedufer
That's what I've used in the past, but its more complicated to set up ("You
either need to flip a setting on the server to allow listening on an interface
besides localhost, or configure Nginx/etc as a reverse proxy." is not trivial
for most). It also requires a server with a static IP to ssh to.

~~~
tedchs
Yes. This is cold hearted, but I would suggest that for those for whom this is
too hard, they should reconsider exposing their machines and code directly to
the public Internet.

~~~
shtylman
Why should they reconsider it? Someone that just got into development and
might want to show their friends or family something they are hacking away on.
According to you they now need to learn about VPS, some random nginx settings
or other SSH nonsense and meet some arbitrary "minimal" criteria you have
decided upon because that is how you would do it. I think you should
reconsider your acceptance of people that don't share your same technological
expertise.

------
j0k3r
Isn’t the node.js version of the ruby one ? ie:
[http://progrium.com/localtunnel/](http://progrium.com/localtunnel/)

Or the Go version:
[https://github.com/inconshreveable/ngrok](https://github.com/inconshreveable/ngrok)

~~~
nathancahill
Jeff's localtunnel has been discontinued in favor of Ngrok. It was
discontinued in the middle of a transition from ruby to python.

~~~
riffraff
Is there a writeup somewhre of what happened?

localtunnel v1 worked perfectly for me, localtunnelv2 never did (apparently no
remote server was ever up) but it's weird that ngrok is a ruby project again.

~~~
inconshreveable
ngrok is a Go project and has not changed

~~~
riffraff
ah I was tricked by having it installed as a gem, thanks for the
clarification.

------
PinguTS
This seems like a bad idea or to phrase it correctly: use it wisely.

Because, you will use this service for the development to give someone outside
access to something. If you then close the tunnel, the service will forward
any request to its own server either to the main pager or to an error page.
That means, all data given with a request, either via GET or via POST, will be
given to that service. That could include sensitive data. That means, this
kind of service is security risk.

~~~
superuser2
If you're testing 3rd party APIs with sensitive data, you're Doing It Wrong.

------
cardamomo
If you have a VPS, why not set up a subdomain to proxy localhost connections
forwarded through SSH? (e.g., $ ssh -R 8000:localhost:80)

I'm sure I'm missing some obvious disadvantage…

------
IceDane
Wow. Exactly the same as ngrok, just .. worse.

------
eranrund
There's also [http://httpi.pe/](http://httpi.pe/) \- pretty similar both in
concept and in implementation. The major difference would be an 'inspection'
view allowing users to view the traffic going through the tunnel.

(Shameless plug - I'm the author of httpipe)

------
veesahni
shameless plug: I created [http://ultrahook.com](http://ultrahook.com) which
does similar but with a focussed goal of receiving webhooks on localhost.

------
jbrooksuk
This is awesome and only an hour a go I needed this. Perfect! :)

------
chintan39
It would be nice to have option to allow custom URL

~~~
maaaats
Or at least get to reuse an URL after reboot/dc/something, since this is links
you would send to your client/boss, having to email them new ones is a hassle.

~~~
chintan39
I agree we need a persistant URL

------
vayarajesh
Nice!! so easy to setup and use.. awesome work

------
asaddhamani
This is pretty neat!

