Hacker News new | past | comments | ask | show | jobs | submit login
Ngrok – Expose any local server behind a NAT or firewall to the Internet (ngrok.com)
180 points by mavidser on Aug 18, 2015 | hide | past | favorite | 40 comments

As is usually mentioned in reference to this, the same can be achieved on the command line with:

`ssh user@yourserver.com -R [remoteport]:localhost:[localport]`

Where 'yourserver.com' is a server you own, such that accessing 'http://yourserver.com:[remoteport]' tunnels to 'http://localhost:[localport]'.

As my use case for 7-8 years demanded reverse tunnelling daily during development, and last 2 me switching to ngrok, let me just point out that it's not "the same".

Giving you full benefit of doubt that you just haven't fully explored ngrok, instead of just listing the features here myself, I'll just urge you to check it out in more detail.

It's awesome little tool, and the author has always been enthusiastically responsive through #ngrok on freenode.

I use ngrok a fair bit, often for handling OAuth and other webhooks. One really nice feature is the ability to record, inspect, and play back incoming HTTP requests. It's not space magic or anything but it's a really handy, convenient tool.

Minor nitpick: you want to allow other clients to connect too other then yourserver, so enable GatewayPorts in sshd_config and specify * as bind address for -R.

This approach, at least for my setup, would require opening up a port in my server's firewall as well.

The other benefit is that ngrok provides a nice web interface so you can watch and inspect web requests as they go by.

Don't forget HTTPS support. Great if you're developing something like a Facebook app where you have to give them a HTTPS endpoint to hit.

ngrok's ability to replay requests is something you can't accomplish with this. (Probably one of many other features)

Pagekite does the same and is opensource.


Wow never realized that the latest version of ngrok isn't open source. Strange that you can just hide versions of your software, because you don't want it open-sourced

Does Pagekite have the same introspection capabilities as Ngrok? Otherwise it's unclear what else Pagekite overs beyond what you can accomplish with a few lines of nginx config, sshd config, and bash (instructions: https://gist.github.com/gdamjan/4586758).

Thanks for the link.

This is the definition of software that I would not trust to run unless it was open source. This is a real shame.

I had great success using ngrok 1.x which is Open Source. We've compiled it, put it on staging server, hooked up Cloudflare and now every dev machine can expose https://devname.example.com using one command. The certificate is valid, which is very useful when debugging services like Google Drive API, which require trusted SSL.

Count this as another vote for software I wouldn't run unless it was Open Source. It doesn't have to be Free - but I won't run it until its been audited independently, and Open Source is clearly the best way to accomplish that ..

Absolutely, you said it much better than I.

Just saw the "This is 1.0 only, 2.0 is not yet Open Source" comment in the README. Sorry.. but I'll keep fingers crossed.

Then rather go to pagekite, which is opensource.

It's a sad indictment of how far we've come from the early vision of a pervasive, distributed Internet that it's considered a novelty to run out of your own home or office, rather than on the servers of a couple of massively centralised megacorporations.

Wow. Many people don't want to try and keep up with the absolute latest security issues and don't have the bandwidth for even the most trivial DDOS attack.

You can host with companies a lot smaller than Google or Amazon. Let someone else carry the pager, you know?

Not really. It's mostly a reflection of the impracticality of hosting a service on a personal internet connection these days.

I'm not sure this is accurate. Most companies I know host their sites on Amazon, etc. Most people having fun on the internet that I know host things on their raspberry pi, etc. The dream of the distributed internet is still alive, in that way.

Erm, i'm confused, is ngrok really currently proxying 17 million tunnels?

How are they supporting so many IPv4 tunnels? Presumably they don't have the IPv4 space to assign standard ports to them. HTTP is easy but they say they let you "expose any networked service".

Why are folks only worried about the closed source client, which likely does nothing interesting, when all the magic must be at the backend?

65535 * 256 gives 16776960 ... so this is a single C class network.

I guess localtunnel - http://localtunnel.me/ - does the same thing? Its open source too.

I've used both. Localtunnel always seemed janky to me with occasional crashes or just not working for seemingly no reason. Ngrok simply works, and works well. It's also got a few nice features like being able to inspect requests in the browser. Was an absolute life saver when working with webhooks.

I really like how the firewall is illustrated as a wall on fire with a hole in it. It describes NAT really well.

ngrok is really cool software but it's unfortunate that version 2 went closed source. I'll be sticking with version 1.x

Repost, but really handy, used to easily test a website on my phone not long ago. It felt like a good lazy mans solution to testing stuff.

Also good to quickly let friends try your local server.

And then there is pwnat that tunnels nats without 3rd party...

You have to use pwnat on the client too.

What's wrong with using IPv6 and an allow ACL? Rather use that than some mysterious software that isn't open source.

How to get a /64 ipv6 subnet when the ISP won't supply one? My ISP just hands out 1 ipv4, thankfully without DSLite or CGN. Any link to a howto out there which incorporates your suggestion?

https://tunnelbroker.net/ (HE) or other free IPv6 tunnel brokers are one approach.

Because it is simply impossible to configure NAT to forward the ports to the internal network...

...and noone ever has to worry about carrier grade NAT or heaven forbid, being in a managed office and unable to easily alter the firewall for their LAN or deal with inept IT departments... \s

while I see your point, I respectfully disagree. You could get a real carrier that gives you external IP. And if your office hides your computer behind firewall, they could have a reason for that. For, I don't know, corporate security. And there you go, running bugFTP 0.3 inside the company network where every computer is trusted... Sure, that's a great idea.

Applications are open for YC Winter 2022

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact