Hacker News new | comments | show | ask | jobs | submit login
Show HN: ngrok – secure introspectable tunnels to localhost (ngrok.com)
66 points by inconshreveable 1492 days ago | hide | past | web | 35 comments | favorite

This sounds technically similar to runscope[1] (reverse proxy via the cloud), although they are specifically focused on debugging/testing web APIs.

[1] https://www.runscope.com/

ngrok is functionally equivalent to our Passageway: runscope.com/docs/passageway. Can never have enough tools out there though. Looks great Alan.

Author here. I made this tool with the intention of making it easier to develop websites and webservices as well as easier to share projects you're working on with friends or at hackathons. Happy to answer any questions.

Can you please create a better description of what this is and how we use it? I've read all the pages and it's still murky. Is this a reverse proxy from your server to our local machines? Is it essentially a hosted version of "ssh -R HostedServerIP:HostedServerPort: ngrok.com" ?

If so, the very first thing on the page should say: "Inspect the traffic to your web server with our free service", and then provide a little more detail like "We provide the public website. You just run our tool to connect your development site to us and watch the traffic flow in."

That's absolutely correct. There are a couple of other things about it that make it much more useful than that ssh command:

- You don't need to have access to a private server to use it.

- I've taken care of setting up SSL for you. So you can run your local server with just http but still have the entire public connection portion be encrypted.

- ngrok captures all of the http traffic over the tunnel, analyzes it and displays a local web interface for you to inspect the traffic.

- ngrok allows you to pick any request that happened over the tunnel and replay it to your local server. This is immensely useful for building webhook consumers.

- ngrok automatically reconnects if your internet connection is intermittent.

- It's written in Go so I can distribute it as a binary for all major platforms with zero dependenices.

I'll work on improving the copy. Thanks for the feedback!

It also took me awhile to figure out what ngrok does. Once I did, I can see the usefulness for sure.

One path would be a list like you provide above, a sort of "your situation / your solution" approach, something like:

You ... are developing a website/service your local machine

You ... want to allow friends to test from outside your LAN


You ... don't want to open a firewall hole to your DEV machine

You ... want secure connections, but don't want to setup a valid cert

You ... don't want to bother with your own reverse proxy


You ... do want an inspectable, replayable copy of all traffic

That's where we come in!

obviously my text is clunky, but that sort of explanation would help me understand what "hassle" you are helping me avoid.

Were you aware of localtunnel "http://progrium.com/localtunnel/" before you started this project? I think it does sort of the same thing. Obviously you have a lot more features than localtunnel does (SSL, HTTP Auth, Raw TCP/UDP tunneling), but it's something to be aware of.

There are a number of existing projects that have similar or subsets of ngrok's feature set. localtunnel was certainly one of the inspirations for building ngrok.

Yup i've been using localtunnel.. but this looks interesting. Bookmarked!

Bug report: on Linux / Ubuntu 12.04. I set up an account, downloaded ngrok, ran it with -authtoken param using my authtoken, and started my first tunnel.

The documentation says I'll only need this authtoken once, and upon subsequent calls, it'll read it from ~/.ngrok. But on my machine, no ~/.ngrok file was created and I need the authtoken param every time. Bug?

I sent you an email with a workaround and instructions on how to capture the logs I would need to debug it. I'll also try to reproduce this myself shortly.

It would be cool if you could put a description of what it is in the title of the page, so that bookmarking it could be faster.

If there is a bandwidth or number of connections limit per domain/user (there should be, IMO), it should be in the front page.

Fixed the title!

There should probably be a bandwidth or connection cap, but I'm reticent to set one before I know what typical usage looks like. I would only want to set one up to prevent abuse of the service.

Is this "free right now" or "free forever"? Are you running this as a public utility or have an aim to turn it into a business?

The intention is that the current feature set is free forever.

It's possible that in the future there might be additional new features worth charging for. If necessary, a small cost may be added for very-high bandwidth usage of the service, but as long as I'm under my network usage quota, that shouldn't be necessary.

Very interesting. I'm going to give it a whirl.

I like how simple your API is. The HTTP auth feature is also a great idea.

I run a distributed engineering team for a startup and this could actually be useful for when people share stuff with each other. Currently, we tend to just deploy to a "hack server", but there's often some local data & setup that is annoying to reproduce on a server, especially for an experiment. This could let people share their stuff more easily with each other.

I also like the idea of using this to share a locally-running IPython Notebook instance to share code with someone else.

Awesome! I really like the ipython notebook idea. I've kicked around the idea of having the server component keep track of which tunnels are currently open by all of the developers on an "account" and then exposing them in the web interface so you would have an easy index to your coworkers' dev work. That might be one of those extra features I try charging for since it's more business-targeted. Feel free to get in touch if you have any ideas of features you'd like to see built on top. contact (at) ngrok dot com

Would it be possible to support XMPP Streams like those used in the OLPC project? You could then share a service with other users over jabber, or browse the services exposed by a jid.

Instant usefulness!

You might want to consider hosting the apps on a separate domain than your own to avoid some security gotchas. github did so recently and explains the rationale at: https://github.com/blog/1452-new-github-pages-domain-github-...

Nice! I worked on localtunnel.me which has some similar goals. I like the SSL encryption option and the data capture. Could see that being useful for some use cases.

Is localtunnel.me the same thing as localtunnel.com, just with npm instead of a rubygem?

It is the same idea. I didn't like the user experience of setting up the SSH key nonsense and wanted it to just work.

Why reuse the name? That's just confusing (and a bit disrespectful).

It is a simple name and does similar functionality. I don't like naming stuff vague unrelated things and am not creative with naming stuff. If you come up with a better name that is available I am happy to consider it :)

LOL, cause everything is better if it's rewritten in javascript.

Very cool idea. Right now I'm using autossh to keep a reverse ssh tunnel open. It works reliably, but the performance is awful.

Great work!

Just what I was looking for! Excellent!

One thing I noticed, when I signed in with Github, your site didn't use my primary email address.

This is really nifty, and Apache licensed to boot. Also, an excellent use of grok :)

Are you looking for open source contributors?

The replay button in the local web UI is enough to make this instantly useful. Thanks for building this.

really useful, quick to set up, nice console, and a lot easier than setting up port forwarding and dyndns. Thanks for an immediately useful tool!

P.S. I hope you're not retaining all the data that goes through your server. You don't want someone getting all snowdenny on you.

ngrokd (the server portion) does not store any of the data. the only portion it inspects is the Host header to determine routing information. All of the code for inspecting the traffic is done on the client side on the machine you control. =)

Lastly, the code is open source at github.com/inconshreveable/ngrok if you'd like to audit it.

So if nginx is "engine-x" does ngrok "negro-k"?

Or is it a "y" sound like "nguyen"...?

It's pronounced "en-grock".

I was way off!



Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact