Thanks for creating ngrok. Sharing my experience and use case:
I tried ngrok (and localtunnel) two months ago to show a localhost WordPress site. Both failed because WordPress uses absolute links to reference css, js and img assets.
So the site was visible under whatever.ngrok.com but the assets where still linked to localhost. I read the FAQ at https://ngrok.com/faq#wordpress and tried all the mentioned plugins plus some other hacks. None did work. In the end I wasted almost one day.
I ended up renting a Simple PHP Hosting for 2 days to which I cloned the site. Which was also half a day but only cost me 2 € (site was online only for 2 days or so) and in the end, it did work.
One is a big proprietary blob of mistrust and the other is localtunnel? Sorry if that sounds harsh but it's a shame I can't build and make sure that everything is above board.
Good on you though , that apart it seems a great idea well implemented. Easy to throw stuff up for prospects/clients in an agile way without having to talk to devops.
Why not free as in bird? It is already free as in beer.
I stopped used ngrok because after opening the tunneled URL a few times it started saying "too many HTTP requests" on a Wordpress project. It is common for those to have many images/scripts/styles so throttling by number of requests makes ngrok unusable, now a happy localtunnel user.
ngrok has connection limits, but not request limits. Perhaps your server wasn't using keep-alive connections? It's mentioned in the pricing FAQ (scroll down a bit from this link):
Yeah my bad, it probably says "connections limit", I don't have time to figure out my way around it; other devs may do thought. I just want to fire it up and start working.
Not really, it was just an example; you can leave blank the Wordpress theme index.php and that way it makes only that request; the problem is more general: Real web sites are full of content (AKA. full of requests), that's just how it is.
What is the point of ngrok besides being a paid for third party single point of failure and security liability ?
The website says it is for exposing a local server behind nat or firewall to the internet.
1. local server is by definition supposed not to be exposed to the internet
2. to expose a server behind a NAT there's this thing called port forwarding
3. to expose a server behind a firewall there's this thing called a DMZ or correctly configuring the firewall
There's a lot of data collection happening, the privacy policy is leading on the weak side. Is there an option to opt out of all this data collection so when comes the time to disclose, sell, give or share data I can be guaranteed my data or any data generated by my use of ngrok will not (you can't share something you don't have)?
What makes ngrok better than a free software tunnel solution I can use by myself with no third party involved ?
Think of a front end developer working on a mobile site. Now, in an ideal world everyone would know how to set up an SSH tunnel, but let's be real here, even you probably have to look up the exact flags you're supposed to use every time you want to set up one. Combine this with the need for a publicly accessible server somewhere, and it should become somewhat clear that many simply do not possess the skills, resources, and/or couldn't be bothered to go through the trouble. With ngrok, you just download a single binary, make it executable, and you're ready to go. It's easy enough for most, although I suspect a GUI would further increase its reach.
Corporate policies often prevent employees from connecting their private phones to the internal network, so simply accessing the internal IP isn't really doable. You might be able to apply to have your device whitelisted, but that may take days, perhaps weeks, and even if you're approved, it doesn't really help as you cannot show your work to others (e.g. your team lead) without having their devices whitelisted as well. You might argue that everyone should have a company-provided phone with access to the network, and that's certainly a solution. Realistic? At most companies, probably not. You might have shared phones but who wants to work like that? Plus, there are developers who feel more comfortable playing with their own phones anyway. Regardless of which and whose device they have, they'd still be limited to WiFi only. Sure, you can emulate slower networks, but that's one more thing to know about. With a tunnel, you can see how the thing you're working on feels over a real 4G connection with no additional configuration. All this while developing locally with no need to waste time deploying to a separate environment.
That's just one use case where ngrok shines. The fact that you do not need to "correctly configure a firewall" is a selling point. Does it circumvent the firewall and expose machines on the internal network? Yes it does, and that's certainly a concern. But since people are people, perhaps you should have a similar, easy to use service available for your developers so that they don't have to resort to third party services you have no control over.
I'm not sure how you've interpreted the post that way. The point of that one specific thing was nothing more than to bring attention to the fact that even users who do have the skills to do this all by themselves often can't recall how exactly to get it all going without googling or reading manpages a bit, and that people who are less familiar with these things would be even less likely to know how to set up an SSH tunnel properly, or perhaps even know about them.
For example, even though I use SSH tunnels quite often, and can in fact remember the flags, I sometimes don't remember if the local or remote port came first. A minor issue for me perhaps, but I'm sure you can imagine someone getting stuck at some point, and having to bother a team mate to check what's going on, which is an entirely avoidable waste of time. You also have minor ops overhead for making sure the tunnel servers stay up and running.
In the end, aren't nearly all tech businesses about improving the user experience in some way? For example, you could set up your own mail server (and deal with the issues that come with it) instead of using Mailgun/Sendgrid, or take a taxi (or drive) instead of using Uber/Lyft.
It's intellectually dishonest to cherry-pick that and then ignore the part about having to have a server with DNS, fixed IP, public SSL configured, etc.
Can you speak to security? I love using ngrok to test stuff in dev that requires SSL without having to setup up SSL. Of course that means it's running through your cert. Obviously one shouldn't run anything protected through your system, but what is your visibility into that traffic?
Why not just setup SSL in your development environment? It's seriously not that difficult at all, there's zero reason to use Ngrok (although I'm sure it does what it does very well), plus asking this question after you're already paying is kind of silly.
So how exactly does the tunneling service work? Is it something like LogMeIn Hamachi? From what I understand, you need an intermediary server between two nodes in the network to create a connection like this. So do you have to pay hosting costs to create this pipeline?
Yes that's correct, ngrok hosts servers around the world that serve as 'relays' which accept connections on your behalf and then copy the bytes through to a persistent connection initiated by the ngrok client. It's the same principle as a reverse SSH tunnel
”I want to expose a local server behind a NAT or firewall to the internet.”
This is genius. It immediately simply told me exactly what your and service does. A few common, short examples beneath that would also be great. I would see this being great to show off an app on the development branch to a client in a meeting.
Hey -- great utility! Feature request: a way to kill an existing tunnel. I often forget to take down a tunnel established from a home machine, and then while working on my laptop I find myself locked out. I'd love to be able to optionally kill an existing tunnel and replace it with a current one.
Correct me but there seems to be a free vs. paid plan?
Seems free vs. paid is about reserving/custom domain vs. random one and a lot of security related feature. But the basic tunneling works for free am I correct in that?
Also what does the user really mean in terms of ngrok concurrent user or kind of named seat.
I don't have a question, but I did want to thank you so much for this service. For our usage, which involves lots of disparate services sitting in all sorts of places, it makes it quick and painless to shuffle around our graph of connections between them for development, debugging, and production testing.
It's a service that, for us, is worth its weight in gold for all the configuration and maintenance we don't have to do. It's definitely one of the first tools in our toolbox we reach for. Thank you very much for ngrok!
Do you mean: "why can't I set up port forwarding on my firewall, then create a DNS record for my domain that points to my current IP, then wait for that to propagate around the internet before I can use it, then do it all again when I move from e.g. office->home or my IP changes because of my ISP"? No reason.
Man you'll be floored when you'll learn that 90% of people going online never have a "real IP". Servers see the IP of the NAT's most of the time. ngrok doesn't require an outside-accessible IP.
You're still going to need to set up port forwarding on the firewall of each site you develop at, and if you use DHCP with no static assignment... more fun.
Honestly it depends on your use case, port forwarding and dyndns is trivial to configure, but if you're using development time to do it more than a few times then it's a non-trivial efficiency leak
It takes care of NAT/Firewalls, so you can sit on the airport if you wish and share something you work on locally. Even if it's your own home network, you'd have to go through the process of forwarding ports, have a static local and external IP, configure either a web server or a local proxy. I'm in no way affiliated to ngrok, I just think it's an awesome piece of software and use it regularly.
Are you sure about this being possible on airport provided networks ? My experience with airport networks is that pretty much everything is locked down and you can't set up anything from the airport.
It'll work from everywhere that allows an outbound connection. You're right there may be issues if you can't ssh out, but most airport networks I've been on has allowed ssh. It'd be a good idea for them to support tunnelling over SSL too, though.
It will definitely be interesting to see how public internet providers (airports, coffee shops, etc) handle IPv6 in the future. Will they leave their LAN_IN firewall open and leave filtering to the client, or will we keep the status quo and filter at the router?
Used to use your paid version until the new pricing model. I don't use it often enough to warrant paying, so I just setup the old version on my own VPS.
A report's good, but I care more about assurance of the integrity of the software I was running than having Windows Defender not quarantine my stuff. My build server has been remote-inaccessible all week when a simple 'no compromise of binaries that I know of, quite sure it's a false positive' would have sufficed.
I tried ngrok (and localtunnel) two months ago to show a localhost WordPress site. Both failed because WordPress uses absolute links to reference css, js and img assets.
So the site was visible under whatever.ngrok.com but the assets where still linked to localhost. I read the FAQ at https://ngrok.com/faq#wordpress and tried all the mentioned plugins plus some other hacks. None did work. In the end I wasted almost one day.
I ended up renting a Simple PHP Hosting for 2 days to which I cloned the site. Which was also half a day but only cost me 2 € (site was online only for 2 days or so) and in the end, it did work.