Agreed, thats why for production workloads it should be done with hardening and auth. Ngrok does that, as does Cloudflare. The version my company created does that too - https://blog.openziti.io/zrok-frontdoor
This is something I’ve worried about, but I’m not very knowledgeable. Say I have a service that’s receives traffic only from a trusted network segment and is behind a firewall, but I need to access the service for debugging purposes. Is there a canonical way to do this other than pushing logs out to some accessible location?