Ngrok
Ngrok is a service that creates secure tunnels to local servers, allowing them to be accessed remotely over the internet. This means that developers can easily test and share their web applications without having to deploy them to a public server. Ngrok provides a unique URL for each tunnel, making it simple to share the application with others for testing or demonstration purposes. Additionally, Ngrok offers features such as TCP tunneling, custom headers, and password protection to ensure secure and customizable remote access to local servers.
Features
Endpoint Management
- Public HTTP, HTTPS, and TLS endpoints
- TCP endpoints with fixed hostname and port
- Wildcard domains
- Random domain generation
- Custom/bring your own domains
- Dev domains (free tier)
- Dedicated IP addresses
- IPv6 support
- Domain ownership and subdomain protection
Traffic Policy
- Traffic filtering and matching
- Traffic orchestration
- Rate limiting (including identity-based)
- IP restriction policies (allow/deny rules)
- Circuit breaker
- Request/response interception
- Header rewriting
- Geographic routing based on IP geolocation
TLS/SSL Management
- Automatic TLS certificate provisioning (via Let’s Encrypt)
- Automatic certificate renewal
- Bring your own TLS certificates
- TLS termination at cloud, agent, or upstream
- Mutual TLS (mTLS) authentication
- TLS 1.2 and 1.3 support
- End-to-end encryption (Zero-knowledge TLS)
- ALPN negotiation
- SNI support
- ECDSA and RSA private key support
Global Load Balancer
- Latency-aware DNS routing
- Automatic traffic distribution to nearest point of presence
- Connection acceleration
- Module acceleration
- Geo-aware load balancing
- Automatic failover for upstream failures
- Automatic failover for point of presence failures
- Health checks
Security
- DDoS firewall (automatic protection)
- Basic authentication
- OAuth integration
- OpenID Connect (OIDC)
- JWT validation
- Webhook verification
- IP policies and restrictions
- Role-Based Access Control (RBAC)
- Single Sign-On (SSO) for dashboard
- Audit trail logging
- SIEM integrations
- SOC 2 Type II compliance
AI Gateway
- Route traffic to LLMs
- Support for local and hosted AI providers
- OpenAI integration
- Anthropic integration
- LLM traffic management and security
Protocols Supported
- HTTP
- HTTPS
- TLS
- TCP
- UDP (tunneling)
- WebSockets
- gRPC
- SSH
- FTP/FTPS/SFTP
- MQTT
- RTMP (Real-Time Messaging Protocol)
Secure Tunnels
- Expose local services to the internet
- Connect devices to ngrok’s global network
- Encrypted tunnel connections
- Agent-initiated connections (no inbound firewall rules needed)
Observability
- Traffic capture and replay
- Request/response inspection
- Access logging
- Event destinations (AWS CloudWatch, Kinesis, Firehose, Datadog, Azure)
Identity and Access Management
- Traffic identities tracking
- Credential management for users and automated processes
- OAuth provider integrations (Google, GitHub, Facebook, Microsoft, LinkedIn, etc.)
- SAML support
- SCIM provisioning
Kubernetes Support
- Kubernetes Ingress Controller
- Gateway API configuration
- Kubernetes Operator for automated endpoint management
Vaults & Secrets
- Centralized secret management
- Encrypted vaults
- API key storage
- Password and token management
Developer Experience
- API-first architecture
- REST APIs
- Native language SDKs (Go, JavaScript, Python, Rust)
- Scriptable CLI
- Terraform provider
- IDE integrations (VSCode, IntelliJ)
- Agent configuration file support
- SSH reverse tunnel support
- Globally distributed by default
- Multiple environment support
- Fault tolerant design
- Automatic failover
- ngrok-managed domains (ngrok.app, ngrok.dev, ngrok.pizza)
- Public Suffix List compliance
- HSTS preload support
Integrations
- Webhook integrations (Stripe, GitHub, Slack, Shopify, Twilio, etc.)
- Database connections (MySQL, MongoDB, PostgreSQL)
- Framework support (FastAPI, Flask, Laravel)
- Cloud platform integrations (AWS, Azure, GCP)
- Identity provider integrations (Auth0, Okta, Azure AD, etc.)
Enterprise Features
- Enterprise support packages
- Custom domains
- Dedicated IPs
- FIPS compliance (available on request)
- Software bundling/embedding
- SaaS integrationsClaude is AI and can make mistakes. Please double-check responses.
Use Cases
Development & Testing
- Expose local development servers to the internet
- Test webhooks locally from third-party services
- Share work-in-progress with clients or teammates
- Debug integrations with external APIs
- Test mobile apps against local backends
- Demo applications without deploying
- Collaborate remotely on local projects
API Gateway
- Route traffic to internal and public APIs
- Implement rate limiting and throttling
- Add authentication to APIs
- Transform requests and responses
- Version API traffic routing
- Monitor and log API traffic
Device Gateway
- Connect IoT devices to cloud services
- Manage distributed devices in the field
- Orchestrate traffic across devices
- Secure device communications
- Remote device access and management
Identity-Aware Proxy
- Add authentication to any application
- Implement SSO for internal tools
- Secure access to internal services
- Enforce identity-based access policies
- Integrate with identity providers (Okta, Auth0, Azure AD, etc.)
Site-to-Site Connectivity
- Connect services across different networks
- Bridge on-premises and cloud environments
- Enable hybrid cloud architectures
- Connect multiple office locations
Kubernetes & Container Environments
- Kubernetes ingress controller
- Expose Kubernetes services externally
- Cross-platform Gateway API configuration
- Service mesh integration (Consul, Linkerd)
- Multi-cluster connectivity
- Host public game servers (Minecraft, etc.)
- Restrict server access to specific IPs
- Stream media with RTMP support
- Real-time communication applications
Remote Access
- SSH access to remote machines
- Access databases remotely (MySQL, MongoDB, PostgreSQL)
- Remote desktop and VNC access
- Access home automation systems (Home Assistant)
- Bypass CGNAT limitations
Webhook Development
- Receive webhooks from payment processors (Stripe, Square)
- Test e-commerce integrations (Shopify)
- Develop chatbot integrations (Slack, Discord, Microsoft Teams)
- Build CI/CD integrations (GitHub, GitLab, CircleCI)
- Test notification services (Twilio, SendGrid)
Security & Compliance
- DDoS protection for applications
- Implement Zero Trust access
- Add mTLS to services
- Audit and log all traffic
- Enforce IP allowlists/denylists
AI/ML Applications
- Route traffic to LLM providers
- Secure AI API endpoints
- Load balance across AI services
- Manage traffic to local and hosted models
Geographic Distribution
- Route users to nearest endpoints
- Implement country-specific features
- Reduce latency with global load balancing
- Comply with data residency requirements
Protocol Bridging
- Expose TCP services publicly
- Tunnel UDP over HTTP
- WebSocket connections
- gRPC service exposure
- FTP/SFTP server access
- MQTT broker connectivity
Enterprise Applications
- Secure internal tools for remote workers
- Partner and vendor integrations
- B2B API connectivity
- Legacy application modernization
- Secure access to SaaS admin panels