Securing your Apps with Cloud Edge

If you're writing an app or API for production, you're likely tripping into non-functional requirements — high availability, security, observability, and performance — typically addressed by middleware solutions. Let's explore how to use ngrok Cloud Edge to address these non-functional requirements quickly and without the burden of running and maintaining a large middleware infrastructure.

Note: This post assumes you already have an ngrok account with an integrated app. If you're not a ngrok user yet, just sign-up and download yours free. If you're a part of our Launch Party, you'll have every feature for free through May 1, 2022.

Sidebar note: What is Cloud Edge?

Cloud Edge is a distributed computing architecture that brings middleware functions to the cloud and closer to users. Compared to traditional middleware, it is faster to configure, reduces the burden of running a separate middleware infrastructure, and does all its processing long before any traffic touches your network. This isolates your application from bad traffic reducing and sometimes eliminating scale and security issues. It also adds capabilities to apps that normally cannot run at the edge, such as IoT devices, legacy applications, and even non-HTTP apps like databases and servers.

Getting Started

ngrok adds middleware functionality in two ways: via our command line and via our edge configurations. The command line is a great way to get complex middleware functionality in seconds. To add middleware to your app, use one of our examples:

Improve webhook security (i.e., validate requests from Slack):

ngrok http 8080 \
    --verify-webhook=slack \
    --verify-webhook-secret=secret

Secure your service with network restrictions (i.e., Accept requests only from your IP):

ngrok http 8080 \
    --cidr-allow $(curl http://ifconfig.me/ip)/32

Protect your app with a circuit breaker (reject requests when errors exceed a 15% ratio):

ngrok http 8080 \
    --circuit-breaker 0.15

Inject geographic data for later evaluation (send the requester country as a request header):

ngrok http 8080 \
    --request-header-add "country: \${.ngrok.geo.country_code}"

Add Google SSO without modifying your app (allow access only from users of acme.com):

ngrok http 8080 \
    --oauth=google \
    --oauth-allow-domain=acme.com

Add HTTP compression (gzip compress http responses):

ngrok http 8080 \
    --compression

Combining multiple features:

ngrok http 8080 \
    --oauth=facebook \
    --compression \
    --circuit-breaker 0.5 \
    --cidr-allow $(curl http://ifconfig.me/ip)/32

Once you determine the configuration you need, you can visit the dashboard or use the API to lock in your configuration. Now your Security/Compliance team has one place to view, configure, and audit security policy. Cloud Edge adds even more functionality to your middleware, allowing you to tie rules to specific request paths, use additional policies for load balancing, and save your configuration to the cloud to fix it in place. In this example, I'm adding webhook validation to any request to middleware_edge.gif/github-webhook while keeping different settings for other routes:

The middleware options will vary based on the type of communication you have. As of today, ngrok supports HTTPS, TCP, and TLS communications to address web applications, APIs, databases, and even IOT devices securely.

With an edge created, start your tunnel referring to it (i.e., ngrok tunnel --label edge=<edge_id> 8080), and all configurations will be inherited:

Additional Resources

If you're not a ngrok user yet, just download and sign-up for free.

If you're curious about everything you can do with edge and the middleware, check our documentation or reach out to us.

‍