Getting Started with ngrok

This guide will get you up and running with the ngrok agent, giving you a secure way to access your local service from anywhere in the world.

We'll do this in four steps:

  1. Starting a local service
  2. Installing the ngrok agent
  3. Connecting your agent to your ngrok account
  4. Start ngrok

Step 1: Starting a local web service

First, you'll need some sort of web service running on your machine. It should be available at http://localhost:[any port]. If you already have one, you can skip to Step 2. If not, we'll set one up using Python SimpleHTTPServer (ngrok actually has a built in file server but let's not worry about that now).

If you don't have a web service running, you can set one up for this demo using Python SimpleHTTPServer.

  1. Create a new directory, we'll call it ~/ngrok-rocks
  2. Move into that directory and create a file named index.html with a single line of text: Hello, World!
  3. From that folder, run python3 -m http.server. This will start a web server on port 8000 serving the contents of that directory.
  4. Open http://localhost:8000 in your browser

You should see Hello, World! in your browser. If you have any trouble getting things working, see this page for help.

Unfortunately, this service is only available on your local machine for now. Now let's use ngrok to securely share it with the world. For the rest of this guide, we will assume we're working with a web service running at http://localhost:8000 but you should adjust the following commands to match your configuration.

Step 2: Install the ngrok Agent

The ngrok agent is the command line application that you will use to start your tunnels. The easiest way to get started is to use your favorite package manager to install ngrok.

For MacOS, use HomeBrew:

brew install ngrok/ngrok/ngrok

Yes, three times, for reasons.

For Linux, use Apt:

curl -s https://ngrok-agent.s3.amazonaws.com/ngrok.asc | \
      sudo tee /etc/apt/trusted.gpg.d/ngrok.asc >/dev/null && \
      echo "deb https://ngrok-agent.s3.amazonaws.com buster main" | \
      sudo tee /etc/apt/sources.list.d/ngrok.list && \
      sudo apt update && sudo apt install ngrok

For Windows, use Chocolatey:

choco install ngrok

You'll need to run this in an Administrator Command Prompt.

If you don't have one of these package managers installed or prefer to install the ngrok agent yourself, visit the ngrok Download page for instructions and links.

You can test everything is working by running ngrok -h which should print the help text for the ngrok agent.

$ ngrok -h
NAME:
  ngrok - tunnel local ports to public URLs and inspect traffic

USAGE:
  ngrok [command] [flags]

DESCRIPTION:
  ngrok exposes local networked services behinds NATs and firewalls to the
  public internet over a secure tunnel. Share local websites, build/test
  webhook consumers and self-host personal services.
  Detailed help for each command is available with 'ngrok help <command>'.
  Open http://localhost:4040 for ngrok's web interface to inspect traffic.

Author:
  ngrok - <support@ngrok.com>

TERMS OF SERVICE: https://ngrok.com/tos

EXAMPLES:
  ngrok http 80                    # secure public URL for port 80 web server
  ngrok http --subdomain=baz 8080  # port 8080 available at baz.ngrok.io
  ngrok http foo.dev:80            # tunnel to host:port instead of localhost
  ngrok http https://localhost     # expose a local https server
  ngrok tcp 22                     # tunnel arbitrary TCP traffic to port 22
  ngrok tls --hostname=foo.com 443 # TLS traffic for foo.com to port 443
  ngrok start foo bar baz          # start tunnels from the configuration file

COMMANDS:
  api                            use ngrok Agent as an api client
  completion                     generates shell completion code for bash or zsh
  config                         update or migrate ngrok's configuration file
  credits                        prints author and licensing information
  diagnose                       diagnose connection issues
  help                           Help about any command
  http                           start an HTTP tunnel
  service                        run and control an ngrok service on a target operating system
  start                          start tunnels by name from the configuration file
  tcp                            start a TCP tunnel
  tls                            start a TLS tunnel
  tunnel                         start a tunnel for use with a tunnel-group backend
  update                         update ngrok to the latest version
  version                        print the version string

OPTIONS:
  -h, --help      help for ngrok
  -v, --version   version for ngrok

Connect your agent to your ngrok account

Now that the ngrok agent is installed, let's connect it to your ngrok Account. If you haven't already, sign up (or log in) to the ngrok Dashboard and get your Authtoken. The ngrok agent uses the authtoken (sometimes called tunnel credential) to log into your account when you start a tunnel.

Copy the value and run this command to add the authtoken in your terminal.

ngrok config add-authtoken TOKEN

Step 4: Start ngrok

Start ngrok by running the following command.

ngrok http 8000

You should see something similar to the following console UI in your terminal.

ngrok                                                                                                                                                         (Ctrl+C to quit)

Session Status                online
Account                       inconshreveable (Plan: Free)
Version                       3.0.0
Region                        United States (us)
Latency                       78.006541ms
Web Interface                 http://127.0.0.1:4040
Forwarding                    https://84c5df439d74.ngrok.io -> http://localhost:8000

Connections                   ttl     opn     rt1     rt5     p50     p90
                              0       0       0.00    0.00    0.00    0.00

Now open the Forwarding URL in your browser and you should see your local web service. At first glance, it may not seem impressive, but there are a few key differences here:

Since the whole world can access this URL, we need to secure it quickly. Let's stop the ngrok agent with ctrl+c.

Bonus Step 1: Securing your public endpoint

The ngrok agent allows you to dynamically add security to any public endpoint in a variety of ways with IP restrictions, HTTP Basic Authentication, OAuth 2.0, OpenID Connect, SAML, Webhook Verification, and even Mutual TLS.

To start simply, let's add HTTP Basic Authentication to your endpoint.

ngrok http 8000 --basic-auth 'ngrok:issecure'

Now when you access the new ngrok URL in your browser, you should be prompted for a username and password.

By the way, if you have a paid plan and want to keep the same URL each time you restart, use the --subdomain flag when starting the agent.

You now have a public URL for your web service secured by a username and password, still without modifying your web service.

Bonus Step 2: Add OAuth 2.0 to your web service

In most cases, you don't want to use a single set of shared credentials for all users (you can add as many basic auth credentials as you want, but still). Let's swap out Basic Auth for Google OAuth 2.0 in one line.

First stop the ngrok agent again (

ngrok http 8000 --oauth google

If you have a paid plan, you can explicitly specify the email addresses to allow with the --oauth-allow-email flag.

Now when you try to visit your new ngrok URL, you will be prompted to log in with your Google account (you can open in incognito to be sure). Again, this is without modifying your web service.

Next steps

That's it, but there's a lot more you can do with ngrok!