ngrok helps you securely access APIs, databases, and other private services running in remote networks through site-to-site connectivity. This is useful for securely connecting to your customers’ on-prem environments, branch offices, data centers, and more, all without opening inbound ports or managing VPN infrastructure. You can run the ngrok agent inside remote networks, enabling you to enforce access control with IP restrictions, white-label connections with a custom connect URL, run redundant agents for high availability, and more.Documentation Index
Fetch the complete documentation index at: https://ngrok.com/docs/llms.txt
Use this file to discover all available pages before exploring further.
Why use ngrok for site-to-site connectivity?
- No inbound ports: The ngrok agent connects outbound over TLS on port 443. No firewall changes or open ports required in the remote network.
- No VPN complexity: Replace VPN tunnels, VPC peering, and custom networking with a single agent and a Cloud Endpoint.
- Centralized traffic control: Apply IP restrictions, authentication, rate limiting, and more using Traffic Policy—all managed from a single dashboard.
- End-to-end encryption: TLS termination at the agent or upstream service, including mTLS for zero-knowledge encryption.
Next steps
Quickstart
Get a basic site-to-site connection working in minutes
Full tutorial
Walk through a complete setup with multiple endpoints, mTLS, and IP restrictions
End customer guide
Share this reference with customers who need to understand why ngrok is being installed in their network
Running in Kubernetes?
Achieve private site-to-site connectivity with the ngrok Kubernetes Operator