Terminate TLS however (and wherever) you want with Traffic Policy →

Secure Tunnels

Your connection to upstream services running anywhere

Unlike traditional proxies that require static IP addresses, ngrok enables your services to run anywhere—whether on your laptop, behind firewalls and NATs, within CI/CD environments, or on container platforms—without any need for complex networking configuration.

Just run a lightweight agent distributed as a standalone binary, open source SDK for your favorite programming languages, or a Kubernetes Operator to forward traffic from endpoints hosted on ngrok's global network to upstream services.

Sign up for freeTechnical documentation

Connect to upstream services using any interface

  Agent Secure Tunnel SDKs Kubernetes Operator SSH Reverse Tunnel
What is it? Agent Zero dependency executable CLI Secure Tunnel SDKs Programmable interface for embedding ngrok into applications Kubernetes Operator Support for Ingress Controller, Gateway API and cross-cluster connectivity SSH Reverse Tunnel A secure reverse tunnel created via SSH.
Best suited for Agent Interactive workflows Secure Tunnel SDKs Tight integration with apps and APIs for automated traffic management Kubernetes Operator Traffic management into and across Kubernetes environments SSH Reverse Tunnel Locked down environments or systems with limited resources where you can't run the agent
Agent
Lightweight CLI, run anywhere

A single binary with zero runtime dependencies, available for all major platforms, allowing you to operate with a simple, intuitive CLI.

It is packaged for distribution on the most popular package managers. You can run it as a system service so it starts when the machine boots up.

Explore Agent
Secure Tunnel SDKs
Open Source SDKs in Go, Python, Rust, and Javascript

Manage traffic to your apps and APIs programmatically by embedding ngrok with a single line of code. Just like the ngrok agent, SDKs securely forward requests to your upstream services.

Configure the connection directly within your application, allowing you to define precise, API-driven contracts that dictate how your applications interact with the delivery layer. Eliminate hidden dependencies between your app and its delivery infrastructure.

Explore Secure Tunnel SDKs
Kubernetes Operator
Just helm install, apply a manifest, and you're online.

Connect to services running in Kubernetes with the Kubernetes Operator, our open-source controller. It supports both Ingress CRDs as well as the new Gateway API.

You can also connect any service to your Kubernetes cluster in a secure, native fashion, making it appear local within your cluster.

The operator is built on top of our SDKs so it works in any Kubernetes cluster running anywhere including on a device at the edge, on your laptop, in EKS, GKE, OpenShift, K3s, or Minikube, in development and production environments.

Explore ngrok Kubernetes Operator
Try Secure Tunnels now
Try now

More Secure Tunnel capabilities

Custom Connect URLs
  • Customize the URL used by the agent to connect to the ngrok service for a more secure and branded experience.
  • Ideal for connecting to external networks, such as customers' networks or IoT devices in partner environments.
  • Request dedicated IP addresses for your connect URLs that are unique to your account.
Explore Custom Connect URLs
Agent API CLI
  • Explore and script the API using  ngrok api commands.
  • Built into the ngrok agent.
  • Automate ngrok workflows.
Explore Agent API CLI
SSH Reverse Tunnel Agent
  • Deliver services using ssh reverse tunneling (ssh -R).
  • No need to install or run an ngrok agent.
  • Ideal for connecting to devices with limited system resources.
  • Suitable for remote, locked-down environments where downloads or installs aren’t allowed, such as during triaging issues.
Explore SSH Reverse Tunnel Agent
Agent observability
  • Get visibility into whether agents are online or offline.
  • Track how long agents have been running.
  • Stop, restart, update all agents directly from the dashboard.
Secure Tunnel ACLs
  • Control tunnel access with ACLs to enforce corporate security and compliance policies.
  • Apply ACLs to authtokens to restrict tunnel creation based on specific security policies.
Explore Secure Tunnel ACLs
Remote Agent Management
  • Start, restart, or upgrade agents remotely using the dashboard or API.
  • Configure Agent SDKs to listen for remote requests and perform additional actions as needed.
Explore Remote Agent Management

Explore more features and capabilities

Universal Gateway
Simplify App & API Delivery with ngrok’s All-in-One Gateway.
Traffic Policy
Flexible traffic rules, simple configuration.
Kubernetes Operator
Ingress Controller, Gateway API, Cross-Cluster Connectivity, and more.
Traffic Observability
Gain full visibility into your traffic.
Platform Security
Trusted by over 7 million developers and leading enterprises.
Developer Platform
CLI, API, Dashboard, third-party extensions, and more
Getting Started
Pricing
Trust
Docs

Learn more about

Secure Tunnels

features

Blog
Introducing the ngrok JavaScript SDK
Blog
Introducing the ngrok Python SDK
GitHub
Go SDK
GitHub
Rust SDK
Blog
Goodbye tunnels, hello agent endpoints