Secure Tunnels
Unlike traditional proxies that require static IP addresses, ngrok enables your services to run anywhere—whether on your laptop, behind firewalls and NATs, within CI/CD environments, or on container platforms—without any need for complex networking configuration.
Just run a lightweight agent distributed as a standalone binary, open source SDK for your favorite programming languages, or a Kubernetes Operator to forward traffic from endpoints hosted on ngrok's global network to upstream services.
A single binary with zero runtime dependencies, available for all major platforms, allowing you to operate with a simple, intuitive CLI.
It runs on all platforms and operating systems and is packaged for distribution on the most popular package managers. You can run it as a system service so it starts when the machine boots up.
Manage traffic to your apps and APIs programmatically by embedding ngrok with a single line of code.
Configure the connection directly within your application, allowing you to define precise, API-driven contracts that dictate how your applications interact with the delivery layer. This eliminates hidden dependencies between your app and its delivery infrastructure. Just like the ngrok agent, SDKs securely forward requests to your upstream services. Our SDKs are open source and available in Go, Python, Rust, and JavaScript.
This example shows a JavaScript app with an endpoint URL example.ngrok.dev that sends traffic to port 8001. Rate limiting traffic policy that allows only 30 requests per minute is also configured.
Connect to services running in Kubernetes with the Kubernetes Operator, our official open-source controller.
It supports both Ingress CRDs as well as the new Gateway API. Just helm install the ngrok Kubernetes operator and you're online. You can also connect any service to your Kubernetes cluster in a secure, native fashion, making it appear local within your cluster. The operator is built on top of our SDKs so it works in any Kubernetes cluster running anywhere including on a device at the edge, on your laptop, in EKS, GKE, OpenShift, K3s, or Minikube, in development and production environments.
This example creates a domain example.ngrok.app that routes traffic to the Kubernetes service example-service running on port 80 using the Ingress Controller.
More Secure Tunnel capabilities
Customize the URL used by the agent to connect to the ngrok service for a more secure and branded experience. This is especially useful when connecting to external networks, such as customers’ networks or IoT devices in partner environments. You can also request dedicated IP addresses for your connect URLs that are unique to your account.
Explore and script the API using ngrok api commands built into the ngrok agent to automate ngrok workflows.
Use ssh reverse tunneling (ssh -R) to deliver services via ngrok without the need to install or run an ngrok agent. This is especially useful when connecting to devices with limited system resources or in remote, locked-down environments where downloads or installs aren’t allowed, such as when triaging issues.
Obtain visibility into whether your agents are online or offline, and track how long they’ve been running. You can also stop, restart, and update all your agents directly from your ngrok dashboard.
Control tunnel access with ACLs, enforcing corporate security and compliance policies. Apply ACLs to authtokens, restricting tunnel creation to those bound by specific security policies.
Agents can be stopped, restarted, or upgraded via our dashboard or API, allowing you to manage them remotely. Agent SDKs can be configured to listen for remote requests and perform additional actions as needed.
