Universal Gateway
An all-in-one reverse proxy, API gateway, Kubernetes ingress, DDoS protection solution, and global load balancer to deliver your apps and APIs. Offload your non-functional requirements - performance, observability, security, and resiliency - to our gateway. Reduce the complexity of application and API delivery by unifying multiple point tools, accelerating time to market, and boosting operational agility.
Instantly deliver web apps, APIs, websockets, and test webhooks, with support for HTTP/2 and even advanced techniques like HTTP long polling.
Set up Traffic Policies to rewrite URLs, add rate-limiting or return custom responses using CEL and JSON or YAML-based idiomatic rules to secure and manage traffic to your services.
Use ngrok for remote access with protocols like SSH, VNC, and RDP, connect to IoT devices via MQTT, and access databases or gaming services like Minecraft—all running on TCP—without exposing your ports or services.
Protect your endpoints with IP restrictions that allow or deny traffic based on the source IP of connections.
Use ngrok for remote access with protocols like SSH, VNC, and RDP, connect to IoT devices via MQTT, and access databases or gaming services like Minecraft—all running on TCP—without exposing your ports or services.
Secure your apps with mutual TLS authentication when terminating TLS connections with a configured set of certificate authorities. TLS endpoints use the Server Name Information (SNI) data to route connections to the appropriate endpoint. TLS endpoints make no assumptions about the wrapped protocol, such as Postgres, Kafka or SMTPS, being transported.
Persistent and always online, Cloud Endpoints give you unified control over traffic configuration, ensuring consistent security and traffic flow to your services. You can create a Cloud Endpoint directly from the dashboard or with the ngrok API.
Endpoints
At ngrok, everything starts with an Endpoint. It’s the gateway for your HTTP/S, TLS, or TCP-based apps, fully configurable with traffic policies you control—no need to open ports on your firewall. And with just one command or line of code, you can bring them online securely.
- Create it from the Dashboard or API
- Centralize traffic policy for consistent security and traffic flow
- Eg: Enforce authentication with OAuth or SAML across all your endpoints
- Persistent and always online
- Start an endpoint using a lightweight CLI or SDK
- Forwards traffic to your upstream services
- Set it up behind firewalls, on IoT devices and on dev laptops
- Runs on all major operating systems
- Ephemeral - Only online while the agent is running
- Use a custom domain that you own to create endpoints.
- ngrok hosts your endpoint and manages the entire TLS certificate lifecycle for you.
- Set up a custom wildcard domain and receive traffic on any subdomain such as
.sitea.{YOUR_DOMAIN}.
Bindings
Binding configuration equips you to specify where your endpoints will be accessible - public-facing or internal to ngrok. This flexibility allows you to customize access to meet your traffic orchestration and security needs.
- Enables external access to the endpoint
- Orchestrate traffic based on headers, paths, domains or other parameters with public-facing endpoints,
forward-internalaction, and internal endpoints - Allows Ops teams to enforce traffic policies at the entry point - endpoints with
publicbinding - ensuring control over incoming traffic
- Secure, non-public connectivity
- Restrict access to other ngrok endpoints only
- Orchestrate traffic based on headers, paths, domains or other parameters with public-facing endpoints,
forward-internalaction, and internal endpoints - Supports developer self service - developers could build functionality on endpoints with
internalbinding before making them public
More Universal Gateway capabilities
- Zero configuration
- Global network of Points of Presence (PoPs)
- High Performance: Client traffic routed to the PoP with lowest latency
- High Availability: Client traffic is automatically redirected to an operational PoP during outages.
- Continuously detects and blocks DDoS threats
- Real-time traffic analysis
- Intelligent threat mitigation
- Manage tens of thousands of endpoints
- Support thousands of services or devices, each with its own dedicated endpoint.
- Scales seamlessly to handle even the most demanding traffic needs.
- Just download the agent, point your DNS to ngrok, and you're ready to go.
- No need to rip and replace existing application delivery infrastructure.
- Supports IPv4 and IPv6
- Automatically provisions and renews TLS certificates or you can bring your own
