© ngrok 2021
All aspects of ngrok 2.0 have been redesigned for reliability at scale. This release of ngrok is built to be a solid component that can be used through your entire stack from development, to CI automation and into production systems. The ngrok.com server architecture has been completely redesigned to scale horizontally to gracefully handle increased loads. The design changes also include work done to tolerate arbitrary machine failure with minimal service disruption. Lastly, the ngrok client has also been re-engineered from the ground up to resolve errors in long-term process stability, memory consumption and failure recovery.
ngrok's underlying networking protocol has been redesigned to use a multiplexing layer inspired by SPDY and HTTP2 which can dramatically improve the performance of websites loaded through ngrok tunnels on high latency networks. These changes have greatly improved the performance of ngrok under workloads with many concurrent connections and lay the groundwork for other optimizations.
ngrok 2.0 is priced differently. But don't worry! There is still a generous free tier for developers that is nearly identical to the ngrok 1.0 free tier. Further information is available on the Product Page.
ngrok now supports multiple developers sharing access to a single account, allowing them to share access to reserved domains and addresses.
ngrok now supports tunneling TLS (SSL) traffic through to a local service without terminating the TLS encryption. This allows you to terminate TLS traffic with your own key and certificate which means the traffic will be end-to-end encrypted with keys that only you control. This means you can now tunnel traffic on a domain of your choice to a local server listening for HTTPS traffic. ngrok determines the appropriate destination tunnel by inspecting the SNI extension data of incoming TLS connections. These same TLS tunnels will also enable you to provide stable endpoints for personal-cloud services like arkOS with domain names which will match and validate CA-signed certificates.
TLS tunnels can be started easily from the command line.
ngrok tls -hostname=app.example.com 443
Some applications require the flexibility of accepting requests made to arbitrary subdomains. Previously, testing these types of applications with ngrok was frustrating because it required knowing the names in advance and registering and running separate tunnels for each. Wildcard domains make this much easier by allowing you to bind a single hostname pattern and handle all requests that match it.
ngrok http -hostname=*.example.com 8080
ngrok has long supported the ability to reserve custom hostnames for an account to provide a stable endpoint that was guaranteed to your account. This stability is now available for TCP tunnels as well. When you reserve a TCP address on your dashboard, that host/port pair is assigned uniquely to your account. This would allow you to run a guaranteed port for SSH or RDP access and more.
Reserved TCP addresses can be specified in the configuration file or on the command line.
ngrok tcp --remote-addr=1.tcp.ngrok.io:20132 22
Many development environments like WAMP/MAMP or Rack install a custom localhost top-level domain and then use
the full domain name to multiplex which development website to render. ngrok now provides the flexibility to target
individual sites on these development environments via the host-header option which rewrites
the Host header of tunneled requests. This greatly improves ngrok's usability by avoiding unnecessary
changes to arcane configuration files.
ngrok http -host-header=site.dev 80
The ngrok client has a new status page which shows status and configuration of all online tunnels and metrics on request. It's essentially a human readable view of all the metrics exposed by the API.
If you have an ngrok client running, just click the 'Status' link in the top navigation of the web interface.
The ngrok client exposes a REST JSON API which allows tools to dynamically start and stop tunnels, and query for tunnel status, metrics, and introspected requests. This enables health checks of tunnel status and easy integration for 3rd party tools to build automation and tooling on top of ngrok.
curl http://localhost:4040/api/tunnels
All subdomain tunnels in ngrok 2.0 are now hosted on the ngrok.io domain for security reasons.
ngrok's command line interface has been reworked with an eye towards consistency and usability. Many options which once needed to be specified in the configuration file are now available on the command line.
ngrok http -auth=user:password -inspect=false 8080
ngrok tcp 22
ngrok start --all
ngrok's configuration file format has been redesigned to be simpler and expose more options.
The configuration file for 2.0 is a simple YAML file read by default from $HOME/.ngrok2/ngrok.yml
authtoken: abc123
tunnels:
ssh:
proto: tcp
addr: 22
dashboard:
proto: http
addr: "192.168.0.1:8080"
auth: "user:password"
subdomain: dashPrevious versions of ngrok manipulated some incoming requests before displaying their raw content and replaying them. Some headers were changed and chunked encoding could be combined. ngrok 2.0 replays and inspects requests exactly as they were on the wire.
Previous versions of ngrok could buffer HTTP request and response bodies until the entire the entire body was received. ngrok now streams the body data continually. This allows you to develop services that use streaming, chunked-encoding requests and responses.
ngrok now supports configuring its logging level and log format.
ngrok http -log stdout -log-level debug -log-format json 8080
The existing 1.0 service will be sunset on April 4th, 2016.
ngrok link is a new product specifically designed for running ngrok in production. Specifically, it is intended for two major use cases:
ngrok link is tuned for running optimally as part of your infrastructure and exposes a number of additional security features to give fine grained access and authentication control. Most importantly, these features are exposed via APIs so that you can automate your entire workflow with ngrok.
ngrok link supports provisioning separate authtokens for every connected client, allowing you fine-grained access control and the ability to revoke credentials of clients if they are decomissioned or compromised.
ngrok link supports managing a whitelist of IP addresses that are allowed to access your tunnel endpoints to provide an additional layer of security on top of encryption and authentication.
ngrok link provides a simple mechanism to install itself as a service on all major operating systems (Windows, OS X and Linux) with just a single simple command.
ngrok service install -config /path/to/ngrok.yml
ngrok service start
The ngrok.com service now has a JSON REST API which can be queried for the URLs and client IPs of all tunnels online for your account. This enables building automation and dashboards of all devices that are currently online and connected. The REST API additionally exposes endpoints to manage account state, including the provisioning of reserved names and addresses and creation and revocation of client authtokens.
curl https://api.ngrok.com/tunnels -H "Authorization: Bearer <TOKEN>"