ngrok 2.0

your favorite developer tool just got better

Improved reliability

All aspects of ngrok 2.0 have been redesigned for reliability at scale. This release of ngrok is built to be a solid component that can be used through your entire stack from development, to CI automation and into production systems. The server architecture has been completely redesigned to scale horizontally to gracefully handle increased loads. The design changes also include work done to tolerate arbitrary machine failure with minimal service disruption. Lastly, the ngrok client has also been re-engineered from the ground up to resolve errors in long-term process stability, memory consumption and failure recovery.

Improved performance

ngrok's underlying networking protocol has been redesigned to use a multiplexing layer inspired by SPDY and HTTP2 which can dramatically improve the performance of websites loaded through ngrok tunnels on high latency networks. These changes have greatly improved the performance of ngrok under workloads with many concurrent connections and lay the groundwork for other optimizations.


ngrok 2.0 is priced differently. But don't worry! There is still a generous free tier for developers that is nearly identical to the ngrok 1.0 free tier. Further information is available on the Product Page.

Share account access with many developers

ngrok now supports multiple developers sharing access to a single account, allowing them to share access to reserved domains and addresses.

TLS Tunnels docs

ngrok now supports tunneling TLS (SSL) traffic through to a local service without terminating the TLS encryption. This allows you to terminate TLS traffic with your own key and certificate which means the traffic will be end-to-end encrypted with keys that only you control. This means you can now tunnel traffic on a domain of your choice to a local server listening for HTTPS traffic. ngrok determines the appropriate destination tunnel by inspecting the SNI extension data of incoming TLS connections. These same TLS tunnels will also enable you to provide stable endpoints for personal-cloud services like arkOS with domain names which will match and validate CA-signed certificates.

TLS tunnels can be started easily from the command line.

ngrok tls 443

Wildcard Subdomain Support docs

Some applications require the flexibility of accepting requests made to arbitrary subdomains. Previously, testing these types of applications with ngrok was frustrating because it required knowing the names in advance and registering and running separate tunnels for each. Wildcard domains make this much easier by allowing you to bind a single hostname pattern and handle all requests that match it.

ngrok http -hostname=* 8080

Reserved TCP Addresses docs

ngrok has long supported the ability to reserve custom hostnames for an account to provide a stable endpoint that was guaranteed to your account. This stability is now available for TCP tunnels as well. When you reserve a TCP address on your dashboard, that host/port pair is assigned uniquely to your account. This would allow you to run a guaranteed port for SSH or RDP access and more.

Reserved TCP addresses can be specified in the configuration file or on the command line.

ngrok tcp 22

Host Header Rewriting docs

Many development environments like WAMP/MAMP or Rack install a custom localhost top-level domain and then use the full domain name to multiplex which development website to render. ngrok now provides the flexibility to target individual sites on these development environments via the host-header option which rewrites the Host header of tunneled requests. This greatly improves ngrok's usability by avoiding unnecessary changes to arcane configuration files.

ngrok http 80

ngrok client status page

The ngrok client has a new status page which shows status and configuration of all online tunnels and metrics on request. It's essentially a human readable view of all the metrics exposed by the API.

If you have an ngrok client running, just click the 'Status' link in the top navigation of the web interface.


ngrok client REST API docs

The ngrok client exposes a REST JSON API which allows tools to dynamically start and stop tunnels, and query for tunnel status, metrics, and introspected requests. This enables health checks of tunnel status and easy integration for 3rd party tools to build automation and tooling on top of ngrok.

curl http://localhost:4040/api/tunnels domain

All subdomain tunnels in ngrok 2.0 are now hosted on the domain for security reasons.

New command line interface

ngrok's command line interface has been reworked with an eye towards consistency and usability. Many options which once needed to be specified in the configuration file are now available on the command line.

ngrok http -auth=user:password -inspect=false 8080

ngrok tcp 22

ngrok start --all

New configuration file docs

ngrok's configuration file format has been redesigned to be simpler and expose more options. The configuration file for 2.0 is a simple YAML file read by default from $HOME/.ngrok2/ngrok.yml

authtoken: abc123
    proto: tcp
    addr: 22
    proto: http
    addr: ""
    auth: "user:password"
    subdomain: dash

Better quality request introspection and replay

Previous versions of ngrok manipulated some incoming requests before displaying their raw content and replaying them. Some headers were changed and chunked encoding could be combined. ngrok 2.0 replays and inspects requests exactly as they were on the wire.

Support for streaming requests and responses

Previous versions of ngrok could buffer HTTP request and response bodies until the entire the entire body was received. ngrok now streams the body data continually. This allows you to develop services that use streaming, chunked-encoding requests and responses.

Configurable logging

ngrok now supports configuring its logging level and log format.

ngrok http -log stdout -log-level debug -log-format json 8080

And much more!

  • Support for running over SOCKS5 proxies
  • Capture of request details when no local server is running
  • Support for clearing the request history
  • Local services listening only on ipv6 are appropriately tunneled
  • Multiple configurations files can be specified for overloading some options
  • Modernized web interface with React / Bootstrap3

Existing Service

The existing 1.0 service will be sunset on April 4th, 2016.

ngrok link

secure network tunnels for production workloads

ngrok link is a new product specifically designed for running ngrok in production. Specifically, it is intended for two major use cases:

  1. It is a lightweight VPN alternative that provides the automation and security necessary to establish targeted, secure links into customer environments.
  2. It enables IoT devices to expose control functionality to customers or administrators at stable, secured endpoints. Remote shell access for debugging and administration can be safely exposed in this manner as well.

ngrok link is tuned for running optimally as part of your infrastructure and exposes a number of additional security features to give fine grained access and authentication control. Most importantly, these features are exposed via APIs so that you can automate your entire workflow with ngrok.

Provision per-client authtoken credentials docs

ngrok link supports provisioning separate authtokens for every connected client, allowing you fine-grained access control and the ability to revoke credentials of clients if they are decomissioned or compromised.

IP whitelisting access to tunnel endpoints docs

ngrok link supports managing a whitelist of IP addresses that are allowed to access your tunnel endpoints to provide an additional layer of security on top of encryption and authentication.

Installation as a native operating system service docs

ngrok link provides a simple mechanism to install itself as a service on all major operating systems (Windows, OS X and Linux) with just a single simple command.

ngrok service install -config /path/to/ngrok.yml
ngrok service start REST API docs

The service now has a JSON REST API which can be queried for the URLs and client IPs of all tunnels online for your account. This enables building automation and dashboards of all devices that are currently online and connected. The REST API additionally exposes endpoints to manage account state, including the provisioning of reserved names and addresses and creation and revocation of client authtokens.

curl -H "Authorization: Bearer <TOKEN>"