Based on the page it looks like you can install Cloudflare's CLI and then run `cloudflared tunnel --url http://localhost:3000`, and you'll get back a URL to visit such as https://seasonal-deck-organisms-sf.trycloudflare.com. Looks like it supports being able to associate it with a custom domain too so you can have repeatable URLs.
Not quite the same thing. Setting up a Tailscale network and installing/running the VPN client on your laptop takes an order of magnitude more work and system access than just running a script to open a local HTTP port (which is how ngrok, pgrok, Cloudflare Tunnels etc operate). The use cases are very different.
running tailscaled agent in proxy mode requires significantly less "installation" than installing the full tailscale "VPN" experience.
sure, it could be streamlined even more (currently it requires that you run "tailscaled -tun userspace-networking", possibly with a custom unix domain socket path, and then also run "tailscale up" to activate it)
it's only free for websites. if you are primarily an API, you have to pay (or wait for them to terminate your account) and it is EXPENSIVE.
the free tier also has subpar networking in many parts of the world. make sure you don't care about those markets.
edit: here are the terms of use:
2.8 Limitation on Serving Non-HTML Content
The Services are offered primarily as a platform to cache and serve web pages and websites. Unless explicitly included as part of a Paid Service purchased by you, you agree to use the Services solely for the purpose of (i) serving web pages as viewed through a web browser or other functionally equivalent applications, including rendering Hypertext Markup Language (HTML) or other functional equivalents, and (ii) serving web APIs subject to the restrictions set forth in this Section 2.8. Use of the Services for serving video or a disproportionate percentage of pictures, audio files, or other non-HTML content is prohibited, unless purchased separately as part of a Paid Service or expressly allowed under our Supplemental Terms for a specific Service. If we determine you have breached this Section 2.8, we may immediately suspend or restrict your use of the Services, or limit End User access to certain of your resources through the Services.
I can't find any information about the API/website pricing differences on Cloudflare's website, but I'd like to know more - do you have a link or know where I should look?
I guess the biggest (and only?) drawback is that it (presumably) requires a Cloudflare account to use. So if you're living in Iran, Syria, Lebanon (and some more) you're out of luck as you cannot have an account with Cloudflare then.
It doesn't appear to require an account. I just gave it a try, installed the deb, typed that one line command and it just worked. No idea if it would work in those countries though, I only tried it in a US location.
> This is intended for small teams that need to expose the local development environment to the public internet
As someone who has to manage enterprise firewalls, this is a nightmare from a security perspective. I’m more than happy to host some project in a DMZ. I have already had some devs skirt our security policies with ngrok rather than simply talk to us about their needs. I can’t say I’m a fan of punching permanent holes into a firewall like this.
I understand your perspective, it's absolutely right to insist on security in a corporate environment. I have also seen the other side as a developer and saw it happen a number of times. Understanding why it seems tempting to developers is probably the best way to fully get rid of it (although you might be doing so already, probably no way to fully get rid of the problem). The reasons I've seen usually were:
- Undocumented or unknown processes. Many enterprises have a discoverability problem regarding almost all information, and as somebody that frequently required some special support for my work, it often took shockingly long to find a person who knew how to find the information in the respective intranet. It's important that not only are the services available, they also must be discoverable and known.
- Complicated processes. A portion of developers that require these services are using them for the first time, or have used them without fully understanding and considering the implications. If the process for requesting support is too complicated (e.g. requiring a form where you either require very detailed information without assistance on how to find it, or - the worst case - a form with fields where the people responsible say "oh, just fill it with random stuff to keep going") it will make some people choose the less secure way to get going with work.
- Long processes. If a developer wants to use such a service and it takes weeks to months to receive support (e.g. overload of tickets, or the only person responsible is on vacation) it sometimes leaves little to no choice.
But again, definitely not advocating for circumventing security!
Yeah I get it, but everyone needs to be responsible for security as well. Look what happened with Lastpass. I can totally see someone doing something silly like exposing a device with default creds like a MySQL db on a production box, then forgetting about it and getting a new job a year later.
I do block proxies like this, but it’s hard to block every little thing.
I remember when I believed in bastions and DMZ. Many companies have given up on this due to the fact that it can only be enforced by policy and not by tech
Ngrok is just one company tho, there are thousands of ways. Wireguard or nebula can be selfhosted and another server with an actual port open will forward traffic. People can use SSH's reverse port forwarding too.
Or you can use cloudflared or another one of ngrok's competitors.
I think it’s a bit naive to believe that would stop someone from using this. Some new employee literally tried to install a CD crack on a work computer for some game just the other day.
We’ve used https://github.com/antoniomika/sish quite successfully. It‘s very easy to setup with docker compose and even supports letsencrypt wildcard certificates.
Thanks for posting! I’d suggest this to anyone that wants a stateless setup method which uses standard SSH key/password auth. sish also has support for internal tunnels (hidden from the world and accessible with local/remote SSH forwards), SNI tunnels (zero trust TLS tunnels), TCP, and of course HTTP(S)/WS. Also does request inspection ala actual ngrok :)
Disclaimer: I’m the author and have done tunneling for years
Proxies HTTP requests from a temporary server with a public domain record to a localhost server. Useful for some development environments, and also if you don't feel like dealing with networking in docker. At one company I worked at, we ran everything through vagrant and running ngrok was easier than a junior java engineer learning anything about networking.
Why do projects that are meant to be lightweight use Postgres instead of SQLite? The latter is much easier to deploy (you, well, just don't need to), and does 99% of what anyone needs, and definitely 100% of what small projects need.
If what you need can suffice with SQLite, then Postgres will work too.
If you're running an app on a VM, running Postgres on it too is easy and isn't "big". It's easy to install and set up, and you're set up for all the features you may want later. Plus you avoid having to refactor for a different database later on.
If you're running your app in a serverless context, or on a PaaS/SaaS, etc, then SQLite might be easier. But maybe you want horizontal scalability with a shared dataset and then you're back at Postgres.
Just picking one thing "because everybody does" or "because it's lightweight" or "it works in most cases" etc aren't good reasons to pick technology. Look at your actual application, make a list of pros and cons, and choose based on your situation, not the cargo cult answer from the HN hive mind.
I use Postgres in my personal projects because I have a server (with backups etc.) running anyway. Since this project also has OIDC authentication, I imagine the target audience may already be running a PG server?
Cargo culting. If you never used SQLite, anytime you need a database you use whatever you've used before without shopping around or considering if what you're about to use is right.
Hang on a second- this project looks to be assuming that the db will be remote and over the internet. Even the SQLite official document recommends people to use PostresSQL in that scenario [0]:
>Generally, if your data is separated from the application by a network, you want to use a client/server database. This is due to the fact that the database engine acts as a bandwidth-reducing filter on the database traffic ... Use a client/server database engine. PostgreSQL is an excellent choice.
No, the project has two parts. One server and one client. The client obviously runs on a different host than the server, but nothing in the architecture says that the server and the db has to run on different hosts.
You can also see that the pgrokd.yml config example is connecting to the database via localhost, so running on the same machine as "pgrokd" (the server part of pgrok).
My mistake it looks as though the desiderata was single client/server db backend in the first place, and remote db was just an added bonus of that - https://github.com/pgrok/pgrok/pull/11
If you want a similar project which 'just works' then consider using zrok. Its fully opensource which you can self-host or use the free hosted version - https://zrok.io/
Yeah, in better news though, it seems to be using gorm which has different drivers available (https://gorm.io/docs/connecting_to_the_database.html), SQLite being one of them. So unless they are doing something postgres specific, should be relatively easy to switch it out.
I don’t see a usecase where a non dev should expose some local resource to the internet.
These people don’t run local webservers, nor know how they work.
ngrok is a developer tool. I don’t see why marketing a dev tool to non devs is a good idea, maybe somebody can explain?
What makes this seem like a non-developer tool? You need a server you control, you need to mess with YAML files, "configure Caddy" is one step that's assumed to be easy, etc.
Why?
Stable subdomains and SSO are two things too expensive.
Why not just pick one from the Awesome Tunneling? Think broader. Not everyone is a dev who knows about server operations. For people working as community managers, sales, and PMs, booting up something locally could already be a stretch and requiring them to understand how to set up and fix server problems is a waste of team's productivity.
> Not everyone is a dev who knows about server operations. For people working as community managers, sales, and PMs, booting up something locally could already be a stretch and requiring them to understand how to set up and fix server problems is a waste of team's productivity.
Oh, I read that as "you can send the links to community managers, sales, and PMs rather than making them run the app locally," since that's like, the main usecase.
I've heard of people wanting remote access to things like Plex or security cameras hosted in their basement. Usually via VPN, but I could see someone using this kind of thing.
By the sounds of it Ngroks pricing is out of control. They used to allow commerical use for individual developer subscriptions, why not now?
I recently launched Tunnelmole, an open source alternative. You can just run the client and then you don't need to worry about NAT/CG-NAT, port forwarding or running your own server unless you want to self host, which is possible because the service layer is also open source.
Since I don't need a lot of HTTPS development servers, but the few that I do need, need to have a fixed domain name, I simply configured nginx on one of our servers (not the production server, of course) to proxy to a localhost port and then do a SSH tunnel to that server and port from my development PC. Good enough for what I do. Though I should look into auto-ssh some day, because the SSH tunnel keeps dyeing.
Also check out https://docs.border0.com/docs. Super easy to get going, and supports HTTP(s), SSH and Database protocols such as mysql and postgres.
Ideal for private resources, as it has a nice policy to control who should have access to what, when and where. Finally you can use Google and Github for authentication.
I'm on mobile so it's hard browse the repo, but it looks like the initial commit was 4 days ago. So I think this would be a different project with the same name.
For one, this seems to integrate with OIDC setups, which makes it easier to use it with existing company credentials (rather than manage accounts for every tool you use).
The naming conflict is unfortunate. At least the old repository is archived, but it'd still be better if this tool could be renamed IMO, especially since it's so new.
I love seeing alternatives but one thing I really appreciate about ngrok is the web UI. The log of incoming requests, headers and payloads, is very helpful during development. Do any of these alternatives offer something similar? Or is there an additional tool that can be leveraged?
if you're already running nginx on a server somewhere, you can set up a subdomain to tunnel to localhost with no software to install. just a tiny bit of config. use just ssh on the client.
i only use it to test callbacks but it can be shared too
Based on the page it looks like you can install Cloudflare's CLI and then run `cloudflared tunnel --url http://localhost:3000`, and you'll get back a URL to visit such as https://seasonal-deck-organisms-sf.trycloudflare.com. Looks like it supports being able to associate it with a custom domain too so you can have repeatable URLs.