56

Ngrok (https://ngrok.com/) is supposed to allow you to expose local ports and services to the world wide web through forwarding. But if I open port 80 on my local machine like this:

ngrok 80

and I get back:

Tunnel Status                 online
Version                       1.3/1.3
Forwarding                    http://3a4bfceb.ngrok.com -> 127.0.0.1:80
Forwarding                    https://3a4bfceb.ngrok.com -> 127.0.0.1:80
Web Interface                 http://127.0.0.1:4040
# Conn                        0
Avg Conn Time                 0.00ms

I understand that any requests to http://3a4bfceb.ngrok.com will go to my local machine on port 80 but what if I am sitting behind a NAT/Firewall that's blocking incoming traffic (a very common scenario). Does ngrok initiate polling requests to determine when data has been received?

asolberg
  • 6,638
  • 9
  • 33
  • 46
  • 5
    There's a chapter called "Network protcol and tunneling" in the [Developer's guide to ngrok](https://github.com/inconshreveable/ngrok/blob/master/docs/DEVELOPMENT.md) that explains how ngrok works. The key element is that the tunnel via which all incoming requests are actually transported over sockets that are initiated by the server, circumventing the problem you mention. – fvu Apr 30 '14 at 18:19
  • 4
    @fvu The ngrok client that is download and used is what initiates the tunnel, not the server. – Ralph Caraveo Apr 30 '14 at 21:02
  • @RalphCaraveo I could indeed have formulated that better, I was looking at the complete trajectory, and the ngrok client program runs on the server machine... – fvu May 01 '14 at 01:12

2 Answers2

136

Because an ngrok tunnel is always initiated on the client-side first, this is how it can negotiate a secure channel with the server. It's a really slick solution to getting around conventional firewall configurations.

This is internally accomplished by the client opening up a single long-lived tcp connection where many logical sockets are created within one physical socket connection. This technique is called stream multiplexing. With this setup in place there is no need for any kind of polling because the client and server still have fully bi-directional communication in place.

The client and server then stay alive with a heartbeat mechanism that makes sure the connection is open and working appropriately and will even reconnect upon error or a lost/closed connection.

See this for more information: Developer Guide on github.com

Ralph Caraveo
  • 10,025
  • 7
  • 40
  • 52
0

You can create basic http-https-tcp tunnel without authtoken. For custom subdomains and more you should obtain authtoken by signing up at ngrok.com. Once you set it, it's stored in ngrok config and used for all tunnels. Few ways:

await ngrok.authtoken(token); await ngrok.connect({authtoken: token, ...});

Rosa Mel cacho
  • 1