1

I'm using a local server for django dev and ngrok tunnel for webhooks. I've seen other localtunnel services like serveo. Can these services see your source code? Are they forwarding your local files to the ngrok server or just handling requests on a public domain and then securely fetching from your local server?

I've read about how ngrok creates a proxy and handles requests, but I still don't understand what exactly tunneling involves

djangodev
  • 363
  • 5
  • 15

2 Answers2

4

It depends.

They certainly don't copy your django code and run it on their own server and they're not going to maliciously grab files off of your machine.

They just read from a network socket, but they do vary as to how encrypted they are or aren't.

Telebit

Telebit always uses end-to-end encryption via SSL, TLS, HTTPS, or Secure Web Socket (WSS)

  • TLS certs happen on the clients, not the relay
  • Works with SSH, OpenVPN, etc - but requires a ProxyCommand / secure client
    • (i.e. sclient, stunnel, or openssh s_client)
  • Can work with other, normally-unencrypted, TCP protocols (requires a secure client)

There is a poorly documented and deprecated feature for raw TCP, which can be seen, if used.

Serveo

serveo uses ssh port forwarding, which encrypts between the local server and the relay, but not the relay and the remote client

  • the origin traffic may be encrypted or unencrypted

ngrok

ngrok used to decrypt on their server, with an option to specify SSL certs manually they may have switched to full encryption since

A deeper dive

If you want to know more about their workings, you may (or may not) find this other answer I wrote informative and digestible: https://stackoverflow.com/a/52614266/151312

coolaj86
  • 74,004
  • 20
  • 105
  • 125
-1

I found vortex is good fit

Just download and run

https://www.vtxhub.com/

Rohit Parte
  • 3,365
  • 26
  • 26