ngrok Agent Command Line Interface (CLI) - ngrok documentation

The ngrok agent CLI offers built-in commands for interfacing with the ngrok API. These API commands have been separated into the ngrok agent CLI API page for convenience. For more information about the ngrok API and interfacing with it directly, see the ngrok api page.

ngrok

ngrok puts network services, apps and APIs online. ngrok exposes local networked services behinds NATs and firewalls to the public internet over a secure tunnel. Share local websites, build/test webhook consumers and self-host personal services. Detailed help for each command is available by adding ‘—help’ to any command or with the ‘ngrok help’ command. Open https://dashboard.ngrok.com/obs/traffic-inspector to inspect traffic through your endpoints.

Usage

ngrok [command] [flags]

Example

# forward http traffic from assigned public URL to local port 80
ngrok http 80

# choose a URL instead of random assignment
ngrok http 8080 --url https://baz.ngrok.dev

# manipulate traffic to your endpoint with a traffic policy file
ngrok http 8080 --url https://baz.ngrok.dev --traffic-policy-file tp.yml

# forward to another address on the network instead of a local port
ngrok http foo.local:3000

# forward to a local https server
ngrok http https://localhost:8443

# forward TCP traffic (e.g. ssh) with an assigned public address
ngrok tcp 22

# load balance (in two terminals)
ngrok http 80 --url https://api.example.com --pooling-enabled
ngrok http 80 --url https://api.example.com --pooling-enabled

# privately connect a service to the ngrok cloud.
# then forward traffic from other endpoints in your account to it
ngrok http 80 --url https://svc.internal
ngrok tcp 5432 --url tcp://postgres.internal:5432

# make your endpoint url addressable only from k8s clusters
# where you've installed the ngrok k8s operator
ngrok http 80 --url https://example.namespace --binding kubernetes

# start multiple endpoints defined in the config file
ngrok start foo bar baz

SubCommands

Flags

ngrok completion

The ngrok completion command generates shell tab completion code for Bash or Zsh. This requires bash-completion or zsh-completions packages to be enabled in your shell. You can add it to your current session with the command

. <(ngrok completion)

To enable them each time you start a new session, add the following to your .bashrc or .zshrc files:

if command -v ngrok &>/dev/null; then
eval "$(ngrok completion)"
fi

Once you add this to your profile, you’ll need to source ~/.bashrc or source ~/.zshrc to enable it for your current session.

Usage

ngrok completion [flags]

Example

Flags

ngrok config

The config command gives a quick way to create or update ngrok’s configuration file. Use ‘add-authtoken’ or ‘add-api-key’ to set the corresponding properties. Use ‘check’ to test a configuration file for validity. If you have an old configuration file, you can also use ‘upgrade’ to automatically migrate to the latest version.

SubCommands

Flags

ngrok config add-api-key

The add-api-key command modifies your configuration file to include the specified api key. The API key can be generated in the API section of the ngrok dashboard.

Usage

ngrok config add-api-key TOKEN [flags]

Example

ngrok config add-api-key 1roPsn7AascHeO18mHcxRD3xT76_3ww7C9CDLYNgcdSYsscCB

Flags

ngrok config add-authtoken

The add-authtoken command modifies your configuration file to include the specified authtoken. ngrok requires that you sign up for an account to use many advanced service features. In order to associate your client with an account, it must pass a secret token to ngrok when it starts up. Instead of passing this authtoken on every invocation, you may use this command to save it into your configuration file so that your client always authenticates you properly. Additionally, this command saves the default config version, providing a working config file out of the box. You can find your authtoken in the getting started section of the ngrok dashboard. The ngrok service requires that you sign up for an account to connect with an agent. Some advanced service features require a paid account. In order to associate your agent with an account, it must pass a secret token to the ngrok service when it starts up. Instead of passing this authtoken on every invocation, you may use this command to save it into your configuration file so that your agent always authenticates you properly.

Usage

ngrok config add-authtoken TOKEN [flags]

Example

ngrok config add-authtoken 1rlHSX3HqrqmOWZdeJ6bIv8rfuo_4cmS1QswRGyxcQD8NOukF

Flags

ngrok config add-connect-url

The add-connect-url command modifies your configuration file to include the specified connect URL (connect_url) used for custom agent ingress.

Usage

ngrok config add-connect-url agent.example.com:443 [flags]

Example

ngrok config add-connect-url agent.example.com:443

Flags

ngrok config add-server-addr

The ngrok config add-server-addr command updates the server address (server_addr) in the configuration file. This is useful when your account is using Custom Agent Ingress and you need to configure the server_addr to point to your new ingress domain. See Also: server_addr Custom Agent Ingress

Usage

ngrok config add-server-addr agent.example.com:443 [flags]

Example

ngrok config add-server-addr agent.example.com:443

Flags

ngrok config check

Checks a configuration file for validity/correctness.

Usage

ngrok config check [flags]

Flags

ngrok config edit

Opens the configuration file in an editor defined by the EDITOR environment variable, defaulting to nano or Notepad depending on OS.

Usage

ngrok config edit [flags]

Flags

ngrok config upgrade

Upgrade a configuration file to a version. A backup file will be created with your original configuration file in the same directory. You can optionally pass a version to upgrade to. If the configuration file version is missing, the upgrade command will add it. It also applies all automatic transformations when upgrading versions. Attempting to downgrade will result in an error. By default this command will apply the transformations and display the final file. Use —dry-run to preview changes before applying. By default this command will not move any configuration files to their new default location. Use —relocate to move the config file to the default location.

Usage

ngrok config upgrade [version] [flags]

Flags

ngrok credits

Displays program credits and license information.

Usage

ngrok credits [flags]

Flags

ngrok diagnose

Run tests to diagnose issues establishing connectivity to the ngrok cloud service. Exits 0 if connectivity is OK, otherwise 1. OPTIONS: —config strings path to config files; they are merged if multiple -h, —help help for diagnose -6, —ipv6 Enable testing of IPV6 addresses -r, —region string ngrok server region [auto, us, eu, au, ap, sa, jp, in, us-cal-1, eu-lon-1, all] -w, —write-report string Write a JSON report

Usage

ngrok diagnose [flags]

Flags

ngrok http

Forward HTTP traffic from an ngrok endpoint URL to a local port, address or URL. The ngrok agent creates secure TLS connections to the ngrok cloud gateway over which it creates an endpoint with a URL and forwards traffic received on that URL over the TLS connections to the agent and then on to your local service. Specify a Traffic Policy to configure the ngrok cloud service to apply auth, routing, security or other handling of the incoming HTTP traffic. If you are not forwarding traffic to an http(s) server, use ngrok tcp or ngrok tls instead.

Usage

ngrok http [address:port | port] [flags]

Example

# forward traffic from a randomly assigned URL to port 8080
ngrok http 8080

# forward to another host on the network with a host:port address
ngrok http servername.local:9000

# forward to an https server
ngrok http https://localhost:8443

# choose your endpoint URL instead of it being assigned
ngrok http 8080 --url htps://bar.ngrok.dev 80

# choose an endpoint URL on your own domain (requires a DNS CNAME)
ngrok http 3000 --url https://api.example.com

# add Traffic Policy config for auth, security, routing + more
ngrok http 80 --url https://example.ngrok.app --traffic-policy-file tp.yml

# load balance between endpoints (run in two terminals)
ngrok http 8081 --url https://your-api.ngrok.app --pooling-enabled
ngrok http 8080 --url https://your-api.ngrok.app --pooling-enabled

# forward to a file URL to serve files from a directory
ngrok http file:///var/log

Flags

ngrok service

The service command manages installation and execution of ngrok as an operating system service on Windows, OS X and Linux systems. The service command takes a single argument which must be ‘start’, ‘stop’, ‘restart’, ‘install’, or ‘uninstall’. When you choose ‘install’, you must specify the config flag which will define where the installed ngrok service looks for its configuration file. When the ngrok service runs, it has the same behavior as if it were invoked from the command line with the command: “ngrok start —all”. For more information about running ngrok as a service, check out the ngrok service section in the secure tunnels documentation

Usage

ngrok service [flags]

Example

ngrok service install --config=C:\ngrok.yml
ngrok service start
ngrok service stop

Flags

ngrok start

start - start endpoints by name from the configuration file

Usage

ngrok start [flags]

Example

ngrok start dev        # start tunnel named 'dev' in the configuration file
ngrok start web blog   # start tunnels named 'web' and 'blog'
ngrok start --all      # start all tunnels defined in the config file

Flags

ngrok tcp

Starts a tunnel which forwards all TCP traffic on a public port to a local address. This is extremely useful for exposing services that run non-HTTP traffic (ssh, sip, rdp, game servers, etc). A TCP tunnel binds a public address on the remote ngrok server. Any services which require a stable public address should use the —url option. ngrok requires that you reserve a TCP tunnel address for your account before you can use it.

Usage

ngrok tcp [address:port | port] [flags]

Example

# forward a port to your local ssh server
ngrok tcp 22

# expose an RDP server on a specific public address that you reserved
ngrok tcp --url=1.tcp.ngrok.io:27210 3389

Flags

ngrok tls

tls - create a TLS endpoint and forward traffic from it to a local server Starts a tunnel listening for TLS traffic on port 443 with a specific hostname. The TLS SNI (Server Name Indication) extension field in the TLS connection is inspected to determine which tunnel it matches. The ngrok server does not terminate TLS connections forwarded with this command. Any underlying protocol may be used. You may optionally specify a TLS key/cert pair which will be used to terminate the traffic client-side before it is forwarded. If not specified, the traffic will be forwarded still encrypted. Using this command is only recommended with the —url option. Other uses will work, but will always result in certificate mismatch warnings.

Usage

ngrok tls [address:port | port] [flags]

Example

# forward TLS traffic for example.com to port 443 (requires CNAME)
ngrok tls --url=example.com 443

# forward TLS traffic on subdomain (mismatch certificate warning)
ngrok tls 1234

# terminate TLS traffic for t.co before forwarding
ngrok tls --url=t.co --crt=/path/to/t.co.crt --key=/path/to/t.co.key 443

Flags

ngrok update

This command checks the ngrok cloud service for a newer version of the ngrok agent. If a newer version is available, it will download it and replace the ngrok binary with the new version after cryptographically verifying the update is signed by ngrok. In order to update successfully, the ngrok binary must be in a directory that is writable by your current user. If you placed ngrok in a system path, you may need to run this with root or Administrator privileges. Do not run this command if you installed ngrok with a package manager (i.e. homebrew, chocolatey, apt, snap, etc). Instead, update ngrok by using your package manager’s update command.

Usage

ngrok update [flags]

Example

ngrok update                     # update ngrok to the latest stable version
ngrok update --channel=beta      # update ngrok to the latest beta version

Flags

ngrok version

print the version string

Usage

ngrok version [flags]

Flags