Skip to content

Instantly share code, notes, and snippets.

@bobbae

bobbae/ngrok_tunnel_two_commands.md

Created January 27, 2024 02:36
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save bobbae/fe969b0314aabca1ea9327e6ee0b85d5 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save bobbae/fe969b0314aabca1ea9327e6ee0b85d5 to your computer and use it in GitHub Desktop.
Download ZIP
Two command solution to achieve ngrok like exposure of local http server to internet
Raw
ngrok_tunnel_two_commands.md

If you have a web service on your laptop that you want to expose to the internet but you are located behind a firewall, you can use the following two commands to overcome the limitations.

This is not exactly equivalent but similar to ngrok.

https://ngrok.com/

You need a machine on Internet that has publicly accessible IP address. You can use a Google Cloud free tier virtual machine.

https://cloud.google.com/free/docs/free-cloud-features#compute

Enable port 443 for https access on the virtual machine. Write down your virtual machine external IP address.
We will refer to it as A.A.A.A

In reality A.A.A.A would be something like 123.45.67.89

Install caddy on the virtual machine. https://caddyserver.com/docs/install

SSH into the virtual machine and run step 1.

caddy reverse-proxy --from A.A.A.A.sslip.io -to localhost:BBBB

BBBB would a port number, like 9999 or 8888. You can use any number above 1000 that is not being used. This is the port where you will be running a remote ssh tunnel port on the virtual machine.

Appending sslip.io to the IP address like A.A.A.A (for example, 123.45.67.89.sslip.io) allows you to use an IP address as a domain address. sslip.io resolves IP address to itself.

https://sslip.io/

Now, to expose your local web server running on a laptop for example.

Step 2:

ssh -f -N -t -R BBBB:localhost:CCCC A.A.A.A.sslip.io

BBBB is the port you used with the caddy command in step 1. That is the port on remote machine, the virtual machine in the cloud, that will be forwarded to the local machine port CCCC.

When a user who is located somewhere in Internet uses a browser to connect to https://A.A.A.A.slip.io, the caddy server will obtain TLS certificate from LetsEncrypt automatically and terminate TLS and forward the request to port BBBB on the virtual machine, which will be tunnelled to the port CCCC on the laptop via reverse ssh tunnel.

All of this is done securely. Even if your local web service is not using TLS, the ssh is secure, and caddy will terminate TLS, effectively making your local server https server. This allows you to expose your local http server to the internet with minimum fuss.

@bobbae Comment

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment