HackerTrans
TopNewTrendsCommentsPastAskShowJobs

Pgrok – Poor Man’s Ngrok(github.com)

251 points·by joe2010xtmf·3 yıl önce·76 comments
github.com
Pgrok – Poor Man’s Ngrok

https://github.com/pgrok/pgrok

82 comments

nickjj·3 yıl önce
Has anyone tried this for a free ngrok alternative that works with HTTPS, doesn't require setting up a server and has no rate limit within reason? https://developers.cloudflare.com/pages/how-to/preview-with-...

Based on the page it looks like you can install Cloudflare's CLI and then run `cloudflared tunnel --url http://localhost:3000`, and you'll get back a URL to visit such as https://seasonal-deck-organisms-sf.trycloudflare.com. Looks like it supports being able to associate it with a custom domain too so you can have repeatable URLs.
ithkuil·3 yıl önce
https://tailscale.com/blog/introducing-tailscale-funnel/ is free for personal use
PLG88·3 yıl önce
So is zrok - https://zrok.io/. Also fully open source, can self-host and has an option for 'private share'.
paxys·3 yıl önce
Not quite the same thing. Setting up a Tailscale network and installing/running the VPN client on your laptop takes an order of magnitude more work and system access than just running a script to open a local HTTP port (which is how ngrok, pgrok, Cloudflare Tunnels etc operate). The use cases are very different.
ithkuil·3 yıl önce
running tailscaled agent in proxy mode requires significantly less "installation" than installing the full tailscale "VPN" experience.

sure, it could be streamlined even more (currently it requires that you run "tailscaled -tun userspace-networking", possibly with a custom unix domain socket path, and then also run "tailscale up" to activate it)
[deleted]·3 yıl önce
return_to_monke·3 yıl önce
also, for a lot of use cases (eg accessing your home-hosted stuff, on the go) simply tailscale, even without funnel, is fine
Eun·3 yıl önce
funnel is still in alpha stage, you have to join the waitlist to be added to the testers, could take a long time…
ithkuil·3 yıl önce
There is an invite code on a public tweet by bradfitz:

https://twitter.com/bradfitz/status/1593767530082226176
SamEdosa·3 yıl önce
I recently changed over to cloudflare from ngrok. I followed this guide https://vitobotta.com/2022/02/27/free-ngrok-alternative-with...
jeroenhd·3 yıl önce
I've personally used TOR as a quick and dirty way to expose a service through NATs.

Doesn't do HTTPS, but the protocol has a security layer built in already.

I'm sure using this in a corporate environment will get you some strange looks from your sysadmin, but for my personal setup it works quite well.
wahnfrieden·3 yıl önce
it's only free for websites. if you are primarily an API, you have to pay (or wait for them to terminate your account) and it is EXPENSIVE.

the free tier also has subpar networking in many parts of the world. make sure you don't care about those markets.

edit: here are the terms of use:

2.8 Limitation on Serving Non-HTML Content

The Services are offered primarily as a platform to cache and serve web pages and websites. Unless explicitly included as part of a Paid Service purchased by you, you agree to use the Services solely for the purpose of (i) serving web pages as viewed through a web browser or other functionally equivalent applications, including rendering Hypertext Markup Language (HTML) or other functional equivalents, and (ii) serving web APIs subject to the restrictions set forth in this Section 2.8. Use of the Services for serving video or a disproportionate percentage of pictures, audio files, or other non-HTML content is prohibited, unless purchased separately as part of a Paid Service or expressly allowed under our Supplemental Terms for a specific Service. If we determine you have breached this Section 2.8, we may immediately suspend or restrict your use of the Services, or limit End User access to certain of your resources through the Services.
FragenAntworten·3 yıl önce
I can't find any information about the API/website pricing differences on Cloudflare's website, but I'd like to know more - do you have a link or know where I should look?
wahnfrieden·3 yıl önce
see edit
minouye·3 yıl önce
Yes, here’s a nice description of how to setup:

https://twitter.com/wesbos/status/1634310926219333642
Hawxy·3 yıl önce
Yep! We use this to test our webhook integrations locally. Works great.
schemescape·3 yıl önce
Last time I checked, if you want to use a custom domain, your domain needed to be managed by Cloudflare.
capableweb·3 yıl önce
I guess the biggest (and only?) drawback is that it (presumably) requires a Cloudflare account to use. So if you're living in Iran, Syria, Lebanon (and some more) you're out of luck as you cannot have an account with Cloudflare then.

Otherwise it looks like a nice offering for sure.
radec·3 yıl önce
It doesn't appear to require an account. I just gave it a try, installed the deb, typed that one line command and it just worked. No idea if it would work in those countries though, I only tried it in a US location.
orf·3 yıl önce
Yes, I use this a lot and it’s fantastic. Works pretty flawlessly, is fast and super simple to set up.
Felminor·3 yıl önce
Yeah configureed it yesterday.

Would have suggested it as an alternative if you wouldn't asked for it
hummus_bae·3 yıl önce
Bluecobra·3 yıl önce
> This is intended for small teams that need to expose the local development environment to the public internet

As someone who has to manage enterprise firewalls, this is a nightmare from a security perspective. I’m more than happy to host some project in a DMZ. I have already had some devs skirt our security policies with ngrok rather than simply talk to us about their needs. I can’t say I’m a fan of punching permanent holes into a firewall like this.
Timon3·3 yıl önce
I understand your perspective, it's absolutely right to insist on security in a corporate environment. I have also seen the other side as a developer and saw it happen a number of times. Understanding why it seems tempting to developers is probably the best way to fully get rid of it (although you might be doing so already, probably no way to fully get rid of the problem). The reasons I've seen usually were:

- Undocumented or unknown processes. Many enterprises have a discoverability problem regarding almost all information, and as somebody that frequently required some special support for my work, it often took shockingly long to find a person who knew how to find the information in the respective intranet. It's important that not only are the services available, they also must be discoverable and known.

- Complicated processes. A portion of developers that require these services are using them for the first time, or have used them without fully understanding and considering the implications. If the process for requesting support is too complicated (e.g. requiring a form where you either require very detailed information without assistance on how to find it, or - the worst case - a form with fields where the people responsible say "oh, just fill it with random stuff to keep going") it will make some people choose the less secure way to get going with work.

- Long processes. If a developer wants to use such a service and it takes weeks to months to receive support (e.g. overload of tickets, or the only person responsible is on vacation) it sometimes leaves little to no choice.

But again, definitely not advocating for circumventing security!
mukesh610·3 yıl önce
Not exactly sure how streamlined your security process is, but for some orgs it is a red tape roller coaster to even get one TCP port open.

Anyways, you could also block all traffic to ngrok servers just to ensure your Dev teams aren't skirting around your firewall.
Bluecobra·3 yıl önce
Yeah I get it, but everyone needs to be responsible for security as well. Look what happened with Lastpass. I can totally see someone doing something silly like exposing a device with default creds like a MySQL db on a production box, then forgetting about it and getting a new job a year later.

I do block proxies like this, but it’s hard to block every little thing.
alexnewman·3 yıl önce
I remember when I believed in bastions and DMZ. Many companies have given up on this due to the fact that it can only be enforced by policy and not by tech
IceWreck·3 yıl önce
Ngrok is just one company tho, there are thousands of ways. Wireguard or nebula can be selfhosted and another server with an actual port open will forward traffic. People can use SSH's reverse port forwarding too.

Or you can use cloudflared or another one of ngrok's competitors.
capableweb·3 yıl önce
> > This is intended for small teams

> As someone who has to manage enterprise firewalls

Clearly not intended for you, as the quoted part tells you outright who it is intended for.
ako·3 yıl önce
There are many small teams within large enterprises, one does not exclude the other…
Bluecobra·3 yıl önce
I think it’s a bit naive to believe that would stop someone from using this. Some new employee literally tried to install a CD crack on a work computer for some game just the other day.
dr_faustus·3 yıl önce
We’ve used https://github.com/antoniomika/sish quite successfully. It‘s very easy to setup with docker compose and even supports letsencrypt wildcard certificates.
antoniomika·3 yıl önce
Thanks for posting! I’d suggest this to anyone that wants a stateless setup method which uses standard SSH key/password auth. sish also has support for internal tunnels (hidden from the world and accessible with local/remote SSH forwards), SNI tunnels (zero trust TLS tunnels), TCP, and of course HTTP(S)/WS. Also does request inspection ala actual ngrok :)

Disclaimer: I’m the author and have done tunneling for years
t43562·3 yıl önce
I find it quite amusing that I read the pgrok and ngrok websites (at least the front page) and cannot understand what the hell either of them do.

It's like they can do almost anything...what exactly? .... well whatever you can think of.....er like what?

You can open localhost to the internet.......?????????? Sorry?

Anyhow if anyone would care to put me out of my misery by explaining a bit I'd be grateful.
mfkp·3 yıl önce
Let's say you're running a local development server on localhost:3000

If you want to share this with someone not on your computer, it will proxy through a real domain name that someone else can access remotely.
shortrounddev·3 yıl önce
Proxies HTTP requests from a temporary server with a public domain record to a localhost server. Useful for some development environments, and also if you don't feel like dealing with networking in docker. At one company I worked at, we ran everything through vagrant and running ngrok was easier than a junior java engineer learning anything about networking.
ahzhou·3 yıl önce
We use ngrok for testing OAuth2 handshakes on localhost.
[deleted]·3 yıl önce
asalahli·3 yıl önce
Welcome to Zombo.com :)
johnstonnorth·3 yıl önce
Don’t think I’ve ever seen an alternative to ngrok that includes their “Inspection Interface” - that is such a useful feature for debugging.
PLG88·3 yıl önce
I work on the open source OpenZiti project. We recently released zrok (https://zrok.io/), we have Local Debugging Interface in the backlog - https://github.com/openziti/zrok/issues/73.
stavros·3 yıl önce
Why do projects that are meant to be lightweight use Postgres instead of SQLite? The latter is much easier to deploy (you, well, just don't need to), and does 99% of what anyone needs, and definitely 100% of what small projects need.
throwawaaarrgh·3 yıl önce
Like everything in life, "it depends."

If what you need can suffice with SQLite, then Postgres will work too.

If you're running an app on a VM, running Postgres on it too is easy and isn't "big". It's easy to install and set up, and you're set up for all the features you may want later. Plus you avoid having to refactor for a different database later on.

If you're running your app in a serverless context, or on a PaaS/SaaS, etc, then SQLite might be easier. But maybe you want horizontal scalability with a shared dataset and then you're back at Postgres.

Just picking one thing "because everybody does" or "because it's lightweight" or "it works in most cases" etc aren't good reasons to pick technology. Look at your actual application, make a list of pros and cons, and choose based on your situation, not the cargo cult answer from the HN hive mind.
stavros·3 yıl önce
Except I have to install Postgres and create a user for it, which I don't have to do with SQLite.
throwawaaarrgh·3 yıl önce
Yes, I mentioned that. It takes about 15 minutes and you do it once.
stavros·3 yıl önce
Yes, that's 15 minutes that could have been saved.
lxgr·3 yıl önce
A project using Postgres vs. SQLite can make the difference between being able to run a single Docker container or having to use Docker Compose.

Nothing big, but I do appreciate being able to trial a tool or service on a test machine with a simple `docker run`.
jeroenhd·3 yıl önce
I use Postgres in my personal projects because I have a server (with backups etc.) running anyway. Since this project also has OIDC authentication, I imagine the target audience may already be running a PG server?

Going by https://github.com/pgrok/pgrok/blob/main/internal/database/d... I don't think adding SQLite support should be that difficult. The ORM used (gorm) has SQLite support already.

Edit: this seems to be intentional to keep maintenance cost down: https://github.com/pgrok/pgrok/pull/11
capableweb·3 yıl önce
Cargo culting. If you never used SQLite, anytime you need a database you use whatever you've used before without shopping around or considering if what you're about to use is right.
pizza·3 yıl önce
Hang on a second- this project looks to be assuming that the db will be remote and over the internet. Even the SQLite official document recommends people to use PostresSQL in that scenario [0]:

>Generally, if your data is separated from the application by a network, you want to use a client/server database. This is due to the fact that the database engine acts as a bandwidth-reducing filter on the database traffic ... Use a client/server database engine. PostgreSQL is an excellent choice.

[0] https://www.sqlite.org/useovernet.html
capableweb·3 yıl önce
No, the project has two parts. One server and one client. The client obviously runs on a different host than the server, but nothing in the architecture says that the server and the db has to run on different hosts.

You can also see that the pgrokd.yml config example is connecting to the database via localhost, so running on the same machine as "pgrokd" (the server part of pgrok).
pizza·3 yıl önce
My mistake it looks as though the desiderata was single client/server db backend in the first place, and remote db was just an added bonus of that - https://github.com/pgrok/pgrok/pull/11
stavros·3 yıl önce
I guess... That's too bad, this project looks great but having to install/connect Postgres is putting me off installing it.
PLG88·3 yıl önce
If you want a similar project which 'just works' then consider using zrok. Its fully opensource which you can self-host or use the free hosted version - https://zrok.io/
capableweb·3 yıl önce
Yeah, in better news though, it seems to be using gorm which has different drivers available (https://gorm.io/docs/connecting_to_the_database.html), SQLite being one of them. So unless they are doing something postgres specific, should be relatively easy to switch it out.
indymike·3 yıl önce
It looks like this may be a great place to use SQLite instead of Postgres because of the requirement to run this on a single server.
paxys·3 yıl önce
Small projects can still need to expand beyond a single server or have zero-downtime deploys.
joe2010xtmf·3 yıl önce
A multi-tenant HTTP reverse tunnel solution through SSH remote port forwarding.
Eun·3 yıl önce
I don’t see a usecase where a non dev should expose some local resource to the internet. These people don’t run local webservers, nor know how they work.

ngrok is a developer tool. I don’t see why marketing a dev tool to non devs is a good idea, maybe somebody can explain?
remexre·3 yıl önce
What makes this seem like a non-developer tool? You need a server you control, you need to mess with YAML files, "configure Caddy" is one step that's assumed to be easy, etc.
pcthrowaway·3 yıl önce
From their docs:

Why? Stable subdomains and SSO are two things too expensive.

Why not just pick one from the Awesome Tunneling? Think broader. Not everyone is a dev who knows about server operations. For people working as community managers, sales, and PMs, booting up something locally could already be a stretch and requiring them to understand how to set up and fix server problems is a waste of team's productivity.

Copy, paste, and run is the best UX for everyone.
Eun·3 yıl önce
It says literally:

> Not everyone is a dev who knows about server operations. For people working as community managers, sales, and PMs, booting up something locally could already be a stretch and requiring them to understand how to set up and fix server problems is a waste of team's productivity.
remexre·3 yıl önce
Oh, I read that as "you can send the links to community managers, sales, and PMs rather than making them run the app locally," since that's like, the main usecase.
Eun·3 yıl önce
Ah could also be, but the whole sentence was like this:

> Why not just pick one from the Awesome Tunneling? Think broader. Not everyone is a dev…

So I read this as targeting non devs.

I think every other alternative from that list also supports common usable links.
yjftsjthsd-h·3 yıl önce
I've heard of people wanting remote access to things like Plex or security cameras hosted in their basement. Usually via VPN, but I could see someone using this kind of thing.
[deleted]·3 yıl önce
aussieguy1234·3 yıl önce
By the sounds of it Ngroks pricing is out of control. They used to allow commerical use for individual developer subscriptions, why not now?

I recently launched Tunnelmole, an open source alternative. You can just run the client and then you don't need to worry about NAT/CG-NAT, port forwarding or running your own server unless you want to self host, which is possible because the service layer is also open source.

You can get it from https://github.com/robbie-cahill/tunnelmole-client
panzi·3 yıl önce
Since I don't need a lot of HTTPS development servers, but the few that I do need, need to have a fixed domain name, I simply configured nginx on one of our servers (not the production server, of course) to proxy to a localhost port and then do a SSH tunnel to that server and port from my development PC. Good enough for what I do. Though I should look into auto-ssh some day, because the SSH tunnel keeps dyeing.
bgpdude·3 yıl önce
Also check out https://docs.border0.com/docs. Super easy to get going, and supports HTTP(s), SSH and Database protocols such as mysql and postgres. Ideal for private resources, as it has a nice policy to control who should have access to what, when and where. Finally you can use Google and Github for authentication.
groestl·3 yıl önce
I was under the impression that pgrok was unmaintained until now, to the extend that I was looking for alternatives. Did I miss something?
prettyStandard·3 yıl önce
I'm on mobile so it's hard browse the repo, but it looks like the initial commit was 4 days ago. So I think this would be a different project with the same name.

https://github.com/pgrok/pgrok/commit/1f57713c323ea494780590...
groestl·3 yıl önce
I see.. it's bit confusing, since there's an existing project in the same space (https://github.com/jerson/pgrok). It's even linked on the project above via the awesome https://github.com/anderspitman/awesome-tunneling list, I don't know why this is necessary.
jeroenhd·3 yıl önce
For one, this seems to integrate with OIDC setups, which makes it easier to use it with existing company credentials (rather than manage accounts for every tool you use).

The naming conflict is unfortunate. At least the old repository is archived, but it'd still be better if this tool could be renamed IMO, especially since it's so new.
eliben·3 yıl önce
I recently wrote about how ngrok-like functionality is easily implemented in Go via SSH port forwarding: https://eli.thegreenplace.net/2022/ssh-port-forwarding-with-...
retrobox·3 yıl önce
I love seeing alternatives but one thing I really appreciate about ngrok is the web UI. The log of incoming requests, headers and payloads, is very helpful during development. Do any of these alternatives offer something similar? Or is there an additional tool that can be leveraged?
PLG88·3 yıl önce
I work on the open source OpenZiti project. We recently released zrok (https://zrok.io/), we have Local Debugging Interface in the backlog - https://github.com/openziti/zrok/issues/73.
[deleted]·3 yıl önce
Felminor·3 yıl önce
Great thing about k8s: you can expose all your dev env needs super fast and easy.

And adding a dex or so upfront is also super easy.

If you are a small company and need this regularly try to take a look at managed k8s.

It will be worth it
ytwySXpMbS·3 yıl önce
In a couple places grok is typoed as gork
joe2010xtmf·3 yıl önce
Thanks! will fix!
8n4vidtmkvmk·3 yıl önce
if you're already running nginx on a server somewhere, you can set up a subdomain to tunnel to localhost with no software to install. just a tiny bit of config. use just ssh on the client. i only use it to test callbacks but it can be shared too
[deleted]·3 yıl önce