ngrok establishes secure tunnels between the ngrok cloud service and your local machine. These tunnels allow you to receive traffic from the internet on your localhost without exposing your machine directly or opening inbound ports.Documentation Index
Fetch the complete documentation index at: https://ngrok.com/docs/llms.txt
Use this file to discover all available pages before exploring further.
How tunnels work
When you runngrok http <port>, the ngrok agent on your machine opens an outbound TLS connection to the ngrok cloud.
ngrok assigns a public URL and routes incoming requests through this encrypted tunnel to your local port.
- Outbound-only connections: The agent connects outbound on port 443. No firewall changes or port forwarding required.
- TLS encryption: All traffic between the ngrok cloud and your agent is encrypted with TLS.
- Automatic HTTPS: ngrok automatically provisions and manages TLS certificates for your public endpoint.
Supported protocols
ngrok supports tunnels for multiple protocols:| Protocol | Command | Use case |
|---|---|---|
| HTTP/S | ngrok http 8080 | Web apps, APIs, webhooks |
| TLS | ngrok tls 8443 | TLS passthrough for custom certificates |
| TCP | ngrok tcp 3389 | Databases, RDP, game servers |
Agent Endpoints
Each tunnel creates an Agent Endpoint: an endpoint that exists only while the agent is running. You can configure Agent Endpoints with Traffic Policy to add authentication, rate limiting, header manipulation, and more.Next steps
- Quickstart: create your first tunnel in minutes
- Agent CLI reference: full command reference for the ngrok agent
- Traffic Policy: add security and traffic management to your tunnels