Skip to content

Understanding Ngrok as a network solution with an AWS cloud example

Introduction

When you need to make a local server accessible over the internet, particularly in cases where network infrastructure control is lacking or bypassing intricate configurations is preferred, ngrok proves to be an extremely helpful solution. Interestingly, it is often utilized for creating Minecraft servers and hosting servers on Google Colab.

This popularity stems from the distinct attributes and advantages that ngrok offers. Furthermore, it is officially recommended in the Azure documentation maintained by Microsoft.

In this article, we will delve into ngrok, its features, and its diverse use cases, exploring how it has become an essential tool for developers and users alike.

What is ngrok

ngrok is a versatile tool that creates secure tunnels from the public internet to a local server, usually running on a user’s machine or behind a NAT. Technically, ngrok is based on reverse proxy and tunneling technology, which allows it to establish connections through NATs and firewalls. It enables developers and users to easily expose local web applications, APIs, or services to the public, without the need for complex configurations or network infrastructure management.

The reason why ngrok is often used in Minecraft and Colab, which was discussed in the Introduction section, can be understood in this context.

Obviously, Minecraft gamers may not have the expertise to navigate complex computer networks. For them, Not having to consider complex network setups is huge. It may be the same for data-specialized engineers as well. Also, In the case of Google Colab which is a PaaS service, the options for exposing internal networks to the outside world are limited. Even In this context, ngrok as a managed service can be a great solution for them.

By establishing a connection between the local server and the ngrok cloud service, it generates a unique URL that can be shared with others or used for testing and development purposes. The simplicity and flexibility of ngrok have made it a popular choice among developers, IT professionals, and casual users alike.

Features of Ngrok Over Other Means of Exposing Private Networks

You might be wondering why you should use ngrok when there are secure internal network exposure methods such as VPNs. As mentioned earlier, the ease of use with PaaS services could be one reason. However, even in situations where PaaS services are not involved, ngrok still offers several advantages over other methods. Here are some key features that make ngrok stand out:

  • NAT or Firewall Tunneling technology:

ngrok enables you to expose local servers behind NAT or a firewall to the public internet using secure tunnels. This is particularly useful when working with webhooks, APIs, or any service that needs to accept incoming connections from external sources. This feature allows developers to bypass complex network configurations and work seamlessly in restricted environments.

  • Debugging features

ngrok provides a range of built-in debugging features that make it easier to inspect and troubleshoot issues with your application, particularly when dealing with webhooks or other public-facing APIs. These features include real-time request and response data inspection, request replay, detailed request and response logs, status codes and error messages, and traffic capture and saving. These tools can be invaluable for identifying and resolving problems quickly and efficiently.

  • Visuality

ngrok offers a user-friendly, web-based interface that provides real-time visibility into the request and response data passing through the tunnel, as well as an easy way to access the debugging features. This visual interface simplifies the debugging process, making it more efficient to identify and resolve issues with your application. The intuitive dashboard also makes it easy for developers of all skill levels to monitor and manage their tunnels effectively.

By offering these advanced features, ngrok provides solutions for exposing private networks to the public internet, setting it apart from traditional methods like VPNs.

Use case of Ngrok with a hypothetical situation

I think understanding it through real-life cases and examples can be an effective study method especially when learning about unfamiliar technology. In this section, we’ll provide an example that illustrates how ngrok can be utilized. By following this example, you’ll gain a better understanding of ngrok’s potential use case and how it can benefit your projects.

Example

As a full-stack engineer, you have had the opportunity to work on various web services and manage their infrastructure on AWS. Now, imagine you encounter a challenging issue in an AWS VPC-based environment and consider using ngrok to resolve it effectively.

The Scenario

Your web service, deployed in an AWS VPC with a private subnet and a NAT Gateway, relies on webhook integration with a third-party API. To handle the webhook requests from the third-party provider, you initially used a public Application Load Balancer (ALB) with SSL/TLS termination. However, you start experiencing intermittent connectivity issues, which manifest as failed webhook deliveries, leading to data inconsistencies between your service and the third-party provider. Debugging the issue becomes complicated due to the lack of visibility into the webhook request and response data. Additionally, as your application server is in a private subnet, it’s not directly accessible from the internet, which hinders thorough testing.

One of the main problems with using the public ALB is that it lacks built-in debugging capabilities for webhook testing. This makes it difficult to identify and resolve issues in the webhook integration process.

Researching Solutions

To resolve the issue, you begin researching various solutions that could help you expose your application server in the private subnet to the internet and facilitate webhook testing. The primary options you consider are:

  1. Setting up a Network Load Balancer (NLB) with TLS termination
  2. Creating a VPN connection between your local development environment and the AWS VPC
  3. Exposing the server via an EC2 instance in a public subnet acting as a reverse proxy
  4. Tunneling services like ngrok

Reviewing Solutions

  1. Network Load Balancer (NLB) with TLS termination:
    • Merits: Operates at Layer 4, providing low-latency and high-performance load balancing. Supports TLS termination to offload SSL/TLS decryption from the application server.
    • Demerits: Does not offer built-in debugging capabilities. Requires additional logging and monitoring mechanisms for webhook debugging.
  2. Creating a VPN connection between your local development environment and the AWS VPC:
    • Merits: Provides a secure connection between your local environment and the AWS VPC, allowing direct access to the application server for webhook testing. Can be integrated with other AWS services.
    • Demerits: Requires additional setup and configuration, as well as management of VPN connections for each developer. Lacks built-in debugging capabilities for webhook testing, necessitating additional logging and monitoring mechanisms.
  3. EC2 instance as a reverse proxy:
    • Merits: Provides a customizable solution that can be tailored to specific needs. Can be integrated with other AWS services.
    • Demerits: Requires additional setup and management overhead. Like the other load balancing solutions, it lacks built-in debugging features.
  4. Tunneling services (ngrok):
    • Merits: Simple and secure way to expose the application server in a private subnet to the internet. Offers real-time request and response data inspection, making it easy to debug webhook issues.
    • Demerits: Although not an AWS-native solution, it requires minimal setup and can work seamlessly with an AWS VPC-based environment.

Choosing ngrok as the solution

Which solution would you choose? In a real situation, there might be tons of factors to consider. However, based on the information above, I would decide to use ngrok for the following reasons after evaluating the pros and cons of each solution:

  1. Ease of use: ngrok requires minimal setup and configuration, allowing you to quickly expose the application server in the private subnet for webhook testing.
  2. Built-in debugging capabilities: ngrok’s web interface provides real-time request and response data inspection, enabling effective troubleshooting of the connectivity issue.
  3. Compatibility with AWS VPC: ngrok can work seamlessly with an AWS VPC-based environment, making it an effective solution for your specific scenario.
  4. Cost-effectiveness: Considering the benefits gained, there is not much difference in cost between ngrok and the other solutions, making it an attractive choice.

By using ngrok in this hypothetical situation, you can see how it can help resolve webhook connectivity issues and facilitate debugging in an AWS VPC-based environment, especially when compared to the initial public ALB setup that lacked the necessary debugging capabilities.

Ngrok Open-Source Alternatives

While ngrok is an excellent tool for exposing local servers to the internet, A managed service may not be available for various reasons, including cost. In that case, there are open-source alternatives that offer similar functionality. Here are a few notable options:

  1. LocalTunnel (https://github.com/localtunnel/localtunnel): LocalTunnel is an open-source solution that creates a secure public URL for your local web server. It uses a Node.js-based client and requires minimal setup. However, it may not be as feature-rich as ngrok in terms of debugging capabilities and web interface.
  2. FRP (Fast Reverse Proxy, https://github.com/fatedier/frp): FRP is an open-source, high-performance reverse proxy and load balancer that enables you to expose local servers behind NAT or firewalls to the public internet. It provides both TCP and UDP support, as well as a range of authentication and encryption features.
  3. Chisel (https://github.com/jpillora/chisel): Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH. It is an open-source solution for exposing local servers and enables single-port tunneling for various services like HTTP, SSH, and more.

While these open-source alternatives offer some of the functionality provided by ngrok, it’s essential to evaluate their features, ease of use, and compatibility with your specific use case before choosing one for your project.

Conclusion

we often find ourselves facing various challenges when it comes to exposing local servers to the public internet and debugging network-related issues. The exploration of ngrok in this post demonstrates the importance of having a flexible and reliable tool in our development arsenal. Ngrok not only simplifies the process of establishing secure connections, but also enhances our ability to troubleshoot and resolve issues efficiently..

In essence, I believe that the key takeaway is to properly understand a wide range of technologies that can address various technical problems that may potentially arise, in order to improve the overall quality of our work. By doing so, we can ensure our ability to cope with issues using appropriate means and maintain robust and reliable infrastructure, while continually growing as engineers and staying at the forefront of the industry.

child neve