do-it-yourself ngrok alternative

if you:





have a home server / vps

use traefik

use ngrok

don’t like spending money on ngrok for memorable subdomains





you can create your own

step 1, the server

setup your traefik 1.x frontends / backends . in my case, I wanted t-1.my.domain and t-2.my.domain . two always available endpoints for whatever machine to connect to, which will be routed to a service running on my laptop.

of course you could extend this config to as many tunnels as you like

# traefik.toml [file] [backends] [backends.t-1] [backends.t-1.servers.t-1] url = "http://localhost:51401" [backends.t-2] [backends.t-2.servers.t-2] url = "http://localhost:51402" [frontends] [frontends.t-1] backend = "t-1" passHostHeader = true [frontends.t-1.routes.t-1] rule = "Host:t-1.my.domain [frontends.t-2] backend = " t -2 " passHostHeader = true [frontends.t-2.routes.t-2] rule = " Host:t -2 .my.domain "

for the frontends, I picked a high enough local ports that they hopefully won’t clash with any other service running on the server

I’m also doing a passHostHeader = true for each backend, so that the request headers for the local proxied-to services have the public frontend hosts instead of localhost

for each backend, so that the request headers for the local proxied-to services have the public frontend hosts instead of to make the public t-*.my.domain possible for my home server, I’ve got DNS similar to: A my.domain <home_ip> CNAME *.my.domain my.domain and a DDNS client updating the A record, and 80 / 443 forwarded

possible for my home server, I’ve got DNS similar to: acme should be configured, giving you TLS for a proper ngrok alternative

step 2, the client

it’s as simple as





ssh -N -R '<traefik_backend_port>:localhost:<local_service_port>' <your_box>

for every tunnel you want to create. no need for any extra binaries like with ngrok





the -N means don’t run any remote commands, so you won’t get a shell on box. ssh will just keep the tunnel open without printing until you kill it

means don’t run any remote commands, so you won’t get a shell on box. ssh will just keep the tunnel open without printing until you kill it the -R is key. connections to the given port on the remote host ( <traefik_backend_port> ) are to be forwarded to the local side ( localhost:<local_service_port>





so in my case, if I want to show a friend a web server I have running at http://localhost:5454 by the more friendly and secure address https://t-1.my.domain , it would be:





ssh -N -R '51401:localhost:5454' my-box





where 51401 matches the frontend in the traefik.toml





much better :)