ngrok
Ngrok is a fantastic tool that we can use to access an on-prem API without a VPN (but with a remote access, e.g. RDP). It works like a reverse proxy that exposes internal endpoints to the internet.
We use it for example at #hey.
Assuming you have remote access (e.g. RDP), it works like this:
-
install ngrok on the remote computer (which has access to the API)
-
open a console and go to the installation directory
-
add the auth token by running
ngrok config add-authtoken <token>. You will find the token in 1pw or when you log into ngrok -
run
ngrok http --host-header=rewrite <api base url and port>(For #hey, the base url and port are, for example:hyg002.groepheylen.be:50000) -
ngrok will display a public https URL
-
On your local machine, on any network, you can start making calls to the public https provided by ngrok. It will be forwarded to the rewrite URL you provided in step 4. Notes:
- Use https, even if the API uses http
- Authentication is exactly as in the API. It works particularly well with basic authentication
- In py, you might need to turn off verification of the certificate. If you are using
requests, this can be done e.g. like so:self.session.get(query, headers=headers, verify=False, timeout=20)
Security
When working with ngrok, make sure you understand the security implications. You are exposing an endpoint that the client wanted to hide behind a firewall - probably for a good reason.
So, make sure you get approval by the client, and only run ngrok when needed - that is during development. Do not use it for production, and do not keep it running once development has finished.