Python SDK for ngrok#

PyPI Supported Versions MIT licensed Apache-2.0 licensed Continuous integration

ngrok-python is the official Python SDK for ngrok that requires no binaries. Quickly enable secure production-ready connectivity to your applications and services directly from your code.

ngrok is a globally distributed gateway that provides secure connectivity for applications and services running in any environment.

Installation#

The ngrok-python SDK can be installed from PyPI via pip:

pip install ngrok

Quickstart#

  1. Install ngrok-python

  2. Export your authtoken from the ngrok dashboard as NGROK_AUTHTOKEN in your terminal

  3. Add the following code to your application to establish connectivity via the forward method through port 9000 on localhost:

    # import ngrok python sdk
    import ngrok
    
    # Establish connectivity
    listener = ngrok.forward(9000, authtoken_from_env=True)
    
    # Output ngrok url to console
    print(f"Ingress established at {listener.url()}")
    

That’s it! Your application should now be available through the url output in your terminal.

Note You can find more examples in the examples directory.

Documentation#

A full quickstart guide and API reference can be found in the ngrok-python documentation.

Authentication#

To use most of ngrok’s features, you’ll need an authtoken. To obtain one, sign up for free at ngrok.com and retrieve it from the authtoken page in your ngrok dashboard. Once you have copied your authtoken, you can reference it in several ways.

You can set it in the NGROK_AUTHTOKEN environment variable and pass authtoken_from_env=True to the forward method:

ngrok.forward(authtoken_from_env=True, ...)

Or pass the authtoken directly to the forward method:

ngrok.forward(authtoken=token, ...)

Or set it for all connections with the set_auth_token method:

ngrok.set_auth_token(token)

Connection#

The forward method is the easiest way to start an ngrok session and establish a listener to a specified address. If an asynchronous runtime is running, the forward method returns a promise that resolves to the public listener object.

With no arguments, the forward method will start an HTTP listener to localhost port 80:

listener = ngrok.forward()

You can pass the port number to forward on localhost:

listener = ngrok.forward(4242)

Or you can specify the host and port via a string:

listener = ngrok.forward("localhost:4242")

More options can be passed to the forward method to customize the connection:

listener = ngrok.forward(8080, basic_auth="ngrok:online1line"})
listener = ngrok.forward(8080, oauth_provider="google", oauth_allow_domains="example.com")

The second (optional) argument is the listener type, which defaults to http. To create a TCP listener:

listener = ngrok.forward(25565, "tcp")

Since the options are kwargs, you can also use the ** operator to pass a dictionary for configuration:

options = {"authtoken_from_env":True, "response_header_add":"X-Awesome:yes"}
listener = ngrok.forward(8080, **options)

See Full Configuration for the list of possible configuration options.

Disconnection#

To close a listener use the disconnect method with the url of the listener to close. If there is an asynchronous runtime running the disconnect method returns a promise that resolves when the call is complete.

ngrok.disconnect(url)

Or omit the url to close all listeners:

ngrok.disconnect()

The close method on a listener will shut it down, and also stop the ngrok session if it is no longer needed. This method returns a promise that resolves when the listener is closed.

await listener.close()

List all Listeners#

To list all current non-closed listeners use the get_listeners method. If there is an asynchronous runtime running the get_listeners method returns a promise that resolves to the list of listener objects.

listeners = ngrok.get_listeners()

TLS Backends#

As of version 0.10.0 there is backend TLS connection support, validated by a filepath specified in the SSL_CERT_FILE environment variable, or falling back to the host OS installed trusted certificate authorities. So it is now possible to do this to connect:

ngrok.forward("https://127.0.0.1:3000", authtoken_from_env=True)

If the service is using certs not trusted by the OS, such as self-signed certificates, add an environment variable like this before running: SSL_CERT_FILE=/path/to/ca.crt.

Unix Sockets#

You may also choose to use Unix Sockets instead of TCP. You can view an example of this here.

A socket address may be passed directly into the listener forward() call as well by prefixing the address with unix:, for example unix:/tmp/socket-123.

Builders#

For more control over Sessions and Listeners, the builder classes can be used.

A minimal example using the builder class looks like the following:

async def create_listener():
    session = await ngrok.NgrokSessionBuilder().authtoken_from_env().connect()
    listener = await session.http_endpoint().listen()
    print (f"Ingress established at {listener.url()}")
    listener.forward("localhost:9000")

See here for a Full Configuration Example

Full Configuration#

This example shows all the possible configuration items of ngrok.forward:

listener = ngrok.forward(
    # session configuration
    addr="localhost:8080",
    authtoken="<authtoken>",
    authtoken_from_env=True,
    session_metadata="Online in One Line",
    # listener configuration
    metadata="example listener metadata from python",
    domain="<domain>",
    schemes=["HTTPS"],
    proto="http",
    proxy_proto="",  # One of: "", "1", "2"
    labels="edge:edghts_2G...",  # Along with proto="labeled"
    # module configuration
    basic_auth=["ngrok:online1line"],
    circuit_breaker=0.1,
    compression=True,
    allow_user_agent="^mozilla.*",
    deny_user_agent="^curl.*",
    allow_cidr="0.0.0.0/0",
    deny_cidr="10.1.1.1/32",
    crt=load_file("crt.pem"),
    key=load_file("key.pem"),
    mutual_tls_cas=load_file("ca.crt"),
    oauth_provider="google",
    oauth_allow_domains=["<domain>"],
    oauth_allow_emails=["<email>"],
    oauth_scopes=["<scope>"],
    oauth_client_id="<id>",
    oauth_client_secret="<id>",
    oidc_issuer_url="<url>",
    oidc_client_id="<id>",
    oidc_client_secret="<secret>",
    oidc_allow_domains=["<domain>"],
    oidc_allow_emails=["<email>"],
    oidc_scopes=["<scope>"],
    policy="<policy_json>",
    request_header_remove="X-Req-Nope",
    response_header_remove="X-Res-Nope",
    request_header_add="X-Req-Yup:true",
    response_header_add="X-Res-Yup:true",
    verify_webhook_provider="twilio",
    verify_webhook_secret="asdf",
    websocket_tcp_converter=True,
)

ASGI Runner#

ngrok-python comes bundled with an ASGI (Asynchronous Server Gateway Interface) runner ngrok-asgi that can be used for Uvicorn, Gunicorn, Django and more, with no code.

To use prefix your start up command for a Uvicorn or Gunicorn web server with either ngrok-asgi or python -m ngrok.

Any TCP or Unix Domain Socket arguments will be used to establish connectivity automatically. The ngrok listener can be configured using command flags, for instance adding --basic-auth ngrok online1line will introduce basic authentication to the ingress listener.

Uvicorn#

# Basic Usage
ngrok-asgi uvicorn mysite.asgi:application

# With custom host and port
ngrok-asgi uvicorn mysite.asgi:application \
    --host localhost \
    --port 1234

# Using basic auth
ngrok-asgi uvicorn mysite.asgi:application \
    --host localhost \
    --port 1234 \
    --basic-auth ngrok online1line

# Using custom sock file
ngrok-asgi uvicorn mysite.asgi:application \
    --uds /tmp/uvicorn.sock

# Using module name
python -m ngrok uvicorn mysite.asgi:application \
    --oauth-provider google \
    --allow-emails bob@example.com

Gunicorn#

# Basic Usage
ngrok-asgi gunicorn mysite.asgi:application -k uvicorn.workers.UvicornWorker

# With custom host and port
ngrok-asgi gunicorn mysite.asgi:application -k uvicorn.workers.UvicornWorker \
    --bind localhost:1234

# Using webhook verifications
ngrok-asgi gunicorn mysite.asgi:application -k uvicorn.workers.UvicornWorker \
    --webhook-verification twilio s3cr3t

# Using custom sock file
ngrok-asgi gunicorn mysite.asgi:application -k uvicorn.workers.UvicornWorker \
    --bind unix:/tmp/gunicorn.sock

# Using module name
python -m ngrok gunicorn mysite.asgi:application -k uvicorn.workers.UvicornWorker --response-header X-Awesome True

Examples#

Listeners#

Frameworks#

Machine Learning#

Platform Support#

Pre-built binaries are provided on PyPI for the following platforms:

OS

i686

x64

aarch64

arm

Windows

*

MacOS

Linux

Linux musl

FreeBSD

*

Note ngrok-python, and ngrok-rust which it depends on, are open source, so it may be possible to build them for other platforms.

  • Windows-aarch64 will be supported after the next release of Ring.

  • FreeBSD-x64 is built by the release process, but PyPI won’t accept BSD flavors.

Dependencies#

  • This project relies on PyO3, an excellent system to ease development and building of Rust plugins for Python.

  • Thank you to OpenIoTHub for handing over the ngrok name on PyPI.

Changelog#

Changes to ngrok-python are tracked under CHANGELOG.md.

Join the ngrok Community#

License#

This project is dual-licensed under Apache, Version 2.0 and MIT. You can choose between one of them if you use this work.

Contributions#

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in ngrok-python by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

Development: Getting Started#

Prerequisites:

  • a valid Ngrok authtoken

  • make available in your PATH

  1. Update Cargo.toml with the latest supported ngrok = { version = "=VERSION_HERE" } from ngrok-rust. ngrok-rust is used for the bindings in src/rust_files_here.rs

  2. Run make build (builds the rust bindings / python dependencies)

  3. Happy developing!


Example Commands:

building the project

make develop

running the entire test suite

# running the entire test suite
export NGROK_AUTHTOKEN="YOUR_AUTHTOKEN_HERE"; make test

running an individual test

# running an individual test
export NGROK_AUTHTOKEN="YOUR_AUTHTOKEN_HERE"; make test="-k TEST_CLASS.NAME_OF_TEST" test

See the MakeFile for more examples

API Reference#

Listener and Sessions:

Module:

Indices and tables#