Localtunnel.me (opens in new tab)

(localtunnel.me)

111 pointsp_m_g11y ago47 comments

47 comments

Author of the project here.

I want to clarify why this project exists (as many seem to point out that other projects or methods exist for doing this).

TL;DR; If you think of localtunnel as just a shitty ngrok (or name your project here), you are missing the point and probably don't have the same use cases I do.

1. It was made overnight at some hackathon because I was not satisfied with the other tunneling options I found. They required either an account or some stupid ssh setup. I got to thinking of ways to create a tunnel that simply had an CLI tool and instantly get a tunnel no setup. It worked, I kept it.

2. It is written as a library first, CLI tool second. This means it can be used to create tunnels in a test suite if you want to use services like saucelabs to run browser tests (see https://github.com/defunctzombie/zuul). This is leveraged by projects like socket.io and engine.io (among others). This is perhaps the main reason I keep it around despite there being alternative CLI tools.

3. Both the client and server code are availably and easy to install and use. Companies do this when they want to run their own tunnels for privacy (or whatever their reasons... I don't care).

4. Yes, I know the name is identical to the old ruby?python? one. Whatever. That one seems defunct now anyway.

inconshreveable11y ago

Very cool.

ngrok doesn't have a programmatic API, but I'd love to add one soon. I've built out a library for this in https://github.com/inconshreveable/go-tunnel that will be the foundation for ngrok's next version providing a library in addition to the CLI tool.

Unfortunately, one of Go's weaknesses is that it doesn't embed into other languages like C, so I'd need a ground-up rewrite (in C, probably) with bindings to other languages.

If ngrok the command-line tool had a well defined programmatic interface (like RESTful JSON) would that useful, or is the burden of a separate binary/process to manage still too painful?

shtylman11y ago

To me the ease of having the library be installable with the "canonical" package manager of my platform is too convenient; just "feels" more natural and simpler. I actually thought about writing a node.js ngrok client but then gave up on the idea since localtunnel was working well enough and I personally didn't need the other features from ngrok which I didn't have in localtunnel.

I wouldn't worry about the whole rewrite in c thing. If your server protocol is simple enough, writing clients in the native languages will be better than writing bindings. Installing bindings trips up a lot of users that are not used to compiled software.

1 more reply

thedufer11y ago

I've never heard of ngrok, but the instantly obvious use-case is to allow testing of webhooks to my local machine. In the past we've done this by booting a temporary server on AWS and remote forwarding to our local machines, which is quite a bit more complicated. I already work on a node stack, so the npm install is wonderful. I expect I'll get a lot of use out of this. Thanks!

dav-11y ago

I didn't even think of this. Recently I was implementing MailChimp webhooks and it was a pain. Thanks for the idea.

kevinburke11y ago

I'm confused, there is an existing project called localtunnel that does exactly the same thing and dominates search results for "localtunnel". At the very least, pick a different name.

http://progrium.com/localtunnel/

pennig11y ago

Yeah, that's what I thought this was at first. Naming it the same as an existing project with the same purpose is negligent at best.

bosky10111y ago

i thought it was a cross-post as well endorsed by @progrium until i saw this comment.

julianwachholz11y ago

You can also use ngrok.com which has been around for quite a while. The developer even responds very quickly to support requests.

As a bonus, you also get:

- Custom (sub) domains

- TLS tunnels if you want, not mandatory

- Other protocols than just HTTP/S

nXqd11y ago

Yes, I still find that ngrok works quite well :D

_cbb111y ago

+1, I am a huge fan of ngrok. :)

thaumaturgy11y ago

This seems like a bad idea. localtunnel.me is redirecting non-tunnel'd subdomains to its main page, while inactive tunnel'd subdomains return "localtunnel error: no active client for 'adbc'". So, with a little poking, you find that tunnel'd subdomains seem to be [a-z0-9]{4}.localtunnel.me ... which isn't too terribly large of a search space to crawl. If it gets popular, it should be easy to find works-in-progress that might give up access to the user's computer, or keys to prod, or any of the other stuff that people are a little sloppy about on their work machines.

edit: I was wrong, I should've been a little more thorough. Looks like it's [a-z0-9]{4,10}.localtunnel.me, which is significantly larger.

JamyDev11y ago

I suggest you don't use it until they have upgraded OpenSSL...

WARNING: server returned more data than it should - server is vulnerable! (Heartbleed)

vayarajesh11y ago

I think it is alright to use it.. its just to share the work in progress so it doesnt matter if it is vulnerable

JamyDev11y ago

I've already seen PHPMyAdmin login and tokens pass by, so I don't think it's only used for showing progress but also to have a reverse tunnel back home..

1 more reply

mikeash11y ago

Once you let the public use it, there are certain expectations. That's like saying that an unfinished nightclub doesn't need fire safety because it's a work in progress. That's not acceptable if you're still letting people in to dance.

jancborchardt11y ago

Oh nice! This looks very similar to https://pagekite.net (which is also open source), minus the need for an account. Good call.

yownie11y ago

Yep, was going to chime in here as the dev of a pagekite is a friend of mine. Glad someone else appreciates it too!

lubos11y ago

Pagekite dependency on Python was deal-breaker for me a few years ago. If they would have clients in multiple programming languages so it can be easily embeddable, they would get a lot of business. Prices could be easily higher too.

rabino11y ago

Also: Vagrant has added a "vagrant share" command that publishes access to your vagrant box, which should be safer than publishing access to your full machine.

http://docs.vagrantup.com/v2/share/

tedchs11y ago

Personally I would rather just use "ssh -R", the built in remote port forwarding. You either need to flip a setting on the server to allow listening on an interface besides localhost, or configure Nginx/etc as a reverse proxy.

For example:

ssh -f -N -q -R 2222:localhost:22 my_name@remote.example.com

Decent writeup here:

http://www.noah.org/wiki/SSH_tunnel

thedufer11y ago

That's what I've used in the past, but its more complicated to set up ("You either need to flip a setting on the server to allow listening on an interface besides localhost, or configure Nginx/etc as a reverse proxy." is not trivial for most). It also requires a server with a static IP to ssh to.

tedchs11y ago

Yes. This is cold hearted, but I would suggest that for those for whom this is too hard, they should reconsider exposing their machines and code directly to the public Internet.

1 more reply

j0k3r11y ago

Isn’t the node.js version of the ruby one ? ie: http://progrium.com/localtunnel/

Or the Go version: https://github.com/inconshreveable/ngrok

jzwinck11y ago

There's a Go client for localtunnel.me also: https://github.com/NoahShen/gotunnelme

nathancahill11y ago

Jeff's localtunnel has been discontinued in favor of Ngrok. It was discontinued in the middle of a transition from ruby to python.

riffraff11y ago

Is there a writeup somewhre of what happened?

localtunnel v1 worked perfectly for me, localtunnelv2 never did (apparently no remote server was ever up) but it's weird that ngrok is a ruby project again.

2 more replies

PinguTS11y ago

This seems like a bad idea or to phrase it correctly: use it wisely.

Because, you will use this service for the development to give someone outside access to something. If you then close the tunnel, the service will forward any request to its own server either to the main pager or to an error page. That means, all data given with a request, either via GET or via POST, will be given to that service. That could include sensitive data. That means, this kind of service is security risk.

superuser211y ago

If you're testing 3rd party APIs with sensitive data, you're Doing It Wrong.

cardamomo11y ago

If you have a VPS, why not set up a subdomain to proxy localhost connections forwarded through SSH? (e.g., $ ssh -R 8000:localhost:80)

I'm sure I'm missing some obvious disadvantage…

IceDane11y ago

Wow. Exactly the same as ngrok, just .. worse.

eranrund11y ago

There's also http://httpi.pe/ - pretty similar both in concept and in implementation. The major difference would be an 'inspection' view allowing users to view the traffic going through the tunnel.

(Shameless plug - I'm the author of httpipe)

veesahni11y ago

shameless plug: I created http://ultrahook.com which does similar but with a focussed goal of receiving webhooks on localhost.

jbrooksuk11y ago

This is awesome and only an hour a go I needed this. Perfect! :)

chintan3911y ago

It would be nice to have option to allow custom URL

maaaats11y ago

Or at least get to reuse an URL after reboot/dc/something, since this is links you would send to your client/boss, having to email them new ones is a hassle.

chintan3911y ago

I agree we need a persistant URL

shtylman11y ago

You can. See the README.

vayarajesh11y ago

Nice!! so easy to setup and use.. awesome work

asaddhamani11y ago

This is pretty neat!

j / k navigate · click thread line to collapse

47 comments

shtylman11y ago

Author of the project here.

I want to clarify why this project exists (as many seem to point out that other projects or methods exist for doing this).

TL;DR; If you think of localtunnel as just a shitty ngrok (or name your project here), you are missing the point and probably don't have the same use cases I do.

3. Both the client and server code are availably and easy to install and use. Companies do this when they want to run their own tunnels for privacy (or whatever their reasons... I don't care).

4. Yes, I know the name is identical to the old ruby?python? one. Whatever. That one seems defunct now anyway.

inconshreveable11y ago

Very cool.

Unfortunately, one of Go's weaknesses is that it doesn't embed into other languages like C, so I'd need a ground-up rewrite (in C, probably) with bindings to other languages.

If ngrok the command-line tool had a well defined programmatic interface (like RESTful JSON) would that useful, or is the burden of a separate binary/process to manage still too painful?

shtylman11y ago

1 more reply

thedufer11y ago

dav-11y ago

I didn't even think of this. Recently I was implementing MailChimp webhooks and it was a pain. Thanks for the idea.

kevinburke11y ago

I'm confused, there is an existing project called localtunnel that does exactly the same thing and dominates search results for "localtunnel". At the very least, pick a different name.

http://progrium.com/localtunnel/

pennig11y ago

Yeah, that's what I thought this was at first. Naming it the same as an existing project with the same purpose is negligent at best.

bosky10111y ago

i thought it was a cross-post as well endorsed by @progrium until i saw this comment.

julianwachholz11y ago

You can also use ngrok.com which has been around for quite a while. The developer even responds very quickly to support requests.

As a bonus, you also get:

- Custom (sub) domains

- TLS tunnels if you want, not mandatory

- Other protocols than just HTTP/S

nXqd11y ago

Yes, I still find that ngrok works quite well :D

_cbb111y ago

+1, I am a huge fan of ngrok. :)

thaumaturgy11y ago

edit: I was wrong, I should've been a little more thorough. Looks like it's [a-z0-9]{4,10}.localtunnel.me, which is significantly larger.

JamyDev11y ago

I suggest you don't use it until they have upgraded OpenSSL...

WARNING: server returned more data than it should - server is vulnerable! (Heartbleed)

vayarajesh11y ago

I think it is alright to use it.. its just to share the work in progress so it doesnt matter if it is vulnerable

JamyDev11y ago

I've already seen PHPMyAdmin login and tokens pass by, so I don't think it's only used for showing progress but also to have a reverse tunnel back home..

1 more reply

mikeash11y ago

jancborchardt11y ago

Oh nice! This looks very similar to https://pagekite.net (which is also open source), minus the need for an account. Good call.

yownie11y ago

Yep, was going to chime in here as the dev of a pagekite is a friend of mine. Glad someone else appreciates it too!

lubos11y ago

rabino11y ago

Also: Vagrant has added a "vagrant share" command that publishes access to your vagrant box, which should be safer than publishing access to your full machine.

http://docs.vagrantup.com/v2/share/

tedchs11y ago

For example:

ssh -f -N -q -R 2222:localhost:22 my_name@remote.example.com

Decent writeup here:

http://www.noah.org/wiki/SSH_tunnel

thedufer11y ago

tedchs11y ago

Yes. This is cold hearted, but I would suggest that for those for whom this is too hard, they should reconsider exposing their machines and code directly to the public Internet.

1 more reply

j0k3r11y ago

Isn’t the node.js version of the ruby one ? ie: http://progrium.com/localtunnel/

Or the Go version: https://github.com/inconshreveable/ngrok

jzwinck11y ago

There's a Go client for localtunnel.me also: https://github.com/NoahShen/gotunnelme

nathancahill11y ago

Jeff's localtunnel has been discontinued in favor of Ngrok. It was discontinued in the middle of a transition from ruby to python.

riffraff11y ago

Is there a writeup somewhre of what happened?

localtunnel v1 worked perfectly for me, localtunnelv2 never did (apparently no remote server was ever up) but it's weird that ngrok is a ruby project again.

2 more replies

PinguTS11y ago

This seems like a bad idea or to phrase it correctly: use it wisely.

superuser211y ago

If you're testing 3rd party APIs with sensitive data, you're Doing It Wrong.

cardamomo11y ago

If you have a VPS, why not set up a subdomain to proxy localhost connections forwarded through SSH? (e.g., $ ssh -R 8000:localhost:80)

I'm sure I'm missing some obvious disadvantage…

IceDane11y ago

Wow. Exactly the same as ngrok, just .. worse.

eranrund11y ago

There's also http://httpi.pe/ - pretty similar both in concept and in implementation. The major difference would be an 'inspection' view allowing users to view the traffic going through the tunnel.

(Shameless plug - I'm the author of httpipe)

veesahni11y ago

shameless plug: I created http://ultrahook.com which does similar but with a focussed goal of receiving webhooks on localhost.

jbrooksuk11y ago

This is awesome and only an hour a go I needed this. Perfect! :)

chintan3911y ago

It would be nice to have option to allow custom URL

maaaats11y ago

Or at least get to reuse an URL after reboot/dc/something, since this is links you would send to your client/boss, having to email them new ones is a hassle.

chintan3911y ago

I agree we need a persistant URL

shtylman11y ago

You can. See the README.

vayarajesh11y ago

Nice!! so easy to setup and use.. awesome work

asaddhamani11y ago

This is pretty neat!

j / k navigate · click thread line to collapse