Ngrok tunnel https via config - ngrok

I am having some issues finding how to properly write my ngrok.yml file such that it will start the tunnel using https. What I have at the moment is the following:
tunnels:
invenutory:
proto: http
addr: 44328
host_header: localhost
The issue here is that if I use the url ngrok gives me it does not connect (i test this by seeing if it hits my healthcheck endpoint, it does not). However, if I start ngrok using the following command:
ngrok http https://localhost:44328 -host-header="localhost:44328" then it will properly hit my endpoint. How can I make my config file act the same way?
Edit:
If I set the addr to be addr: "https://localhost:44328" then it does properly use https, but for some reason this seems to me like an incorrect way of doing it.

To start a https only tunnel with a ngrok http tunnel, use the flag -bind-tls.
This is unrelated to how you use addr, which can be used to let ngrok know if your local server is listening for http or https.
From the docs:
ngrok assumes that the server it is forwarding to is listening for unencrypted HTTP traffic, but what if your server is listening for encrypted HTTPS traffic? You can specify a URL with an https:// scheme to request that ngrok speak HTTPS to your local server.

You can add the bind_tls flag to the config file to create only HTTPS tunnels as per the docs
tunnels:
invenutory:
proto: http
addr: 44328
host_header: localhost
bind_tls: true

Related

How can I let Ngrok provide both https and https tunnels by default for all endpoints?

By default, ngrok only provides https tunnel.
I can specify which tunnel has https or http or both in the config file, but if so, I will have to start this tunnel every time. What I want to do it when I try to run any http port nubmer like ngrok http 5000, ngrok will automatically offers https and http for it.
I have tried
version: "2"
authtoken: faswETNFAW8DSmVuHrOH18s_6pK7iP5
schemes: [http,https]
but got the error.
How can I config the ngrok config file correctly?

How to can http services from https server

I have apache server(Frontend code) running on 80 port with https secure(SSL is configured). Backend server is nodejs and it is configured on 3000 port. When I tried to call services from https to http i.e. Apache(port 80 ssl configured) to Nodejs (port 3000 non-ssl) it is giving showing failed with status as "net::ERR_SSL_PROTOCOL_ERROR".
This may have something to do with Same Origin policy.
Please see that answer: HTTP Ajax Request via HTTPS Page.

How to make HTTP request to custom IP in k6 load testing API?

Is it possible to force a k6 HTTP request to a custom IP?
i.e. DNS has host name pointing to IP address A, while a test website, same hostname, is on IP address B; need to send k6 load test requests to website B.
It's HTTPS, so there's certificate issues calling https://[ip address] and headers Host: [hostname] (shows "x509: cannot validate certificate for [ip address] because it doesn't contain any IP SANs" messages)
Working from localhost I'm currently editing /etc/hosts as a work around.
Setting IP address is possible in the loadimpact.com API (https://loadimpact.com/load-script-api#http), I'm hoping could be done via k6 API.
No, not yet without running into the SNI issue you describe with TLS. We have an issue to track the DNS override feature here: https://github.com/loadimpact/k6/issues/474
As you mention, modifying the local /etc/hosts or C:\Windows\System32\drivers\etc\hosts file is the workaround until this has been implemented in k6.

How to get the real client ip for a request when tunneling with ngrok

How can I make sure that the client IP address is forwarded by ngrok?
My test code keeps insisting that all the requests are coming from 127.0.0.1 because of ngrok but i want to log the actual client IP instead. Load balancers usually set a header in X-Forwarded-For or x-real-ip but I'm not sure what the process for ngrok is ...
console.log('req.headers[\'x-real-ip\']', req.headers['x-real-ip']);
console.log('req.headers[\'X-Forwarded-For\']', req.headers['X-Forwarded-For']);
console.log('req.ip', req.ip );
console.log('req.connection.remoteAddress', req.connection.remoteAddress);
console.log('req.connection.remoteAddress', req.connection.remoteAddress);
console.log('req.socket.remoteAddress', (req.socket && req.socket.remoteAddress));
console.log('req.socket.socket.remoteAddress', (req.socket.socket && req.socket.socket.remoteAddress));
Everything either prints undefined or 127.0.0.1 so far. Which means I need to configure ngrok somehow, I think.
Unfortunately, all header names in Node.JS are lowercase. Use
req.headers['x-forwarded-for']
instead of
req.headers['X-Forwarded-For']

HAProxy connect to backend with source IP

I am running HAProxy on a machine with multiple interfaces and I want the connection to the backend to be made from the source IP of the interface on which the client request came in. Using the source directive from the documentation in the listen blocks didn't seem to do it as all connections seem to come from the first interface. My configuration is as follows:
listen f_192.168.1.10_http
bind 192.168.1.10:80
source 192.168.1.10
mode http
option httplog
capture request header Host len 30
use_backend b_domain1_http if { hdr(host) -i domain1.com }
listen f_192.168.1.20_http
bind 192.168.1.20:80
source 192.168.1.20
mode http
option httplog
capture request header Host len 30
use_backend b_domain1_http if { hdr(host) -i domain1.com }
backend b_domain1_http
mode http
option httplog
server srv1 domain1.com:80 check inter 30s
Ie. I am struggling to get connections coming in on interface 192.168.1.10 to have their source IP be 192.168.1.10 when connecting to the backend. Right now, regardless of if the connection comes in on 192.168.1.10 or 192.168.1.20, the outgoing connection to the backend is initiated from 192.168.1.10. I thought that using source in the listen would accomplish this but when I look at the output of netstat -at, all originating connections to the backend come from 1 interface.
Does anyone have any idea on how I can ensure the source ip of the connection to the backend is the same as the interface of the original client request?
I believe you can use source as a parameter for a server.
backend be1
...
server srv1 domain1.com:80 source ${frontend_ip} check inter 30s
I believe it is possible to substitute %fi for ${frontend_ip}, and you may also use %fp or ${frontend_port} to specifiy the port. This way you can remove the source statements in the frontends.

Resources