v1.0 · open source · written in Go

Secure tunnels
to localhost

Self-hosted ngrok alternative. Expose your local services to the internet with custom domains, automatic HTTPS, and complete control over your infrastructure.

$curl -fsSL https://raw.githubusercontent.com/abdullahob/ogrok/main/install.sh | bash
Installation guideView source
terminal
$ ogrok http 3000
  ogrok - secure tunnels to localhost

  Status:     connected
  Forwarding: https://abc123.ogrok.dev → http://localhost:3000

  Connections: 0

Everything you need,
nothing you don't.

Built for developers who want reliable tunnels without the vendor lock-in.

Custom domains

Use your own domain names with automatic SSL certificate provisioning via Let's Encrypt.

Subdomain routing

Get random or custom subdomains on your base domain. Route traffic by hostname.

Automatic HTTPS

Let's Encrypt integration handles certificate issuance and renewal automatically.

Token authentication

Secure access control with configurable tokens. Limit tunnels per token.

Rate limiting

Built-in request rate limiting at 100 req/s per tunnel with burst handling.

Real-time stats

Monitor active tunnels and connections through the admin API endpoint.

Docker support

Deploy with Docker and Docker Compose. Production-ready container images.

WebSocket control

Real-time tunnel management with heartbeat monitoring and stale cleanup.

Self-hosted

Run on your own infrastructure. No third-party dependencies. Full data sovereignty.

Get started in minutes

Install the client, point it at your server, and start tunneling.

Option 1

Install script

$ curl -fsSL https://raw.githubusercontent.com/abdullahob/ogrok/main/install.sh | bash

Option 2

Build from source

$ git clone https://github.com/abdullahob/ogrok.git
$ cd ogrok
$ make deps
$ make build-all

Server setup

Configure and run the server

# server.yaml
server:
http_port: 80
https_port: 443
base_domain: "tunnel.yourdomain.com"
auth:
tokens:
- "your-secret-token"
tls:
autocert: true
$ ./bin/ogrok-server -config server.yaml

Simple, familiar CLI

If you've used ngrok before, you already know how to use ogrok.

Expose a local port

$ ogrok http 3000
Forwarding: https://abc123.ogrok.dev → localhost:3000

Custom subdomain

$ ogrok http 3000 --subdomain myapp
Forwarding: https://myapp.ogrok.dev → localhost:3000

Custom domain

$ ogrok http 3000 --domain dev.mysite.com
Forwarding: https://dev.mysite.com → localhost:3000

Multiple services

$ ogrok http 3000 --subdomain frontend &
$ ogrok http 5000 --subdomain api &
$ ogrok http 8080 --subdomain admin &

Authentication

Set your token once and forget about it. Works with environment variables, config files, or CLI flags.

# Environment variable
$ export OGROK_TOKEN=your-secret-token
# Or config file
$ mkdir -p ~/.ogrok
$ echo "token: your-secret-token" > ~/.ogrok/config.yaml
# Or inline
$ ogrok http 3000 --token your-secret-token

How it works

Dual-plane architecture: WebSocket for control, HTTP for data.

  Internet          ogrok Server         ogrok Client         Local
  Users                                                      Service

 ┌────────┐        ┌───────────────┐     ┌──────────────┐    ┌──────────┐
 │        │  HTTP  │               │ WS  │              │    │          │
 │ Client ├───────►│   Reverse     │◄───►│   Tunnel     │───►│ :3000    │
 │        │◄───────┤   Proxy       │     │   Client     │◄───┤          │
 │        │        │               │     │              │    │          │
 └────────┘        └───────┬───────┘     └──────────────┘    └──────────┘
                           │
                    ┌──────┴───────┐
                    │  Admin API   │
                    │  :8080       │
                    │  /health     │
                    │  /stats      │
                    └──────────────┘

Control plane

WebSocket connection handles tunnel registration, heartbeat monitoring, and request/response forwarding between server and client.

Data plane

HTTP reverse proxy routes incoming requests by hostname, applies rate limiting, and streams responses back to the original requester.

Security built in

Production-ready security defaults. No configuration required for the basics.

TLS everywhere

Automatic HTTPS with Let's Encrypt. Secure WebSocket connections for the control plane.

Auth tokens

Token-based authentication for tunnel registration. Configurable per-token limits.

Rate limiting

100 req/s per tunnel with burst capacity. Prevents abuse without configuration.

Auto cleanup

Stale tunnel detection with 2-minute timeout. Graceful shutdown on server stop.

Deploy anywhere

SystemD, Docker, or bare metal. Your infrastructure, your rules.

SystemD

$ sudo cp deploy/ogrok-server.service /etc/systemd/system/
$ sudo systemctl enable ogrok-server
$ sudo systemctl start ogrok-server

Docker Compose

$ cd deploy
$ docker-compose up -d

Stop paying for tunnels

ogrok is free and open source. Run it on your own server and own your tunnel infrastructure.

Star on GitHubGet started