ngsrv
Get started
Local apps. Public URLs. No deploys.

Give localhost a public URL.

ngsrv lets you expose local apps, APIs, webhooks, TCP services, and static files through secure public URLs without deploying, opening ports, or fighting network config.

Start sharingRead the docs

Test webhooks. Share demos. Preview mobile apps. Use custom domains. Get a public URL for localhost.

~/your-app
$ brew install ngsrv/tap/ngsrv
$ ngsrv token <YOUR_TOKEN>

$ ngsrv http 8080
 Public URL ready
https://blue-river.ngsrv.apphttp://localhost:8080
Works with local appsSecure HTTPS URLsCLI-first workflow

What is ngsrv?

ngsrv is a secure developer tool for giving local services public URLs. It lets you expose a local server, API, webhook endpoint, TCP service, or static folder to the internet without deploying.

Developers use ngsrv to test webhooks, share local demos, preview applications on mobile devices, connect external services to local environments, and create temporary public access for work that is still running locally.

Built for the moments before deployment.

Webhook testing

Receive Stripe, GitHub, WhatsApp, Slack, or custom webhook calls on your local machine.

Client demos

Share a working local build without deploying a staging environment.

Mobile testing

Test a local backend from a real phone using a secure public URL.

QA previews

Give support or QA temporary access to a feature running locally or in CI.

Custom domains

Use branded URLs for demos, previews, and team workflows.

TCP and files

Expose more than HTTP when your workflow needs it.

A tunnel you can actually ship with.

Most public links are one-off commands you forget after the demo. ngsrv is built for repeatable development workflows: CLI-first, config-friendly, secure by default, and ready for teams that want their setup to live beside their code.

  • Define public URLs in config
  • Use custom domains
  • Protect previews with edge security
  • Share repeatable links with your team
  • Run from local machines, CI, Docker, or Kubernetes

More than a quick localhost link.

ngsrv is for developers who want public local access to feel like part of their toolchain, not a random temporary workaround.

  • Quick public URLs when you need speed
  • Declarative configuration when you need repeatability
  • Custom domains when previews need to look real
  • Security controls when links leave your laptop
  • Logs and visibility when debugging matters

When you need category clarity: ngsrv is secure tunneling for local development — a CLI and edge that turn localhost into a public URL you can share, test, and configure.

The shape of it

An edge, a CLI, and a config.

Three pieces, working as one. Configure your tunnels in YAML, route through a global edge, control everything from a single CLI.

One command, public HTTPS

Any local port → an edge-terminated HTTPS URL. HTTP/2 by default. Custom domain BYOD. Reserved subdomains. Static serve. TCP tunnels.

$ ngsrv http 3000 --domain api.example.com
$ ngsrv tcp 5432
$ ngsrv serve ./dist

Edge-enforced security

Policies declared in YAML, enforced at the edge before traffic ever reaches your process. Free tier ships with the full set.

ip_allowlistrate_limitgeotime_windowheader_requiredmtlswaf

Fits the rest of your stack

A single binary that lives wherever your app does — Docker Compose, a Kubernetes sidecar, a CI step. Structured logs and Prometheus metrics included.

services:
ngsrv:
image: ghcr.io/ngsrv/cli:latest
command: [ngsrv, run]
network_mode: host
Declarative

Tunnels as code.Reviewed, versioned, deployed.

Define your tunnels in a single file alongside your service. Bring them up together, take them down together, ship them the same way you ship the rest of your code.

ngsrv.yml
# ngsrv.yml — declarative, multi-tunnel, GitOps-ready
tunnels:
  - name: api
    port: 8080
    subdomain: api
    security_policies:
      - ngsrv_ips_office
      - ngsrv_rate_api

  - name: webhooks
    port: 9000
    subdomain: hooks

  - name: docs
    port: 3000
    domain: docs.example.com
$ ngsrv run

How it runs in your pod

Pod
your app
:8080
ngsrv sidecar
ngsrv run
/healthz/readyz/metrics
api.example.com · hooks.example.com · docs.example.com
TLS terminated at the edge
ngsrv run docs ·Helm chart ·Ops endpoints
Security

Security that comes standard.

Attach a policy to a tunnel and it's enforced at the edge — before traffic ever touches your process. Every plan ships with the full set, free included.

  • IP allowlist & geo
    Block traffic by CIDR or country before it hits your app.
  • Rate limit
    Burst & sustained limits per IP, per token, per tunnel.
  • Time windows
    Only accept traffic during business hours, in your timezone.
  • Header & token gates
    Require a header or shared secret on every request.
  • WAF (Pro)
    OWASP Core Rule Set protection without standing up your own proxy.
Browse all policy types
ngsrv.yml
# Policy IDs from Dashboard → Security (create once, reuse by ID)
security_policies:
  - ngsrv_ips_office
  - ngsrv_rate_standard
  - ngsrv_time_business
  - ngsrv_hdr_internal

Lives where your code lives.

No new pipeline, no proxy to maintain. Just a binary that fits beside whatever you already ship.

Kubernetes
Helm + sidecar
Docker
compose + run
GitHub Actions
preview tunnels
Prometheus
/metrics
macOS / Linux
brew · bash
GitOps
yaml in repo

Pricing without paywalls.

Free ships with everything that matters. Paid plans add scale, not gates.

Free
$0

1 tunnel, 3 concurrent connections, security policies included.

Start free
Most popular
Pro
$7/mo

Custom domains, WAF, more tunnels, longer logs. Best for solo devs and small teams.

See plan
Pay-as-you-go
$15/mo

Higher caps + metered overage. Pay only for what you actually push.

See plan
$ brew install ngsrv/tap/ngsrv

Give your local app a public URL.

Start with a single command, then grow into custom domains, config files, and repeatable team workflows when you need them.

Start sharingRead the docs