A recommendation for web developers


#1

Here's something that is pretty neat. Someone introduced me to this service and I believe you all should try it out. The service I am talking about is ngrok. Not sure if any of you use it, but this service allows you to mirror your localhost without having to push your development files to a live server. Whatever you do on your localhost, ngrok will also mirror it. So say you opened up the ngrok URL that the CL gave you, once you make a modification to your localhost, ngrok will also have that same modification once you refresh your ngrok URL.

What this does is it allows you to share your localhost to other people if say you want to share what is going on in your localhost or even if you have some kind of bug that you want others to fix. Screen print is a very good idea, but most people don't really use this method because they are too lazy to upload the files to an image service or even to SitePoint. Sometimes, people actually don't know how to upload photos to SitePoint because they have never used Markdown before.

So I suggest using ngrok to share your ideas or even get help from people.


NOTE


I haven't tried using ngrok and shutting off my laptop. I believe once the session for using ngrok is cut off/ over, ngrok will stop mirroring your localhost. This means that in order to use ngrok, you MUST always have your PC on. When your PC is turned off, ngrok will stop until you re-open ngrok again.

Now, this doesn't mean that you should keep your PC on forever. It just means that when you turn off your system, ngrok will stop working. I also don't suggest keeping your PC on if you don't want to waste money on electricity. ngrok is just a service for you to mirror your localhost whenever you want. It's not a service you would want to keep open every single minute.


#2

Sounds pretty insecure to me, like pointing a loaded gun to your head :stuck_out_tongue:
botnets come to mind...
And I don't seem to be alone in thinking that, checkout the comments on this article:
https://developer.atlassian.com/blog/2015/05/secure-localhost-tunnels-with-ngrok/

"HUH? "No need to ask IT guys (guns) to forward a port for us"????? Did you ever think why there are processes in place for that? Look, I get that IT may not be staffed or funded enough to respond quickly, but opening a hole in your company's network is just irresponsible! Do you realize what implications you are creating by doing that? If a hacker were to break through your application, they now can use that port to access ANY system behind the firewall. I sure hope you at LEAST tell your IT folks that you opened the hole because you are the reason why some companies get hacked and don't know it for many months!"

NONO for me! web developers should be skilled enough to deploy in a few minutes, otherwise find another job.

And sounds pretty suspicious someone promoting this here like that, not saying you didn't do it out of good will. sorry to spoil you


#3

@Andres_Vaquero
So are you proposing that everyone learns to upload a screenshot of their problems using the Markdown features? Because I can surely say that's a far reach. Especially when most people don't know how to use the Markdown features or don't care to use it. And would rather have to describe a situation and have others try to comprehend the broken English and figure out what they need. A clear example can be your quote you took off that article which you clearly didn't format correctly.

Aside from that, ngrok's tunneling process allows you to use ngrok safely. It's protected through ngrok's servers. You can also view who is looking at your localhost on the dashboard on ngrok. If the IP Address looks suspicious, you can simply cut off your connection and generate a new ngrok URL.

Here are the docs on it. https://ngrok.com/docs#inspect

You can also whitelist certain IP Address to access your localhost. https://ngrok.com/docs#whitelist


Again, ngrok isn't a service for CONSTANT sharing which most people will likely use ngrok for. They believe that this is a way to host their websites without paying money to hosting providers which is a terrible idea. This is why I included the lines

if you don't want to waste money on electricity.

It's because ngrok is just a service to share your localhost with other coworkers or people you trust.


I have yet to see any other bad reviews other than that single one you posted which seems to be someone trolling the internet. I've searched for hours on Google using the terms

do not use ngrok

why ngrok is bad

You should also look at the testimonials on ngrok if you're so suspicious about it.

https://ngrok.com/love


Sorry to spoil you, but I haven't seen any bad reviews other than that one saying that everyone should stop using it because it's dangerous. The idea of this topic is to allow others to share ideas or development files where they don't have to upload it to a live server or purchase a web hosting account which could save them a lot of money. This is probably the closest to hosting a website on your own local machine. If you are truly an "IT" user, you should already know to always update your system and always scan your computer no matter what the circumstances are. And if you are someone like me, you would always be watching what processes are running and if it looks suspicious or it doesn't look like a software you download, you would normally end the process on it or scan that specific process.

But I guess it's a "No No" for me because I am apparently not a "Web developer" even though I know how to deploy my own localhost without using XAMPP or WAMP or MAMP or Vagrant on a VM. And apparently, this doesn't mean jack if I am not a "Web Developer".


#4

Sorry to spoil you, but I haven't seen any bad reviews other than that one saying that everyone should stop using it because it's dangerous

Perhaps dangerous is not reason enough for you to stop promoting it on the internet.
There are a few more here https://www.reddit.com/r/webdev/comments/1t0bow/ngrok_make_your_localhost_available_online/
like :

Why would you ever do such a lazy and insecure thing as expose your local machine to unsolicited internet traffic?
Get a VPS for $3/month, or if the price of a coffee is too much for you, grab some free shared hosting.

It would be useful in many cases. It would be prudent in none.

A development VPS can be had for as little as $3/mo, there is no excuse for such a lazy and insecure solution.
This is no less doable with a VPS. Any IDE worth it's salt (or even an editor like Sublimetext or Notepad++) has built in FTP or SSH features that allow you to push the file you're working on to a server in a matter of milliseconds.

The kinds of responses I'm seeing here sound like things said by people with little to no development experience - the very last people that should ever consider opening a local machine to traffic.

What I'm saying is that solutions like this one are really only solutions to problems that come about by doing things wrong in the first place.

if you are on the same network, can't you just give out your IP address for someone to view your localhost?

Password protection only does so much. You've already opened up a webserver to the internet on your machine. Sure, you can throw on more and more layers of security, but at what point is that not worth the minimal effort to just not use your work machine to host content.

PD. Only took me 5 minutes to find, congrats on learning how to configure Apache :stuck_out_tongue:


#5

Hmm, that's the first post you've mentioned that actually has a valid point. The other one was just a troll creating multiple accounts to yell at everyone. Which doesn't make a point any more valid.

Anyways, it's not just Apache. It's the actual localhost. If you know how to install your own localhost, you will know what is going on with it if it breaks or if someone wants to snoop in unexpectedly. You should always be sniffing to make sure people don't do harmful things to your system anyways.

And if you're someone like me. No matter if your system is compromised, all you could always do is make a backup of your work, scan it on another computer to make sure nothing malicious was placed on it and you can always trash that hard drive. What I mean by trashing is completely formatting it and wiping the drive clean and then install a new partition on it using a legitimate Windows installer. People act as if their current system is their only system. I treat my hard drives and my SSDs just like a VM. If the partition I am using sucks or is slow, I back up my files and trash it and start over. The only thing I don't need to start over is my work because I've backed it up on multiple devices.

So if someone were to infect my system. I could easily look just trash the current partition and start over. Simply because I make backups every 2 days. So if my backups aren't infected, I can just start over with a fresh and clean installation.


Also, wouldn't you say that all web hosts are essentially the same thing as what I am doing now? They are just systems on a hard drive located in a warehouse or an IT facility and almost all of them have open ports because how would we be able to receive data from the server if the server isn't opened for connection? So this argument of yours is pretty much an argument about the internet itself. If you say that you shouldn't allow anyone to view your localhost, then you sure should say that to the internet itself because that's what it essentially is. The internet allows everyone to view it and it also allows everyone to attack it. Simply telling someone "not" to share their localhost is the same exact concept as telling someone "not" to use the internet because all servers are basically just computers.


Also, as I have mentioned and many people have mentioned in that Reddit post that this is NOT a permanent solution. It's a way to share ideas. But I guess there's always that 1 person who dislikes how something goes because it doesn't work out for them or they want others to pay a fee because they are paying a fee.


#6

Sorry I don't have time to elaborate right now, but I guess my point is that your local machine contains a lot more sensitive data than a server where you have just uploaded a website. Compromising a website vs compromising your local machine... I'm guessing you would agree that the latter is a lot more risky. Anyways if then you have to be scanning your local machine for malicious software because you wanted to share a screenshot or your local project online kind of defeats the purpose of being able to easily and securely share stuff. Having some hosting where you can for example rsync your local project should get you what you need in a matter of seconds with no fuss and no extra work and quite easily and cheaply. I'm just saying I would no way take that risk and trying to make other people aware of the potential harm of using this software. That is all and sorry if at any point I sounded aggressive or like a nasty guy. I'm sure you're a nice guy with good intentions but it doesn't hurt to make people aware of what they might get into if they're not careful.


#7

That is one thing we both can agree on. This software isn't fully secure if you don't take the proper precautions. But I must also refer back to my earlier point. Not everyone knows how to use Markdown. A lot of users that come here don't know how to use it or Sitepoint for that matter. What I am doing is suggesting an idea so that other people can try it out and see if they like it. Not everyone likes the same thing and not everyone has the same view point on that particular thing.

But if we limit ourselves to only a small possibility, no one will succeed.


closed #8

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.