> ## Documentation Index
> Fetch the complete documentation index at: https://ngrok.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Domains

> Learn how to connect domains to your ngrok endpoints.

## Domains

Domains enable you to create public endpoints with hostnames matching the
domain. For example, after you create the domain `your-name.ngrok.app`, you may
create the Endpoint `https://your-name.ngrok.app`

Domain names may be a subdomain of an [ngrok-managed
domain](#ngrok-managed-domains) like `foo.ngrok.app` or you can [bring your own
domain](#branded-domains) like `example.your-domain.com` by creating a CNAME
DNS record with your domain's DNS provider.

Domains also enable you configure other domain-level behaviors including:

* [**Global Load Balancer configuration**](#global-load-balancer) - Choose which points of presence handle traffic to a Domain's matching endpoints.
* [**TLS Certificate management**](#tls-certificates) - Configure automatic certificate provisioning or select a certificate you uploaded yourself.
* [**Dedicated IP address configuration**](/gateway/dedicated-ips/) - Attach static, dedicated IPs for a Domain's matching endpoints receive traffic on.

You can manage Domains on your [ngrok Dashboard](https://dashboard.ngrok.com/domains)
or via the [ngrok API](#api).

## Public endpoints

A Domain's primary responsibility is to enable you to create [public
endpoints](/gateway/public-endpoints/) with a hostname matching the
domain. These are called "matching endpoints". For example, after you create
the Domain `app.example.com`, you can create the Endpoint
`https://app.example.com`.

When you create a Domain, you may create matching public endpoints with the
following constraints:

| Endpoint Protocol | Allowed Endpoints                                                                      |
| ----------------- | -------------------------------------------------------------------------------------- |
| `http`            | Matching endpoints on port `80` of the Domain.                                         |
| `https`           | Matching endpoints on port `443` of the Domain.                                        |
| `tls`             | Matching endpoints on port `443` of the Domain.                                        |
| `tcp`             | Not allowed. Public TCP endpoints must match a [TCP Address](/gateway/tcp-addresses/). |

If you configure your Domain to use [dedicated IPs](/gateway/dedicated-ips/), these
restrictions are removed and you may create matching endpoints on any ports.

### Dev domains

Every ngrok account comes with a free Dev Domain that can be used if you don't
want to pick a domain. Its URL is automatically generated and cannot be changed.
You can use this domain for creating a public endpoint to host your app, API, or any other service you'd like to put online.
Dev domains are not billed for endpoint hours and do not count toward the domain limits of paid plans.

On the **free plan**, you can only use your automatically assigned dev domain for public endpoints.
You cannot choose or reserve custom domain names—that capability requires a paid plan.

### Wildcard domains

You may create a Domain with a wildcard name, for example, `*.example.com`. A wildcard domain enables you to:

* Create an endpoint which receives traffic for all of its subdomains, for example,
  `https://*.example.com`. Consult the documentation for [wildcard
  endpoints](/gateway/http/#wildcard-endpoints) to understand
  the rules for matching and precedence.

* Create an endpoint on any subdomain which matches the wildcard, for example,
  `https://foo.example.com` or `https://foo.bar.baz.example.com`

The wildcard `*` character may only be used as the first part of a
domain, you may not create domains like `app.*.example.com` or
`*-app.example.com`.

<Note>
  Wildcard endpoints are available on our Pay-as-you-go plan self service.
  For billing information on wildcard endpoints, including how endpoint hours and Traffic Policy are charged when using wildcard Cloud Endpoints that forward to internal endpoints, see the [wildcard endpoints pricing documentation](/pricing-limits/#wildcard-endpoints).
</Note>

<Note>
  Reserving subdomains of a wildcard domain within the ngrok dashboard count towards the number of reserved domains in your account. For example, if you reserve `foo.example.com` and `*.example.com`, you have reserved two domains.
</Note>

### Random domains

For some applications, you may not care much about the actual domain for the endpoint. Generating these can be a pain, so ngrok includes an easy way
to create and use these for endpoints. Using the value `https://` in the `url` field will generate a random URL for you to use with your endpoint.

```bash theme={null}
ngrok http 80 --url 'https://'
```

<Note>
  Random domain generation (using `--url 'https://'`) is only available on paid plans.
  The free plan is limited to using your automatically assigned dev domain for public endpoints.
</Note>

### Ownership

Your account exclusively owns its Domains and all of their nested subdomains
within ngrok. That means:

* No account may create a Domain with a name that is a subdomain of your Domains.
* No other account may create endpoints with a hostname matching your Domain or
  any of its nested subdomains.

For example, if you create a Domain with the name `foo.ngrok.app`:

* No other account create the Domains `foo.ngrok.app` or `bar.foo.ngrok.app`.
* No other account may create the endpoints `https://foo.ngrok.app` or `https://bar.foo.ngrok.app`.

## Bring your own domain

You can use any custom domain name that you already own with ngrok, for example,
`app.your-domain.com`. To do so, see [the docs on using custom domains](/gateway/custom-domains).

## Global Load Balancer

The [Global Load Balancer](/gateway/global-load-balancer)
uses latency-aware DNS records to direct clients to the IPs of the nearest
[points of presence](/gateway/points-of-presence/).

Domains allow you to configure which points of presence the Global Load
Balancer may resolve clients to. This allows you to select which points of
presence will receive traffic for the Domain's matching endpoints. To disable
the Global Load Balancer, you may configure a domain to only resolve a single
point of presence.

<Info title="Coming Soon">
  Per-region global load balancer configuration is coming soon, [request access
  to the developer preview](https://dashboard.ngrok.com/developer-preview).
</Info>

## TLS certificates

Domains manage the [TLS Certificate](/gateway/tls-certificates/) used
to terminate TLS connections to the Domain's matching endpoints. When you
create a Domain, you may choose to allow ngrok to automatically provision TLS
certificates for you or to upload your own TLS certificate.

Consult the documentation on [TLS
Certificates](/gateway/tls-certificates/) for additional details on
certificate provisioning and management.

## Dedicated IPs

By default, a Domain's matching Endpoints receive traffic on a set of multi-tenant [IP addresses](/gateway/ip-addresses) that are shared among all ngrok accounts.
You may instead configure a Domain's matching endpoints to receive traffic on IP addresses that are dedicated to your account.

If your Domain uses dedicated IPs, you may create public endpoints on *any* port numbers, not just 80 and 443.

See the [Dedicated IPs](/gateway/dedicated-ips/) documentation for detailed information on configuration, use cases, and pricing.

<Info title="Coming Soon">
  Dedicated, static IPs for your domains are in Early Access.
  [Request access to the developer preview](https://dashboard.ngrok.com/developer-preview).
</Info>

## ngrok managed domains

If you don't own a domain that you want to use with ngrok, you can create a
Domain that is a subdomain of an ngrok-managed base domain. The ngrok-managed
base domains are:

| Domain             | Availability                                      | HSTS Global Preload |
| ------------------ | ------------------------------------------------- | ------------------- |
| `ngrok.app`        | Available to paying accounts                      | Yes                 |
| `ngrok.dev`        | Available to paying accounts                      | Yes                 |
| `ngrok.pizza`      | Available to paying accounts                      | No                  |
| `ngrok-free.app`   | Used by free accounts                             | Yes                 |
| `ngrok-free.dev`   | Used by free accounts                             | Yes                 |
| `ngrok-free.pizza` | Used by free accounts (coming soon)               | No                  |
| `ngrok.io`         | Discontinued and only available to older accounts | No                  |

### Public suffix list

The ngrok-managed base domains are on the [Public Suffix
List](https://publicsuffix.org/). Browsers use the Public Suffix List to
guarantee that cookies from one subdomain cannot be accessed by other
subdomains.

### HSTS preload

Some of the ngrok-managed base domains are on the global
[HSTS](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) preload
list. If the domain of the URL is on the [global HSTS preload
list](https://hstspreload.org/), modern browsers automatically convert requests
with an `http` scheme to `https`.

If you need to create unencrypted `http` endpoints, you should create them with
hostnames that are not on the HSTS Global Preload like `ngrok.io` and
`ngrok.pizza`.

ngrok does not prohibit you from creating `http` endpoints with hostnames whose
base domain is on the global HSTS preload list because non-browser clients
(like `curl`) can still be used to make unencrypted HTTP requests to them.

## API

Domains are programmatically managed via:

* [`/reserved_domains` API Resource](/api-reference/reserveddomains/list)

## Domains pricing

Domains are available on all plans. Some Domain features require upgrades. See
the [Pricing page](https://ngrok.com/pricing) for details.

| Feature                  | Plans                                                                                          |
| ------------------------ | ---------------------------------------------------------------------------------------------- |
| Domains                  | All plans. The Domain name is automatically assigned on Free; you may choose it on paid plans. |
| Bring-your-own domains   | Pay-as-you-go                                                                                  |
| Wildcard endpoints       | Pay-as-you-go                                                                                  |
| Random domain generation | Paid plans only                                                                                |
