- Remote access protocols like SSH, VNC and RDP
- Databases like MySQL, Postgres, MSSQL and SQLite
- IoT protocols like MQTT
- Gaming servers like Minecraft
TCP endpoints are only available on a free plan after adding a valid payment method to your account.
Quickstart
Cloud endpoints are persistent and live until they are deleted. They are created via the ngrok Dashboard or API. Traffic Policy controls how a Cloud Endpoint handles traffic. See the Cloud Endpoints Quickstart for a step-by-step guide on how to create a Cloud Endpoint in the ngrok Dashboard. The following example uses the API to create a Cloud Endpoint which returns aHello world! 200 OK response.
Command line
Command line
You can reserve a TCP Address in the ngrok dashboard.
traffic-policy.yml
URLs
URLs are validated differently depending on their binding. Consult the following documentation for details on valid URLs for TCP endpoints: There is no standard scheme for TCP URLs so ngrok renders them astcp://.
Static URLs
If you would like a public TCP endpoint to have a static URL, you must first create a TCP Address. When you create a TCP address, a random hostname and port will be assigned to you, for example,1.tcp.ngrok.io:12345.
A TCP address is only needed to make a public TCP endpoint have a static URL.
They are not needed for TCP endpoints on other bindings, like internal or
kubernetes.
After you have created a TCP Address, specify the address (for example,
1.tcp.eu.ngrok.io:12345) in the URL when you create the endpoint. See the quickstart to learn how.
Custom domains
Public TCP endpoints are assigned randomly on an ngrok-controlled hostname with a randomly assigned port. You may not choose the hostname and you may not select the port. You may, however, simulate a customized hostname by creating a CNAME record to the hostname of your assigned TCP address. If you do so, be aware that all ports on that hostname, even those provisioned to other accounts will then be available on your domain. For example if your TCP address is5.tcp.ngrok.io:12345, you could create the
following CNAME record:
Traffic Policy
Attach Traffic Policy to endpoints to route, authenticate and transform the traffic through the endpoint.Authentication
When you create public TCP endpoints, you often want to secure them with authentication. You can secure your TCP endpoints with the following Traffic Policy actions. There is a limited set of actions available to authenticate TCP traffic because the TCP protocol is low-level.- IP Restriction
- [Mutual TLS](/traffic-policy/actions/terminate-tls/
Observability
Traffic Inspector
Traffic Inspector does not support TCP endpoints.Log exports
You can export logs of traffic to TCP endpoints with ngrok’s events system. The following events are published for log exporting:| Log | When |
|---|---|
| tcp_connection_closed.v0 | Published when a TCP connection to a TCP endpoint completes. |
Limits & timeouts
Contact Support if you need to configure limits and timeouts on connections to TCP endpoints.| Limit | Name | Notes |
|---|---|---|
| 5 minutes | Client Idle Timeout | Time since data was last transmitted by the upstream service |
| 5 minutes | Server Idle Timeout | Time since data was last transmitted by the upstream service |
| No limit | Data transmitted | Data transmitted by the client or upstream service |