Ngrok Usage Boundaries

Beginner

Define when to use and not use ngrok — development use cases, production alternatives, and guidelines for transitioning from ngrok to proper infrastructure.

File Patterns

**/ngrok.yml**/.env*

This rule applies to files matching the patterns above.

Rule Content

rule-content.md

# Ngrok Usage Boundaries

## Rule
Ngrok is a DEVELOPMENT tool. It MUST NOT be used as a production hosting solution. Know when to transition to proper infrastructure.

## Appropriate Use Cases
| Use Case | Appropriate |
|----------|-----------|
| Webhook testing (Stripe, GitHub) | Yes |
| Sharing local dev with team | Yes |
| Mobile app testing against local API | Yes |
| Demo to stakeholders | Yes (with auth) |
| Staging environment | Acceptable (with OAuth) |
| Production traffic | NEVER |
| Permanent webhook endpoint | NEVER |
| Customer-facing service | NEVER |

## Transition Triggers
Move from ngrok to proper infrastructure when:
1. The service needs 24/7 availability
2. Multiple users or customers will access it
3. SLA or uptime requirements exist
4. The URL needs to be permanent and branded
5. Traffic exceeds development-level volumes

## Alternatives for Production
| Need | Alternative |
|------|-----------|
| Webhook endpoints | Vercel/Netlify serverless functions |
| API hosting | AWS/GCP/Azure with proper domain |
| Tunnel to internal services | Tailscale, Cloudflare Tunnel |
| Load testing | Deploy to cloud environment |

## Rules
1. NEVER use ngrok for production customer traffic
2. NEVER rely on ngrok for uptime-critical services
3. Always have a plan to replace ngrok before launch
4. Document which ngrok tunnels exist and their purpose
5. Set expiration reminders for temporary tunnels

## Examples

### Good
- Using ngrok for Stripe webhook development, Vercel for production
- Demoing to stakeholders with OAuth-protected tunnel
- Testing mobile app against local API via ngrok

### Bad
- Customer-facing API running through ngrok
- Production webhook handler on an ngrok URL
- ngrok as a permanent VPN replacement

## Enforcement
Review infrastructure architecture for ngrok dependencies before production launch.
Include ngrok-to-production migration in project planning.

FAQ

Discussion

Loading comments...

# Ngrok Usage Boundaries ## Rule Ngrok is a DEVELOPMENT tool. It MUST NOT be used as a production hosting solution. Know when to transition to proper infrastructure. ## Appropriate Use Cases | Use Case | Appropriate | |----------|-----------| | Webhook testing (Stripe, GitHub) | Yes | | Sharing local dev with team | Yes | | Mobile app testing against local API | Yes | | Demo to stakeholders | Yes (with auth) | | Staging environment | Acceptable (with OAuth) | | Production traffic | NEVER | | Permanent webhook endpoint | NEVER | | Customer-facing service | NEVER | ## Transition Triggers Move from ngrok to proper infrastructure when: 1. The service needs 24/7 availability 2. Multiple users or customers will access it 3. SLA or uptime requirements exist 4. The URL needs to be permanent and branded 5. Traffic exceeds development-level volumes ## Alternatives for Production | Need | Alternative | |------|-----------| | Webhook endpoints | Vercel/Netlify serverless functions | | API hosting | AWS/GCP/Azure with proper domain | | Tunnel to internal services | Tailscale, Cloudflare Tunnel | | Load testing | Deploy to cloud environment | ## Rules 1. NEVER use ngrok for production customer traffic 2. NEVER rely on ngrok for uptime-critical services 3. Always have a plan to replace ngrok before launch 4. Document which ngrok tunnels exist and their purpose 5. Set expiration reminders for temporary tunnels ## Examples ### Good - Using ngrok for Stripe webhook development, Vercel for production - Demoing to stakeholders with OAuth-protected tunnel - Testing mobile app against local API via ngrok ### Bad - Customer-facing API running through ngrok - Production webhook handler on an ngrok URL - ngrok as a permanent VPN replacement ## Enforcement Review infrastructure architecture for ngrok dependencies before production launch. Include ngrok-to-production migration in project planning.