If you're working on a web application running on https://localhost:4002
, you've probably run into the challenge of securely sharing your local server with someone outside your network—perhaps a colleague, tester, or webhook provider. That's where ngrok comes in handy.
In this post, we’ll look at how to expose a local HTTPS server running on port 4002
using a public URL with ngrok, even when your local server uses HTTPS.
The Command
ngrok http --url=exotic-premium-walrus.ngrok-free.app https://localhost:4002
This command might look a bit unusual at first—especially the use of --url
. Let’s break it down:
ngrok http
This tells ngrok to start an HTTP tunnel. ngrok will route external HTTP/HTTPS traffic to your local machine.
--url=exotic-premium-walrus.ngrok-free.app
This optional flag is used to bind a custom subdomain or reserved domain if your ngrok account supports it. In the free tier, ngrok randomly assigns a domain, but if you’ve claimed a reserved domain like exotic-premium-walrus.ngrok-free.app
, this flag ensures ngrok uses that exact URL.
Note: You must have already reserved the subdomain on your ngrok dashboard.
https://localhost:4002
This is the local server you want to expose. In this case, it's running on localhost
with HTTPS on port 4002
.
Why use ngrok with an HTTPS localhost?
Sometimes, you need to serve your app over HTTPS locally—for example, to test secure cookies, Service Workers, or third-party integrations that require a secure origin.
But exposing an HTTPS server through ngrok adds a few considerations:
- ngrok terminates HTTPS at the edge and forwards to your local server using the protocol you specify.
- If your local server uses HTTPS, you must tell ngrok explicitly by including
https://
in the target URL. - Some tools (like browsers or webhook testers) may have different behavior based on whether the tunnel forwards to
http
orhttps
locally—this makes it important to specify correctly.
Gotchas and tips
- Ensure your local HTTPS server is using a trusted certificate. Browsers and some clients may reject self-signed certs.
- If ngrok fails to bind the requested URL, check that you’ve reserved the subdomain in your ngrok dashboard.
- You can omit
--url=...
and ngrok will assign a random domain likehttps://quick-lion-12345.ngrok-free.app
.
If this post was enjoyable or useful for you, please share it! If you have comments, questions, or feedback, you can email my personal email. To get new posts, subscribe use the RSS feed.