NGrok documentation and hardening

[mayurjobanputra]

Description

Would be good to add some more info around how to install/setup NGrok.. i ended up setting it up after running setup and then wasn't sure if i should run setup again.. that did work.. eventually got it all working once i fixed the port issue (ngrok port has to match the npm run port being used)

I asked Gemini for help:

"i got it working and created an admin account.. but anyone that knows of https://xxxxxx-xxxx-xxxx.ngrok-free.dev/ can see my login page can't they"

Gemini's answer:

Yes, by default, an ngrok URL is public; anyone with the link can access your login page. However, you can secure it immediately using OAuth, which is available even on ngrok's free plan.

1. Add Google/GitHub Authentication (Easiest)

You can force users to sign in with a trusted provider (like Google or GitHub) before they even see your login page. Only people with specific email addresses will be allowed through.

To allow only your Gmail:

Stop your current ngrok session and run:

ngrok http 3000 --oauth=google --oauth-allow-email=your-email@gmail.com

Use Case

For users concerned about the single auth protection (admin account) of their ngrok tunnels for localhost, they can/should secure it further by specifying which gmail account is allowed to use their app