johndpope
commented
2 years ago it seems this ngrok to be locked down further ngrok http -subdomain=inconshreveable 80
Anyone who can guess your tunnel URL can access your local web server unless you protect it with a password. You can make your tunnels secure with the -auth switch. This enforces HTTP Basic Auth on all requests with the username and password you specify as an argument.
Password protecting your tunnel https://ngrok.com/docs ngrok http -auth="username:password" 8080
I'm not sure how to go about getting the webhook to use a password. this needs documentation.
Running with localhost is fine with docker - I need some hand holding with a domain name.
I'm ok to not use domain name and use ngrok subdomain - I'm easy - just need this to work for client.
Setting up ngrok is not trivial. https://dashboard.ngrok.com/endpoints/domains
There's some choices with plans - the configuration and commands is not so straightforward.
so I think the ngrok subdomain is ok - I purchased this
I run the ngrok command to update the auth token as spelled out in the ngrok dashboard.
then run ./ngrok http --region=us --hostname=YOURSUBDOMAINHERE.ngrok.io 80
should that be port 80???
UPDATE - digging into the docker compose I can see it should route to port 5000 - that makes sense.
I think it's better to use ngrok server name alias on server to point to localhost - than change the name.
UPDATE this line https://github.com/plaid/pattern/blob/master/client/src/components/Sockets.jsx#L15
needs some documentation - this is appropriate for running ngrok locally - but will fail unless it's updated to subdomain / domain name.
UPDATE I update connection to use https - and some Mixed Content / secure /insecure errors disappeared.