Closed TotallyInformation closed 3 years ago
Can you clarify where this default is set?
In the connect options
That option is for what ngrok exposes to the outside world, in the case of it being set to http
it means that ngrok accepts an http OR https connection based on the hostname and then forwards it to the client via an encrypted tunnel.
The other option in there is TCP which is if you want to use ngrok to forward a raw TCP connection to you again via the secure tunnel.
There is a TLS optionin ngrok if you are providing your own TLS cert on the client end but this isn't exposed through the node and I don't see any demand for it, there is also a significant amount of extra coinfiguration in providing the certificates.
In the latest version you now have the option of binding which allows you to force ngrok to serve the public url over http, https or both, the default being both and then it is down to the client making the request to choose the secure url, by default the url we output from the node though is the https version where both are set.
Gonna close this as 2.0.0 has had a fairly major overhaul, there's nothing that defaults to plain HTTP only.
It is very dangerous to have the default set to http and will lead people to thinking that they have a secure connection when they do not.