How Do I Terminate TLS?
You can configure TLS termination for HTTPS, TCP, and TLS endpoints with ngrok. By default, ngrok automatically terminates TLS for HTTPS endpoints, but you can still customize how that termination is done using the terminate-tls Traffic Policy action.
TLS (SSL) certificate management is automatically handled for you by default for all endpoints, though you can also bring your own TLS certificates.
How is TLS terminated by default?
An endpoint's protocol determines the ngrok cloud service's default TLS termination behavior.
| Endpoint Protocol | TLS Termination |
|---|---|
| HTTP | None |
| HTTPS | Always at ngrok's cloud service. |
| TLS | Default no termination, configurable with terminate-tls |
| TCP | Default no termination, configurable with terminate-tls |
Using terminate-tls
Visit the Traffic Policy docs to see examples using the terminate-tls action.
Learn more
- Using Traffic Policy — The
terminate-tlsTraffic Policy Action enables you to terminate TLS connections at ngrok's cloud service for TCP and TLS endpoints. - Behavior — Learn about how ngrok's TLS termination works, and how its built-in optimizatiions can improve the performance of your TLS endpoints.
- Certificates — ngrok makes managing TLS certificates simple. See the TLS Certificates documentation for more details on how they are selected, managed, provisioned and renewed.
- End-to-end encryption — Enabling end-to-end encryption for TLS endpoints is straightforward. See the docs on how TLS termination works to learn more.
Limits & pricing
TLS endpoints are available on Pay-as-you-go, Pro, and Enterprise plans. Consult the pricing documentation for general billing details.
For TLS limits, see the endpoint Limits documentation.