I'm running this:
ngrok -hostname=dev.myhostname.io -proto=https 192.168.59.103:443
When I go to https://dev.myhostname.io nginx returns a 400 error saying "The plain HTTP request was sent to HTTPS port"
If I add dev.myhostname.io to my hosts file and navigate there or to the ip address without ngrok running, the site displays just fine.
@ianwalter have you made any progress with this? Looks like you're running you nginx in a docker that you're trying to get ngrok to talk to?
Today I was (and sort of still am) struggling with the same setup. I have mine working requests that I make both from my machine and from a separate machine, however the endpoint I'm setting up if for twilio, a third party service, to hit. When twilio makes the request to my endpoint I'm getting this error again, but cannot figure out why.
My ~/.ngrok2/ngrok.yml looks like
authtoken: MY_AUTH_TOKEN
tunnels:
my-nginx:
proto: tls
hostname: dev.myhostname.com
addr: 192.168.59.103:443
Note: This requires ngrok 2.0
Hope this helps you a tad and maybe you'll be able to point me to what I'm doing wrong.
I am also having this issue. I'm running Nginx on a Vagrant VM. I have also started Ngrok on the VM itself. When I visit my hostname I get this error. When I spoof the IP of the vagrant VM on my host /etc/hosts file it loads with my valid SSL certs and everything.
ngrok tls -hostname=dev.example.com -crt /var/www/certs/dev.example.com.cert -key /var/www/certs/dev.example.com.key 443
It's almost guaranteed that this means that the HTTP client doesn't support TLS SNI. What browser/language version are you using to make requests?
sorry the error message is so poor, I'm going to have that fixed soon
On Jun 25, 2015, at 12:19 PM, Andrew Ellis [email protected] wrote:
I am also having this issue. I'm running Nginx on a Vagrant VM. I have also started Ngrok on the VM itself. When I visit my hostname I get this error. When I spoof the IP of the vagrant VM on my host /etc/hosts file it loads with my valid SSL certs and everything.
ngrok tls -hostname=dev.example.com -crt /var/www/certs/dev.example.com.cert -key /var/www/certs/dev.example.com.key 443
—
Reply to this email directly or view it on GitHub.
I am using Chrome 43.0.2357.130 (64-bit) to make these requests. Curl does the same thing:
$ curl https://app.dev.kickaconference.com
<html>
<head><title>400 The plain HTTP request was sent to HTTPS port</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>nginx/1.6.3</center>
</body>
Tunnel Status online
Version 2.0.19/2.0.19
Web Interface http://127.0.0.1:4040
Forwarding tls://app.dev.kickaconference.com -> localhost:443
Ah! Oops I misread your original issue, that's not it at all.
When you specify '-crt' and '-key' then ngrok terminates the TLS traffic for you, which is not what you want when forwarding to 443 which expects TLS traffic. Try removing key/crt options or forward to port 80 instead which is going to expect unencrypted traffic
On Jun 25, 2015, at 12:27 PM, Andrew Ellis [email protected] wrote:
unnel Status online
Version 2.0.19/2.0.19
Web Interface http://127.0.0.1:4040
Forwarding tls://app.dev.kickaconference.com -> localhost:443
—
Reply to this email directly or view it on GitHub.
Okay, so this "works":
ngrok tls -hostname app.dev.kickaconference.com 443
However, how can I get Ngrok to use my valid SSL certs for this tunnel traffic? The objective here is to allow third party services to talk to my local VM via their Webhooks (Stripe, Mailgun, etc.).
I'm testing a ton of webhook integrations on our product, but everything has to be over SSL. I'd like to ensure that these tests are running with my valid certs. Is this even possible with Ngrok?
Yes, your options are:
To test your integration as fully as possible, I recommend option 1.
Keep in mind that not all webhook providers will support TLS SNI but the majority should. If you find any that don't, let me know and I'll work with them to get it fixed.
On Jun 25, 2015, at 12:42 PM, Andrew Ellis [email protected] wrote:
Okay, so this "works":
ngrok tls -hostname app.dev.kickaconference.com 443
However, how can I get Ngrok to use my valid SSL certs for this tunnel traffic? The objective here is to allow third party services to talk to my local VM via their Webhooks (Stripe, Mailgun, etc.).I'm testing a ton of webhook integrations on our product, but everything has to be over SSL. I'd like to ensure that these tests are running with my valid certs. Is this even possible with Ngrok?
—
Reply to this email directly or view it on GitHub.
Nginx is already configured to use SSL:
server {
include /etc/nginx/basic.conf;
listen 443 ssl;
server_name app.dev.kickaconference.com;
access_log /var/log/nginx/application.access.log;
error_log /var/log/nginx/application.error.log;
root /var/www/application/public;
index index.php index.html;
ssl on;
ssl_certificate /var/www/certs/dev.kickaconference.com.cert;
ssl_certificate_key /var/www/certs/dev.kickaconference.com.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
}
The Nginx install has SNI Support Enabled: nginx -V
nginx version: nginx/1.6.3
built by gcc 4.8.3 20140911 (Red Hat 4.8.3-9) (GCC)
TLS SNI support enabled
configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/run/nginx.pid --lock-path=/run/lock/subsys/nginx --user=nginx --group=nginx --with-file-aio --with-ipv6 --with-http_ssl_module --with-http_spdy_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module --with-http_image_filter_module --with-http_geoip_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_stub_status_module --with-http_perl_module --with-mail --with-mail_ssl_module --with-pcre --with-pcre-jit --with-google_perftools_module --with-debug --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic' --with-ld-opt='-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-E'
Starting Ngrok with the following:
ngrok tls -hostname=app.dev.kickaconference.com 443
However, when I use curl (or Chrome) I get the SSL cert is insecure warning. The SSL certificates being used were purchased from Namecheap for the app.dev.kickaconference.com domain. The certificate is valid though.
Here is a screen shot of the cert information when I spoof app.dev.kickaconference.com to the Vagrant VM's IP to bypass Ngrok (locally):

Thanks for you help so far by the way; sorry to be a pest. Just want to get this working :)
That all looks right to me. What specific certificate validation error is reported when you access through ngrok?
On Jun 25, 2015, at 1:37 PM, Andrew Ellis [email protected] wrote:
Thanks for you help so far by the way; sorry to be a pest. Just want to get this working :)
—
Reply to this email directly or view it on GitHub.
# curl https://app.dev.kickaconference.com
curl: (60) Peer's Certificate issuer is not recognized.
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
Ran yum update ca-certificates as well to ensure I had the latest release. That's up to date. (CentOS 7 btw).
Definitely some kind of local issue on your box. Maybe restart chrome or whole OS after updating your certs?

inconshreveable [~] ♡ : curl https://app.dev.kickaconference.com/
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8" />
<meta http-equiv="refresh" content="1;url=https://app.dev.kickaconference.com/auth/login" />
<title>Redirecting to https://app.dev.kickaconference.com/auth/login</title>
</head>
<body>
Redirecting to <a href="https://app.dev.kickaconference.com/auth/login">https://app.dev.kickaconference.com/auth/login</a>.
</body>
</html>
Huuuuuh... Alright let me give that a go. Will report back once verified.
All clear in Chrome. However, the curl command is still failing from a remote VM hosted out in Digital Ocean's world.
I don't _think_ this is going to be an issue though. I'll report back if any of my webhook integrations puke over the SSL.
Cheers sir!
Awesome. curl is likely using a different CA store, not sure why though =/ Closing this out, feel free to reopen if there are other issues
I am also having the same issue and I don't know how to get past it. I have read the documentation and searched online - finding this.
I want to be able to use ngrok for the webhooks that need to be able to connect to my local development environment. I am registered on the business plan. This is my set up:
server {
listen 80;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name matfin.local.com;
ssl_certificate /opt/matfin-server.crt;
ssl_certificate_key /opt/matfin-server.key;
access_log /var/log/matfin-access.log;
error_log /var/log/matfin-error.log;
location / {
proxy_pass http://matfin-app:2000;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
When I navigate to https://matfin.local.com I can see the usual certificate security warning which I just click past. I can then see my app - perfect!
What I want to be able to do is fix the tunnel so that when I go tohttps://my-site.ngrok.io I can see my app, but instead I am getting the following error with a status code of 400:
The plain HTTP request was sent to HTTPS port
What I want to know is:
@matfin I have a very similar setup as you with the only possibly relevant difference being I'm not using a self-signed cert but a wildcard cert. Just last week I spent some time getting it all working again on my machine, there are a lot of moving pieces and honestly I'm not sure I can tell you what to do over a comment. Let me know if you'd want me to try to help over hangouts or something.
Having the same problem. How can I fix this?
Hi @joelash and thanks for the offer of help.
What I ended up doing was removing the Nginx container from my Docker Compose set up and then binding Ngrok to the running instance of node via port 3000. I paid to have a custom subdomain from Ngrok.io so I could set that up properly in the Facebook settings for the app I was working on without needing to change it all the time.
I was able to have the Facebook webhook configured to point to Ngrok, which was serving my local running instance of the Node app over https. That bypassed the problem but I never looked more into setting things up with the Nginx container acting as a reverse proxy in the background.
Most helpful comment
I am also having the same issue and I don't know how to get past it. I have read the documentation and searched online - finding this.
I want to be able to use ngrok for the webhooks that need to be able to connect to my local development environment. I am registered on the business plan. This is my set up:
When I navigate to
https://matfin.local.comI can see the usual certificate security warning which I just click past. I can then see my app - perfect!What I want to be able to do is fix the tunnel so that when I go to
https://my-site.ngrok.ioI can see my app, but instead I am getting the following error with a status code of 400:What I want to know is: