Skip to main content
fasu.devวงแหวนเว็บ
01

Stop Fighting `localhost`: Stable Dev URLs with Cloudflared

·4 min read
CloudflarecloudflaredDevOpsWebhooksLINE OADevelopment

Local development is easy until it isn't.

The moment your project touches webhooks, OAuth callbacks, or third-party platforms like LINE Official Account, http://localhost becomes useless. No HTTPS. No public access. No stability. Just a wall you keep running into while trying to ship features.

After fighting this problem across multiple projects, I stopped treating it as a temporary inconvenience and fixed it properly. Cloudflared Tunnel ended up being the cleanest solution.

The Localhost Wall

Many platforms simply refuse to talk to localhost.

LINE Messaging API, payment gateways, OAuth providers, and most webhook-based services expect one thing: a public HTTPS URL. They don't care that you're “just developing.” From their perspective, your server either exists on the internet or it doesn't.

LINE, for example, explicitly requires webhook endpoints to be public and HTTPS-only (LINE Messaging API docs). OAuth providers follow similarly strict rules around redirect URIs (OAuth 2.0 RFC 6749).

The usual workflow looks like this:

  • Start a local server
  • Expose it using a tunnel
  • Get a random public URL
  • Update webhook or callback settings
  • Restart the server
  • Repeat everything because the URL changed

It works, but it's fragile. The moment you restart your machine or your tunnel drops, everything breaks again.

Why Random URLs Aren't Enough

Tools that expose a random public URL without authentication are convenient, but they don't scale beyond quick demos.

The problems show up fast:

  • Webhook URLs change every restart
  • OAuth redirect URIs need constant updates
  • Hard to share a stable endpoint with teammates
  • Impossible to treat dev like a real environment

Some tools offer reserved domains as a paid feature (ngrok guide), which helps, but the underlying model still feels temporary rather than infrastructural.

For webhook-driven systems, instability is the real enemy. You want your dev environment to behave like production, just smaller and safer.

What Cloudflared Tunnel Actually Solves

Cloudflared Tunnel flips the model.

Instead of opening a port or exposing your machine directly, it creates an outbound tunnel from your local server to Cloudflare's network. Cloudflare handles HTTPS, DNS, and routing (Cloudflare DNS). Your machine never accepts inbound traffic.

This gives you:

  • HTTPS by default (why HTTPS matters)
  • No public IP required
  • No firewall or NAT configuration
  • Production-grade networking for local development

Cloudflared supports two distinct modes (cloudflared on GitHub), and the difference matters.

Temporary Tunnels (No Login, No Domain)

You can run Cloudflared without logging in or owning a domain. It gives you a random HTTPS URL that forwards traffic to your local server (run a local tunnel).

This is fine for:

  • Quick testing
  • Demos
  • Debugging something once

It's not fine for:

  • Webhooks
  • OAuth
  • Long-running development
  • Anything you need to configure once and forget

Stable Tunnels (Login + Custom Domain)

This is where Cloudflared becomes genuinely useful.

When you log in and attach a domain (create a tunnel), you get:

  • Stable subdomains
  • Persistent URLs
  • Multiple services behind one tunnel
  • Zero reconfiguration after restarts

Your local machine starts behaving like a real environment.

A Real Use Case: LINE OA Chatbot Development

LINE Official Account webhooks are strict. They must be:

They do not support http://localhost:<port>.

With Cloudflared, the flow becomes simple:

plaintext
LINE Platform

https://api-dev.fasu.dev/webhook

Cloudflared Tunnel

http://localhost:8787

Your chatbot runs locally. LINE talks to a real HTTPS URL. Nothing breaks when you restart your server.

This setup pairs especially well with LINE LIFF, where a frontend LIFF app and backend webhook often need to evolve together.

One Tunnel, Multiple Services

A single Cloudflared tunnel can expose multiple local services under different subdomains using ingress rules (ingress configuration reference).

Example configuration:

yaml
tunnel: fasu-dev
credentials-file: ~/.cloudflared/credentials.json
 
ingress:
  - hostname: dev.fasu.dev
    service: http://localhost:3000
 
  - hostname: api-dev.fasu.dev
    service: http://localhost:8787
 
  - service: http_status:404

Now you have:

  • dev.fasu.dev for your frontend
  • api-dev.fasu.dev for your backend
  • Both running locally
  • Both HTTPS
  • Both stable

This mirrors how real environments are structured, instead of treating development as a special case.

Why This Beats the Usual Alternatives

This isn't about declaring winners. It's about choosing tools that match the problem.

Cloudflared tunnels feel less like a workaround and more like real infrastructure:

  • URLs don't change
  • Domains look like production
  • Webhooks don't need reconfiguration
  • Dev, staging, and preview environments can share the same pattern

Once set up, it disappears into the background. That's exactly what infrastructure should do.

When Cloudflared Is Overkill

Not every project needs this.

If you're:

  • Sharing a quick demo
  • Testing something once
  • Debugging a one-off webhook

A temporary tunnel is fine.

But if your workflow depends on webhooks, callbacks, or third-party integrations, stability is not optional.

Final Thoughts

The mistake I made early on was treating webhooks as a production-only concern.

They aren't.

If your dev environment behaves differently from production, you'll spend your time fighting tools instead of building features. This idea maps closely to dev–prod parity.

Once your local URLs stop changing, everything else gets easier.