Deploy a public SkillFlaw server
By default, a local SkillFlaw deployment is reachable only from the machine or network where it is running.
For temporary sharing, remote debugging, or short-lived demos, you can publish local ports through a forwarding service such as ngrok or zrok.
This page is about forwarding an existing deployment. It is not the recommended long-term production shape; for durable public hosting, use a real reverse proxy or ingress layer such as Nginx with HTTPS.
Decide what you actually want to expose
SkillFlaw does not use a single catch-all public port for every feature.
Pick the upstream that matches the thing you are sharing:
| Local upstream | Public use |
|---|---|
http://localhost:7860 | Backend API, /health, webhooks, /api/v1/run/*, /api/v1/responses, /api/v1/mcp/streamable |
http://localhost:3001 | Frontend UI and shareable playground routes such as /playground/:id/ |
http://localhost:3002 | Standalone docs service |
If you only need API or MCP access, publish the backend. If you need the browser UI or a public playground page, publish the frontend.
Prerequisites
- A local SkillFlaw deployment that is already running
- A forwarding tool such as ngrok or zrok installed locally
- Credentials for the forwarding tool if it requires sign-in
If you need help bringing the local stack up first, see Install SkillFlaw for deployment.
Expose the backend for API and MCP traffic
Use this pattern when you want remote clients to hit the backend directly.
-
Make sure the backend is listening on
7860. -
Authenticate your forwarding tool if required. For ngrok, for example:
_10ngrok config add-authtoken NGROK_AUTHTOKEN -
Publish the backend port.
_10ngrok http http://localhost:7860 -
Save the generated public URL.
Example output:
_10Forwarding https://example.ngrok-free.app -> http://localhost:7860 -
Verify the backend is reachable:
https://example.ngrok-free.app/healthhttps://example.ngrok-free.app/api/v1/mcp/streamable
Use the public backend for API requests
Point your API client at the forwarded backend domain.
For example:
_10curl -X POST \_10 "https://example.ngrok-free.app/api/v1/webhook/FLOW_ID" \_10 -H "Content-Type: application/json" \_10 -H "x-api-key: YOUR_API_KEY" \_10 -d '{"data": "example-data"}'
Use the public backend for MCP clients
Public MCP traffic still uses the same backend transport endpoint:
https://example.ngrok-free.app/api/v1/mcp/streamable
That is the URL you pass to clients following Use SkillFlaw as an MCP server.
Expose the frontend for UI and playground sharing
Use this pattern when people need a browser-accessible SkillFlaw UI or a public shareable playground page.
-
Make sure the frontend is listening on
3001. -
Publish the frontend port.
_10ngrok http http://localhost:3001 -
Open the generated public URL in a browser.
-
If you are sharing a playground link, use the public frontend domain together with the route format already used by the UI:
https://example.ngrok-free.app/playground/FLOW_ID/
Expose the standalone docs service
If you run docs as a separate local service, publish port 3002 instead:
_10ngrok http http://localhost:3002
Security notes
Forwarding tools make local services reachable from the internet very quickly. That convenience cuts both ways.
- Do not assume the generated public URL is private.
- Keep API authentication enabled for any backend you expose publicly.
- Treat forwarded MCP endpoints exactly like any other public API surface.
- Prefer short-lived forwarding sessions for demos and debugging.
- For durable internet exposure, move to Nginx and HTTPS or another controlled ingress layer.