// use case

Expose your Django runserver on a public HTTPS URL

manage.py runserver listens on 127.0.0.1 and even with 0.0.0.0 only your LAN sees it. For Stripe webhooks, OAuth callbacks, or sharing a staging build with the team, you need [real HTTPS](/blog/expose-localhost-2026-guide). lrok terminates real TLS at the edge — no self-signed warnings, no proxy quirks. (For a look at how the edge cert is provisioned, see [reading Traefik ACME JSON](/blog/reading-traefik-acme-json).)

1
Run Django
```
$ python manage.py runserver 8000
```

Tunnel with a reserved hint

$ lrok reserve mysite-dev
$ lrok http 8000 --hint mysite-dev

Update ALLOWED_HOSTS
Add the subdomain to settings.py: ALLOWED_HOSTS = ['mysite-dev.lrok.io', 'localhost', '127.0.0.1']. Skip this and Django returns DisallowedHost.
CSRF + secure cookies
Add the URL to CSRF_TRUSTED_ORIGINS = ['https://mysite-dev.lrok.io'] for POSTs. Django sees real HTTPS so secure-cookie middleware works the same as in prod.

// why lrok for this

Django ties HMAC signatures and CSRF tokens to the request body and Origin header — both of which lrok proxies verbatim. Stripe webhook signatures pass on the first try.

Start free Install the CLI See pricing

Expose your Django runserver on a public HTTPS URL

Run Django

Tunnel with a reserved hint

Update ALLOWED_HOSTS

CSRF + secure cookies

Related workflows