Earlier, I wrote an article that uses frp to achieve intranet penetration. Here I introduce another one, which is called Ngrok
Official website: https://ngrok.com/
Github: https://github.com/inconshreveable/ngrok
1、 Why Ngrok?
1) Provide free intranet penetration service, and free server supports binding custom domain names;
2) Manage intranet servers and demonstrate on intranet web;
3) Local WEB Internet access, local development WeChat, TCP port forwarding;
4) No configuration is required. After downloading the client, you can directly send a command to let the Internet access your intranet
5) More features are waiting for you to explore.
2、 Required for construction:
1) One VPS as an intermediate server (Tencent Cloud and Alibaba Cloud are recommended)
2) One domain name (preferably filed)
3) Xshell and xftp are similar to remote server tools
3、 Server building:
1) The demonstration system opens the required ports for Centos7.2 and the main firewall, and resolves the domain name to the server IP, such as n.51it.wang. Then *. n.51it.wang and n.51it.wang need to be resolved to the server IP.
The remote login server directly executes the following commands:
yum install gcc git -y //According to dependency and git
wget https://studygolang.com/dl/golang/go1.8.linux-amd64.tar.gz //Download the Go source code package, or simply yum install golang - y
tar -zxvf go1.8.linux-amd64.tar.gz //Decompress Go source package
vi /etc/profile //Set the environment variable and add the following lines:
Export GOROOT=Your go decompression address export PATH=$PATH:$GOROOT/bin
source /etc/profile //Environment variable takes effect
go version //Check whether the go installation is successful
git clone https://github.com/inconshreveable/ngrok.git //Clone the ngrok project
//Next, generate the ssl certificate, copy and paste it directly
cd ngrok NGROK_DOMAIN="n.51it.wang" openssl genrsa -out base.key 2048 openssl req -new -x509 -nodes -key base.key -days 5000 -subj "/CN=$NGROK_DOMAIN" -out base.pem openssl genrsa -out server.key 2048 openssl req -new -key server.key -subj "/CN=$NGROK_DOMAIN" -out server.csr openssl x509 -req -in server.csr -CA base.pem -CAkey base.key -CAcreateserial -days 5000 -out server.crt
//Copy the certificate below. If prompted to overwrite, enter Y directly
cp base.pem assets/client/tls/ngrokroot.crt cp server.crt assets/server/tls/snakeoil.crt cp server.key assets/server/tls/snakeoil.key
make release-server release-client //This step takes a long time to wait. After successful compilation, the ngrokd and ngrok files will be found in the bin directory.
nohup ./ bin/ngrokd -tlsKey=server.key -tlsCrt=server.crt -domain="n.51it.wang" -httpAddr=":82" -httpsAddr=":8082" -tunnelAddr=":4443" > /dev/null 2>&1 & //Running ngrok in the background
GOOS=windows GOARCH=amd64 make release-client //Windows system (in ngrok/bin/windows_amd64 after compilation)
Note:
If it is a 32-bit system, GOARCH=386; If 64 is a system, GOARCH=amd64
If you want to compile linux, GOOS=linux; If you want to compile the window, GOOS=windows
Now the Ngrok server deployment is complete.
4、 Client configuration:
Download the windows_amd64 file generated on the server to the Windows machine.
Create a new ngrok.cfg file in the same directory and write the following contents:
Server_addr: "Your domain name: 4443" trust_host_root_certs: false //To configure multiple tunnels, add the following: tunnels: www: proto: http: "8080" mstsc: remote_port: 39001 proto: tcp: "127.0.0.1:3389"
Start the client and switch the cmd to the directory for execution
ngrok.exe -config=./ ngrok.cfg -subdomain aa 8080
//If multiple configurations are added, start as ngrok.exe -config=./ ngrok.cfg start www mstsc
If you need to access on the Internet, it is aa.n.51it.wang: 82, and you can go to the intranet localhost: 80
other:
Http protocol:
ngrok.exe -config=./ ngrok.cfg -subdomain aa -proto=http 8080
TCP protocol:
ngrok.exe -config=./ ngrok.cfg -subdomain aa -proto=udp 8080
At this point, the client configuration is complete.
5、 Optimization
1) If you want to use port 80 of the server, but port 80 of the server is occupied by other business ports, you can use nginx proxy. The following provides a reference configuration file of nginx:
upstream ngrok { server 127.0.0.1:82; keepalive 64; } server { listen 80; server_name n.51it.wang *.n.51it.wang; access_log /www/wwwlogs/n.51it.wang.log; error_log /www/wwwlogs/n.51it.wang.error.log; proxy_set_header "Host" $host:82; location / { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host:82; proxy_pass_header Server; proxy_redirect off; proxy_pass http://ngrok ; } access_log off; log_not_found off; }
Remember to restart nginx to take effect after modification.
Reference article:
https://blog.csdn.net/u010444106/article/details/80457985
https://www.javatang.com/archives/2018/04/17/05302345.html
http://yangbingdong.com/2017/self-hosted-build-ngrok-server/index.html
https://blog.csdn.net/thislirlu/article/details/53610418
