ngrok实现内网穿透

域名配置

申请一个自己的域名，假设用到的域名是ngrok.xxx.com，需要将ngrok.xxx.com和*.ngrok.xxx.com解析到自己的服务器上面

配置go语言环境

ngrok是go语音写的，服务器上需要配置go语言环境，相关配置命令如下：

下载

#下载
wget https://storage.googleapis.com/golang/go1.9.1.linux-amd64.tar.gz
#解压
tar -zxvf go1.9.1.linux-amd64.tar.gz
#移动到local目录
mv go /usr/local

创建软连接

#创建软连接
ln -s /usr/local/go/bin/* /usr/bin/

#测试是否配置成功
go env

安装ngrok

下载源码

1 2	cd /usr/local git clone https://github.com/inconshreveable/ngrok.git

生成证书

# 进入ngrok源码的目录
cd ngrok
# 设置域名，这里使用  ngrok.xxx.com
export NGROK_DOMAIN="ngrok.xxx.com"
# 然后依次执行以下命令即可
openssl genrsa -out rootCA.key 2048
openssl req -x509 -new -nodes -key rootCA.key -subj "/CN=$NGROK_DOMAIN" -days 5000 -out rootCA.pem
openssl genrsa -out device.key 2048
openssl req -new -key device.key -subj "/CN=$NGROK_DOMAIN" -out device.csr
openssl x509 -req -in device.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out device.crt -days 5000
# 替换原来证书
cp rootCA.pem ../assets/client/tls/ngrokroot.crt
cp device.crt ../assets/server/tls/snakeoil.crt
cp device.key ../assets/server/tls/snakeoil.key

编译服务端

1 2	cd /usr/local/ngrok GOOS=$GOOS GOARCH=$GOARCH make release-server

编译各大平台客户端

# 1、Linux 32位：linux 386
# 2、Linux 64位：linux amd64
# 3、Windows 32位：windows 386
# 4、Windows 64位：windows amd64
# 5、Mac OS 32位：darwin 386
# 6、Mac OS 64位：darwin amd64
# 7、Linux ARM：linux arm

# 对应以上各平台，将$1、$2替换成对应的值
cd /usr/local/ngrok/
# GOOS=$1 GOARCH=$2 make release-client
# 如编译Mac OS 64位客户端
GOOS=darwin GOARCH=amd64 make release-client

生成的客户端文件示例

.../ngrok/bin$tree
.
|-- darwin_amd64
|   `-- ngrok
|-- go-bindata
|-- linux_386
|   |-- ngrok
|   `-- ngrokd
|-- linux_arm
|   `-- ngrok
`-- windows_amd64
    `-- ngrok.exe

启动服务端

开启后台运行，注意端口8001，8443和4443开启防火墙或安全规则放行，端口也可自行定义

nohup /usr/local/ngrok/bin/ngrokd -domain="ngrok.xxx.com" -tlsCrt="/usr/local/ngrok/server.crt" -tlsKey="/usr/local/ngrok/server.key" -httpAddr=":8001" -httpsAddr=":8443" -tunnelAddr=":4443" -log-level="INFO" >/var/log/ngrok.log 2>&1 &

客户端配置

将上面生成的客户端可执行文件拷贝到需要内网穿透的设备上即可，这里直接说多域名和多TCP内网穿透配置文件，直接在客户端同级目录下创建ngrok.cfg配置文件，注意server_addr端口要与tunnelAddr对应，内容如下：

server_addr: ngrok.xxx.com:4443
trust_host_root_certs: false
tunnels:
 weixin:
  subdomain: weixin
  proto:
   http: 8002
 about:
  subdomain: about
  proto:
   http: 192.168.0.1:80
 ssh:
  remote_port: 2020
  proto:
   tcp: 22

内网穿透

启动特定转发

1	./ngrok -config ngrok.cfg -log ngrok.log start weixin

注：-log ngrok.log可以查看客户端日志，可去掉

将所有配置转发

1	./ngrok -config ngrok.cfg -log ngrok.log start-all

启动后出现online字样说明内网穿透成功

If you like this blog or find it useful for you, you are welcome to comment on it. You are also welcome to share this blog, so that more people can participate in it. If the images used in the blog infringe your copyright, please contact the author to delete them. Thank you !

...

00:00

自己搭建ngrok实现内网穿透