2017年2月10日星期五

内网穿透 ngrok 服务器和客户端配置(常见问题解决)

Basic

ngrok.com has been GFWed

Installation

  1. https://ngrok.com/download
  2. unzip ngrok.zip

Usage

Expose a local web server to the internet

1
$ ngrok http 8000
output will be like
1
2
3
4
5
6
7
8
9
10
ngrok by @inconshreveable (Ctrl+C to quit)
Tunnel Status online
Version 2.0.19/2.0.19
Web Interface http://127.0.0.1:4040
Forwarding http://c9f486b5.ngrok.io -> localhost:8000
Forwarding https://c9f486b5.ngrok.io -> localhost:8000
Connections ttl opn rt1 rt5 p50 p90
0 0 0.00 0.00 0.00 0.00
http://c9f486b5.ngrok.io also GFWed

TCP Tunnels

1
$ ./ngrok tcp 22
output will be like
1
2
3
4
5
6
7
8
9
ngrok by @inconshreveable (Ctrl+C to quit)
Tunnel Status online
Version 2.0.19/2.0.19
Web Interface http://127.0.0.1:4040
Forwarding tcp://0.tcp.ngrok.io:33213 -> localhost:22
Connections ttl opn rt1 rt5 p50 p90
0 0 0.00 0.00 0.00 0.00
ssh login
1
2
$ proxychains4 ssh [email protected] -p 33213
# http://bumaociyuan.github.io/breakwall/2015/08/10/using-shadowsocks-in-terminal.html

Free server

TUNNEL是一个基于NGROK的免费网络服务

Setup ngrok on your own server

Setup ngrok

1
2
3
4
$ cd /usr/local/src/
$ git clone https://github.com/inconshreveable/ngrok.git
$ export GOPATH=/usr/local/src/ngrok/
$ export NGROK_DOMAIN="yourdomain.com"
1
2
3
4
5
6
7
8
$ openssl genrsa -out rootCA.key 2048
$ openssl req -x509 -new -nodes -key rootCA.key -subj "/CN=$NGROK_DOMAIN" -days 5000 -out rootCA.pem
$ openssl genrsa -out device.key 2048
$ openssl req -new -key device.key -subj "/CN=$NGROK_DOMAIN" -out device.csr
$ openssl x509 -req -in device.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out device.crt -days 5000
$ cp rootCA.pem assets/client/tls/ngrokroot.crt
$ cp device.crt assets/server/tls/snakeoil.crt
$ cp device.key assets/server/tls/snakeoil.key

Compiling server

Installl golang on Ubuntu

1
2
3
$ sudo apt-get install golang # do not use this
$ go version # v1.02 is too low
$ sudo apt-get remove --auto-remove golang # remove golang v1.02
For 32bit machine
1
2
$ wget --no-check-certificate --no-verbose https://storage.googleapis.com/golang/go1.4.2.linux-386.tar.gz
$ tar -C /usr/local -xzf go1.4.2.linux-386.tar.gz
Add this line on your .bashrc
1
export PATH=$PATH:/usr/local/go/bin

Compile

1
2
3
$ GOOS=linux GOARCH=amd64
$ make release-server
#如果是32位系统,这里 GOARCH=386
Error
1
2
3
4
GOOS="" GOARCH="" go get github.com/jteeuwen/go-bindata/go-bindata
# github.com/jteeuwen/go-bindata
src/github.com/jteeuwen/go-bindata/toc.go:47: function ends without a return statement
make: *** [bin/go-bindata] Error 2

Start server

1
2
3
$ bin/ngrokd -domain="$NGROK_DOMAIN" -httpAddr=":8000" #client could not connect
# or
$ bin/ngrokd -tlsKey="assets/server/tls/snakeoil.key" -tlsCrt="assets/server/tls/snakeoil.crt" -domain="yourdomain.com"

Compiling client

Install golang on mac

Compile

Replace /usr/local/src/ngrok/src/ngrok/log/logger.go line 5 with
1
2
log "github.com/keepeye/log4go"
# Thanks GFW
1
2
$ GOOS=darwin GOARCH=amd64
$ make release-client

Start client

Edit config.cfg
1
2
3
4
5
6
7
8
9
10
11
12
server_addr: "yourdomain.com:4443"
trust_host_root_certs: false
tunnels:
http:
subdomain: "subdomain"
proto:
http: "80"
ssh:
remote_port: 2222
proto:
tcp: "22"
1
2
3
$ ./ngrok -config config.cfg start http ssh
# or
$ ngrok -config config.cfg -subdomain=test 8000

Launch client in mac on startup using Launchd

1
2
# Add Program to run following line
<ngrok-path>/bin/ngrok -config <ngrok-path>/config.cfg start ssh
Error on server log
1
2
3
4
[09/23/15 01:42:27] [INFO] [tun:2a8cef20]New connection from ***.***.**.**:54043
[09/23/15 01:42:27] [DEBG] [tun:2a8cef20] Waiting to read message
[09/23/15 01:42:27] [WARN] [tun:2a8cef20] Failed to read message: remote error: bad certificate
[09/23/15 01:42:27] [DEBG] [tun:2a8cef20] Closing
Solution
1
2
$ bin/ngrokd -tlsKey="assets/server/tls/snakeoil.key" -tlsCrt="assets/server/tls/snakeoil.crt" -domain="yourdomain.com"
# compile client with the same certificate

Add ngrok start up

1
$ vim /etc/rc.local
add line before exit

1
<ngrok-path>/ngrok -config config.cfg start http ssh > /dev/null &
地点: 中国四川省成都市