CentOS 7.6 intranet penetration service lanproxy deployment

In many scenarios, intranet penetration is a requirement that we often encounter. We have used some tools such as peanut shell, ngrok, FRP and so on before, but due to various factors such as speed limit, charges, and safety, we had to give up.

Recently, I accidentally saw "Portal: lanproxy", an open source tool. I just purchased a Huawei cloud host server for free, which can just achieve intranet penetration.

I. Overview

1. What is intranet penetration service

Intranet penetration, that is, NAT penetration, a term used for network connection. When the computer is in a local area network, the computer nodes on the external network and the internal network need to be connected and communicated. Sometimes, intranet penetration is not supported.

2. What is lanproxy

lanproxy is an intranet penetration tool that proxies LAN personal computers and servers to the public network. Currently, it only supports tcp traffic forwarding, and can support any tcp upper-level protocol (access to intranet website, local payment interface debugging, ssh access, remote desktop... ). At present, there are peanut shell, TeamView, GoToMyCloud, etc. on the market that provide similar services, but to use a third-party public network server, you must pay for the third party, and these services have various restrictions. In addition, due to the data package It will flow through a third party, so it is also a major hidden danger to data security. https://lanproxy.io2c.com

3. The principle of intranet penetration

The principle of intranet penetration is shown in the figure below:

1. The user visits our server, this server has a public IP, so users can access without pressure
2. The server maintains a long link with the local computer. When there is a request, the server forwards the request to our local computer
3. The local computer replies the response to the server
4. The server replies the response to the user

2. Start deployment

1. Prepare the environment

Host	IP	Roles	YOU	service
internet-yanmb	Internet IP	Cloud Server	centos 7.6	docker (simplify more configuration, use docker container to build here); Nginx environment
didi	Intranet IP	Intranet PC	centos 7.6	Java JDK 1.8 Maven (package dependency management tool)

2. Public network server configuration (docker)

2.1 Deploy docker and nginx in the basic environment

1、安装依赖包
[root@internet-yanmb ~]# yum install -y yum-utils  device-mapper-persistent-data  lvm2

2、安装
[root@internet-yanmb ~]#  yum install docker nginx

3、启动doker、nginx
[root@internet-yanmb ~]# systemctl start docker && systemctl enable docker
[root@internet-yanmb ~]# systemctl start nginx && systemctl enable nginx 

2.2 Start the lanproxy service through Docker

[root@internet-yanmb ~]# docker run -d --name lanproxy-server -p 8090:8090 -p 4900:4900 -p 4993:4993 -p 9000-9100:9000-9100  --restart=always biodwhu/lanproxy

2.3 Enter your public network server IP: 8090

Default password admin/admin

2.4 Nginx reverse proxy configuration domain name (optional)

In the previous step, we started a lanproxy environment through docker, but it can only be accessed through the IP address. Configuring the Nginx reverse proxy only serves the domain name access function.

vim /etc/nginx/conf.d/lanproxy.didi.cn.conf

server {
    
    
    listen 80;
    # 这里使用自己的域名
    server_name lanproxy.didi.com;
    charset utf-8;
    location / {
    
    
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   Host      $http_host;
        # 这里根据你的 lanproxy 配置，改成 config.server.port的值
        proxy_pass       http://127.0.0.1:8090;
        client_max_body_size 35m;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

Configure intranet service proxy
vim etc/nginx/conf.d/kodcloud.didi.cn.conf

server {
    
    
    listen 80;
    # 这里使用自己的域名
    server_name kodcloud.didi.cn;
    charset utf-8;
    location / {
    
    
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   Host      $http_host;
        # 这里根据你的lanproxy配置，改成 外网接口 的值，在lanproxy后台网页上配置，后面配置
        proxy_pass       http://127.0.0.1:9000;
        client_max_body_size 35m;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

127.0.0.1: port These ports can be used

Restart Nginx

systemctl restart nginx

2.5 Continue to configure the lanproxy background service

Configure a client

Add configuration

3. Intranet PC configuration (Java client)

3.1 Install jdk1.8 environment

# jdk下载地址
https://www.oracle.com/java/technologies/javase/javase-jdk8-downloads.html

tar -zxvf jdk-8u281-linux-x64.tar.gz -C /usr/local/

# 配置环境变量
vim /etc/profile
export JAVA_HOME=/usr/local/jdk1.8.0_281/
export JRE_HOME=${JAVA_HOME}/jre    
export CLASSPATH=.:${JAVA_HOME}/lib:${JRE_HOME}/lib    
export PATH=${JAVA_HOME}/bin:$PATH

# 执行命令使修改立即生效
source /etc/profile

# 验证
java -version

# 配置软连接
update-alternatives --install /usr/bin/java  java  /usr/local/jdk1.8.0_181/java 300   
update-alternatives --install /usr/bin/javac  javac  /usr/local/jdk1.8.0_181/bin/javac 300 

3.2 Install maven environment

http://maven.apache.org/download.cgi Download maven.

# 下载maven
wget https://mirrors.bfsu.edu.cn/apache/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz

# 解压到/opt/maven 目录
mkdir /opt/maven
tar zxvf apache-maven-3.6.0-bin.tar.gz -C /opt/maven

# 配置maven 配置环境变量
vim /etc/profile
export M2_HOME=/opt/maven/apache-maven-3.6.3
export CLASSPATH=$CLASSPATH:$M2_HOME/lib
export PATH=$PATH:$M2_HOME/bin

# 执行命令使修改立即生效
source /etc/profile

# 验证
mvn -v

# 修改 maven 源为阿里云，以及仓库默认存放路径。这样 maven 下载 jar 包的速度会快很多。添加如下参数

<localRepository>maven/reposity</localRepository>
----------------------------------------------------
   <mirror>
      <id>alimaven</id>
      <name>aliyun maven</name>
  　　<url>http://maven.aliyun.com/nexus/content/groups/public/</url>
      <mirrorOf>central</mirrorOf>        
    </mirror>
----------------------------------------------------
vim /opt/maven/apache-maven-3.6.3/conf/settings.xml

Insert code snippet here

Verify that the intranet service is true and effective

3.3 Run lanproxy client service

# 克隆到内网电脑
mkdir /appstorage/ && cd /appstorage
git clone https://github.com/ffay/lanproxy.git lanproxy
# 打包
cd lanproxy
mvn package

After the packaging is complete, the client file will appear in the distribution/proxy-client-0.1 directory. After opening, there will be a folder: bin, conf, lib and log. The configuration information is in the conf/config.properties file. According to the previous server Modify the configuration information.

vim distribution/proxy-client-0.1/conf/config.properties

# 这里是在lanproxy后台配置的密钥
client.key=ca670d0e95fb4ad68626d174ed357efe

# 配置ssl信息，根据服务端的配置填写（enable = false 就不需要配置）
ssl.enable=false
ssl.jksPath=test.jks
ssl.keyStorePassword=123456

# 服务器的ip
server.host=123.60.x.x

#proxy-server ssl默认端口4993，默认普通端口4900
#ssl.enable=true时这里填写ssl端口，ssl.enable=false时这里填写普通端口
server.port=4900

Client start

cd distribution/proxy-client-0.1/conf
bash  bin/startup.sh

# 设置开机自启动
echo "/usr/bin/bash  bin/startup.sh" >> /etc/rc.local 
chmod a+x /etc/rc.d/rc.local 

4. Client test access

Local host resolves kodcloud.didi.cn

success

You can also access the
public network IP through the IP address : 9000

5. The internal network penetrates the 22 port of the PC

5.1 Enter jupyter to add proxy rules, access the public network IP: port

5.2 Verification