Centos7 builds Ngrok intranet penetration

1. Install gcc and git (for downloading ngrok source code)

yum install gcc -y
yum install git -y

2. Install the go language environment

yum install -y mercurial git bzr subversion golang golang-pkg-windows-amd64 golang-pkg-windows-386

3. Check the installation environment

git --version //( >= 1.7 )
go version

4. Build Ngrok service on the server

1), download the source code

cd /usr/local/

git clone https://github.com/inconshreveable/ngrok.git

2), generate a certificate

cd ngrok    

export NGROK_DOMAIN="ngrok.zhqwfj.xyz"    //记得域名换成自己的

openssl genrsa -out rootCA.key 2048

openssl req -x509 -new -nodes -key rootCA.key -subj "/CN=$NGROK_DOMAIN" -days 5000 -out rootCA.pem

openssl genrsa -out device.key 2048

openssl req -new -key device.key -subj "/CN=$NGROK_DOMAIN" -out device.csr

openssl x509 -req -in device.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out device.crt -days 5000

3), replace the certificate

//一行一行执行，然后会提示是否覆盖，输入 “y” 回车就可以了
cp rootCA.pem assets/client/tls/ngrokroot.crt

cp device.crt assets/server/tls/snakeoil.crt

cp device.key assets/server/tls/snakeoil.key

4) Generate server

GOOS=linux GOARCH=amd64 make release-server

5), generate client

Mine is a 64-bit window, so I don't know if the window version I generated is correct for other versions.

GOOS=windows GOARCH=amd64 make release-client    //windows 64位
GOOS=windows GOARCH=amd64 make release-client    //windows 32位

GOOS=darwin GOARCH=386 make release-client        //Mac OS 32位
GOOS=darwin GOARCH=amd64 make release-client      //Mac OS 64位

GOOS=linux GOARCH=amd64 make release-client       //Linux  64位

GOOS=linux GOARCH=arm  make release-client        //ARM 平台

The server and client will /usr/local/ngrok/bingenerate the following files in the folder

6), start the server

cd /usr/local/ngrok

./bin/ngrokd -domain="ngrok.zhqwfj.xyz"  -httpAddr=":80" -httpsAddr=":443" -tunnelAddr=":4443"

//或者

./bin/ngrokd -domain="ngrok.zhqwfj.xyz"

• -domain : domain name
• -httpAddr:  the port ngrok used to forward httpthe service, the default 80port
• -httpsAddr:  the port ngrok used to forward httpsthe service, the default 443port
• -tunnelAddr: ngrokthe port used to communicate with the client, the default 4443port

7), start the client

Download /usr/local/ngrok/bin/windows_amd64the files inside to the local, and I put them in the local E:\Ngrokfolder.

ngrok.cfgThen create and file in the same directory start.bat.

ngrok.cfgdocument content

server_addr: "ngrok.zhqwfj.xyz:4443"
trust_host_root_certs: false

start.batdocument content

ngrok -config=ngrok.cfg -subdomain zhq 8080
// haiyang就是你想要访问域名的前缀
// 80表示本地需要穿透的端口

After the creation is complete, double-click start.batthe file to run

This means it has been successful.

Note: Preconditions configure domain name resolution and security group policies

Domain name: According to your actual situation, if you want more users, you can *.ngrok

Security group: allow 80 443 4443 (Ann's actual configuration shall prevail)

8), test

5. Add Ngrok (server) to system services

Every time it is closed Xshell, the service is closed. You can’t keep the window open all the time. How can it run in the background or install it as a service and set it to start?

1), create a new ngrok.service file

cd /usr/lib/systemd/system   //进入目录

cat >>ngrok.service   //创建文件夹，回车后直接按`ctrl+d`

vim ngrok.service  //编辑文件

Enter the following information:

[Unit]
Description=Share local port(s) with ngrok
After=syslog.target network.target

[Service]
PrivateTmp=true
Type=simple
Restart=always
RestartSec=1min
StandardOutput=null
StandardError=null
ExecStart=/usr/local/ngrok/bin/ngrokd -domain=ngrok.intolearn.com -httpAddr=:80 -httpsAddr=:443 -tunnelAddr=:4443 %i
ExecStop=/usr/bin/killall ngrok

[Install]
WantedBy=multi-user.target

• [Unit]The part mainly describes the service

1. Description used to describe the service
2. After Used to describe service categories

• [Service]Part is the key to the service, and it is the setting of some specific operating parameters of the service

1. Type=forkingis in the form of running in the background;
2. User=usersis the user that the setup service runs as;
3. Group=usersis the user group that sets the service to run as;
4. PIDFileis the file path to store the PID;
5. ExecStartspecific run command for the service;
6. ExecReloadfor the restart command;
7. ExecStopfor a stop order;
8. PrivateTmp=TrueIndicates that a separate temporary space is allocated to the service
   [Service]部分的启动、重启、停止命令全部要求使用绝对路径，使用相对路径则会报错！

• [Install]Part of it is related to service installation, which can be set to multi-user

• systemctl Is the main tool for regulatory services, it integrates chkconfig and  servicefunctions in one.

systemctl enable ngrok.service              #加入开机启动
systemctl daemon-reload                     #重新载入 systemd,扫描新的或有变动的单元
systemctl is-enabled iptables.service
systemctl is-enabled ngrok.service       #查询服务是否开机启动
systemctl enable ngrok.service           #开机运行服务
systemctl disable ngrok.service          #取消开机运行
systemctl start ngrok.service            #启动服务
systemctl stop ngrok.service             #停止服务
systemctl restart ngrok.service          #重启服务
systemctl reload ngrok.service           #重新加载服务配置文件
systemctl status ngrok.service           #查询服务运行状态
systemctl --failed                       #显示启动失败的服务

Then run:

systemctl daemon-reload 

systemctl start ngrok.service