A complete manual for beginners to build ngrok

With all due respect, programmers who can't even be lazy are really tired~

Some time ago, WeChat official account was developed. WeChat official account was required to configure public domain name. The local ones don't work.

Set up the ngrok little white manual

Mapping local services to the public network

  • A service is developed locally, which can be used immediately by colleagues without being deployed on the server.
  • The official account of WeChat is developed, and can be quickly configured to test accounts with ngrok.

You have to prepare these

It's going to cost some money.

  1. One server. There are 99 year old servers on Alibaba cloud and Huawei cloud. Buy one.
  2. Buy a domain name, dozens of dollars a year.

1. Domain name resolution




2. Configure security group


I opened 12020, 12021, 4443

3. Install go compilation environment

This article takes Alibaba cloud server as an example. The server must have a public address.
Need environment git, go
aliyun comes with git

There is no requirement for go language version. You can use yum install go -y

4.ngrok version

ngrok is open source, but maintenance stopped early. You can fork one. Avoid any day when the source code is deleted.

Download the source code of ngrok

cd ~/
mkdir ngrokService
cd ngrokService
git clone https://github.com/inconshreveable/ngrok.git
export GOPATH=~/ngrokService/ngrok/
export NGROK_DOMAIN="tunnel.Your domain name.com"
cd ngrok

There are two environment variables in export. Are they useful?
The answer is useful

Generate self signed certificate

To build our own ngrokd service, we need to generate our own certificate and provide the ngrok client with the certificate.

openssl genrsa -out rootCA.key 2048
openssl req -x509 -new -nodes -key rootCA.key -subj "/CN=$NGROK_DOMAIN" -days 5000 -out rootCA.pem
openssl genrsa -out device.key 2048
openssl req -new -key device.key -subj "/CN=$NGROK_DOMAIN" -out device.csr
openssl x509 -req -in device.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out device.crt -days 5000


Replace key

cp rootCA.pem assets/client/tls/ngrokroot.crt
cp device.crt assets/server/tls/snakeoil.crt 
cp device.key assets/server/tls/snakeoil.key

Compile server side

Alibaba cloud is generally 64 bit. In recent years, several are 32-bit.

GOOS=linux GOARCH=amd64 make release-server
#If it is a 32-bit system, GOARCH=386

Long compilation time

There are many downloads here. That way, the compilation is successful.

want a go
bin/ngrokd -domain="$NGROK_DOMAIN" -httpAddr=":8000" -httpsAddr=":4433"

No error is reported. This is the output.

Compile client

windows client
GOOS=windows GOARCH=amd64 make release-client  
mac
GOOS=darwin GOARCH=amd64 make release-client

I'm using mac. I'm using scp

If you don't make a mistake, you should see something like this

scp root @ your ECS server IP address: ~ / ngrokService/ngrok/bin/darwin_amd64/ngrok ngrok-origin

Remember to copy it out. After I copy, I use ln to access this file

ln the ngrok file from your copy /usr/local/bin/ngrok

Start server side

./bin/ngrokd -tlsKey=device.key -tlsCrt=device.crt -domain="tunnel.Your domain name.com" -httpAddr=":12020" -httpsAddr=":12021"

Set up local client

Create a new profile in the same level directory ngrok.cfg
server_addr: "tunnel.Your domain name.com:4443"
trust_host_root_certs: false
tunnels:
  abc:
    proto:
      http: 12020
    subdomain: ngrok

This is mine ngrok.cfg file

Then you can do it

ngrok -subdomain=wangxueming -log=ngrok.log -config=ngrok.cfg 80

Explain

-config is the configuration file above ngrok.cfg Path to
 -subdomain is the prefix part of the domain name to be assigned
 -Log is the saving path of log
 80 is the port of the local webserver, such as the port apache listens to. ngrok will map the request to the port later. It depends on your configuration. What port are you listening on.

Normal operation, you will see this situation

In the server-side log, there will be such information

If you find bad cert, please check your domain name configuration.
In this article, where the domain name and port are consistent, please configure by yourself according to the situation, but also need to be consistent.

By the end of the post, the construction of ngrok, all deleted, try again. It should be OK.

Tags: OpenSSL git Windows Mac

Posted on Tue, 09 Jun 2020 00:40:28 -0400 by intercampus