CentOS 7 uses Ngrok to build intranet penetration service

CentOS 7 uses Ngrok to build intranet penetration service

Dependent installation

Install go locale

sudo yum install -y golang

Validate go locale

go env

Install the latest version of git

sudo yum remove git
sudo yum install epel-release
sudo yum install -y https://centos7.iuscommunity.org/ius-release.rpm
sudo yum install git2u

Verify git version

git --version

Install Ngrok

Download the latest source code of ngrak

Ngrak gtihub address:
https://github.com/inconshreveable/ngrok/releases

Save Ngrok source code

cd /usr/local/
git clone https://github.com/inconshreveable/ngrok.git

Generate self signed certificate

Where xxx.com is replaced by its own domain name

cd /usr/local/ngrok/
openssl genrsa -out rootCA.key 2048  
openssl req -x509 -new -nodes -key rootCA.key -subj "/CN=xxx.com" -days 5000 -out rootCA.pem  
openssl genrsa -out server.key 2048  
openssl req -new -key server.key -subj "/CN=xxx.com" -out server.csr  
openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 5000

After the certificate is generated, copy it and overwrite the original Ngrok certificate:
When copying, you will be prompted whether to overwrite the source file. Enter y

cp rootCA.pem assets/client/tls/ngrokroot.crt 
cp server.crt assets/server/tls/snakeoil.crt 
cp server.key assets/server/tls/snakeoil.key

Generate client software

Compile and generate the running software of the server

cd /usr/local/ngrok/
GOOS=linux GOARCH=amd64 make release-server

Generated software directory / usr/local/ngrok/bin
Server software file name: ngrokd

Compile build client running software:

# 32-bit linux client: 
GOOS=linux GOARCH=386 make release-client

# 64 bit linux client: 
GOOS=linux GOARCH=amd64 make release-client

#32-bit windows client: 
GOOS=windows GOARCH=386 make release-client

#64 bit windows client: 
GOOS=windows GOARCH=amd64 make release-client

#32-bit mac platform client:
GOOS=darwin GOARCH=386 make release-client

#64 bit mac platform client:
GOOS=darwin GOARCH=amd64 make release-client

#linux client of ARM platform: 
GOOS=linux GOARCH=arm make release-client

Generated software directory / usr/local/ngrok/bin/
Linux platform client software file name: ngrok
Windows 64 platform: windows? AMD64 / ngrok.exe
mac 64 platform: Darwin · AMD64 / ngrok

Running software

Firewall settings

Permanently open the Ngrok service port

firewall-cmd --add-port=6666/tcp --zone=public --permanent
firewall-cmd --reload

Domain name resolution configuration

Resolution to configure:

Host record record value
 *Server public ip
 @Server public ip
 www server public ip

Running server software

Replace xxx.com with your own domain name

Direct operation

cd /usr/local/ngrok/bin/

ngrokd -domain="xxx.com" -httpAddr=":8864" -httpsAddr=":8865" -tunnelAddr=":6666" &

Start with certificate

cd /usr/local/ngrok/bin/

ngrokd -domain="xxx.com" -tlsKey="../assets/server/tls/snakeoil.key" -tlsCrt="../assets/server/tls/snakeoil.

Start client software

Before running the client software, you need to create the configuration file ngrok.yml under the same level folder of the software

server_addr: "xxx.com:6666"
trust_host_root_certs: false

Run cmd in the client directory
Client

ngrok.exe -config ngrok.yml -subdomain api 8022

-subdomain: followed by secondary domain name

8022: local mapping port

Optimize ngrok Service - set up startup

1, Create a new startup script in the ngrok program directory, for example:

start.sh
    path=/software/git/ngrok
    $path
    ./bin/ngrokd -tlsKey=server.key -tlsCrt=server.crt

-Domain = "your domain name" - httpAddr=":80" -httpsAddr=":8082"

Path is the path of the current directory
To start a script, you need to write the script that starts in the background. The later start items are written according to your own needs

2, Making ngrok program into system service

Create a new service project (ngrok) in the directory / etc/rc.d/init.d, as follows:

#!/bin/sh  
    #chkconfig:2345 70 30  
    #description:ngrok  
      
    ngrok_path=/software/git/ngrok  
    case "$1" in  
        start)  
            echo "start ngrok service.."  
            sh ${ngrok_path}/start.sh  
            ;;  
        *)  
        exit 1  
        ;;  
    esac

Give the file permission 755

chmod 755 ngrok

3, Register ngrok service self start

chkconfig --add  ngrok

Test whether the service can start successfully

service ngrok start

Check for self starting services

chkconfig
Published 3 original articles, won praise 0, visited 1358
Private letter follow

Tags: Linux git Windows sudo

Posted on Tue, 04 Feb 2020 10:50:50 -0500 by tonyk11