ngrok private service building (docker cross compilation)


  1. ngrok is an open source intranet penetration tool written by golang. 1.x is open source, 2.x is closed source, and there are few free servers at present.
  2. The main configuration of ngork is the domain name of the public network server. However, since the client and server generated the ca file in the code and compiled it together, all modified domain names and ca files need to be recompiled.
  3. It happened that the server and domain name were bought on the 11th day of the lunar new year. If you need to use it, you can make the compilation environment into a docker environment, and use docker cross compilation to quickly obtain executable clients and servers.

Introduction to docker image

golang1.16.10Version 1.16 or above is required to compile ngrok
alpine3.13There is a problem with 3.14. At present, the latest version is available. git version 2.30.2 is provided
opensslOpenSSL 1.1.1Used to generate ca certificates
ngrok1.7fork ngrok code mount docker image reduction

ngrok fork code The dockerfile is as follows:

FROM golang:1.16.10-alpine3.13
RUN apk add --no-cache git make openssl
ADD . /ngrok
WORKDIR /ngrok
RUN go env -w GOPROXY=,direct
RUN go env -w GOSUMDB=off
RUN go env -w GO111MODULE=auto
CMD ["sh","-c","go version && openssl version"]


# Run command using
docker run --rm marsbug/go-ngrok-alpine:latest sh -c 'go version && openssl version && git version'
# The output version is as follows
go version go1.16.10 linux/amd64
OpenSSL 1.1.1l  24 Aug 2021
git version 2.30.2

Introduction to compilation configuration

to configureexampleeffect
NGROK_DOMAIN""The domain name of the public ip. If the domain name is wrong, the ca certificate will fail. Here, it is best to modify the dns and add the corresponding domain name resolution record
USE_CUSTMER_CA0 means not to use 1 means to useThe domain name of the public ip. If this domain name is wrong, the ca certificate will fail

ngrok image usage example
directory structure

bin/     Compiled client and server directories
ca/      Certificate mount directory Cross compile script Cross compilation example

No certificate

# NGROK_DOMAIN = domain name where the certificate was issued

Have your own domain name certificate

# USE_CUSTMER_CA = 1 replace the three files in the ca directory
cp yourrootCA.key ca/rootCA.key
cp yourrootCA.pem ca/rootCA.pem
cp yourdevice.crt ca/device.crt
# NGROK_DOMAIN = domain name where the certificate was issued

be careful

The primary domain name dns should be resolved to the server, otherwise nuknow host will appear on the client
*The primary domain name dns should be consistent with the ca certificate domain name, otherwise the client will appear*
The certificate needs to be modified every time the primary domain name is modified
The certificate needs to be recompiled every time it is modified

Key compilation scripts

The script mainly uses the mount directory for cross compilation. If there is its own ca certificate, the ca certificate will not be created. If you want to generate a ca certificate, you need to delete the ca directory folder and execute it again.

# $1 custom domain name $2 whether to use its own ca (0 is 1 or not)
docker run --rm  \
-v "$PWD"/ca:/ngrok/ca  \
-v "$PWD"/bin:/ngrok/bin \
--env NGROK_DOMAIN=$1  \
--env USE_CUSTMER_CA=$2  \
marsbug/go-ngrok-alpine:latest sh -c  \
'echo "--------------------- Public network NGROK_DOMAIN : $NGROK_DOMAIN  ---------------------" \
&& if [ $USE_CUSTMER_CA == 1 ];then \
echo "--------------------- Use your own certificate ... Generating ---------------------" \
&& if [ ! -e ca/rootCA.key ]; then
echo "--------------------- rootCA.key non-existent,Generating ---------------------" \
&& openssl genrsa -out ca/rootCA.key 2048; fi  \
&& if [ ! -e ca/rootCA.pem ]; then \
echo "--------------------- rootCA.pem non-existent,Generating ---------------------" \
&& openssl req -x509 -new -nodes -key ca/rootCA.key -subj "/CN=$NGROK_DOMAIN" -days 5000 -out ca/rootCA.pem; fi  \
&& if [ ! -e ca/device.key ]; then  \
echo "--------------------- device.key non-existent,Generating ---------------------" \
&& openssl genrsa -out ca/device.key 2048; fi  \
&& if [ ! -e ca/device.crt ]; then \
echo "--------------------- device.crt non-existent,Generating ---------------------" \
&& openssl req -new -key ca/device.key -subj "/CN=$NGROK_DOMAIN" -out ca/device.csr; fi  \
&& if [ ! -e ca/device.crt ]; then  openssl x509 -req -in ca/device.csr -CA ca/rootCA.pem -CAkey ca/rootCA.key -CAcreateserial -out ca/device.crt -days 5000; fi \
&& echo "--------------------- Certificate generation completed ... Replace old certificate ---------------------" \
&& cp ca/rootCA.pem assets/client/tls/ngrokroot.crt \
&& cp ca/device.crt assets/server/tls/snakeoil.crt \
&& cp ca/device.key assets/server/tls/snakeoil.key; fi \
&& echo "--------------------- $NGROK_DOMAIN Certificate ready ...Compiling ---------------------" \
&& make release-server \
&& make release-client \
&& CGO_ENABLED=0 GOOS=linux GOARCH=arm make release-client  \
&& CGO_ENABLED=0 GOOS=linux GOARCH=amd64 make release-client \
&& CGO_ENABLED=0 GOOS=windows GOARCH=amd64 make release-client \
&& CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 make release-client \
&& echo "--------------------- Compilation complete ---------------------" '

Compilation results

bin/ngrokd is the server
bin/*/ngrok clients under various platforms

More reference articles

Tags: Docker ngrok

Posted on Mon, 29 Nov 2021 12:25:28 -0500 by zeddeh