Nov 01

搭建 Ngrok 服务

Linux Add comments

前面也写了一篇关于 Ngrok 搭建的文章:《树莓派上 Ngrok 的编译与使用》,但是看到《搭建 ngrok 服务实现外网访问局域网内的网站》这篇文章使用纯手工编译的步骤很详细,尤其是 go 语言的配置那部分内容,所以将文中的主要内容复制下来,以备不时之需。

事先的准备工作:添加 ngrok 服务域名的 DNS 解析。

选择支持泛解析的 DNS 服务商,如 Cloudns、DNSpod 国际版、zoneedit 等,分别添加 A 记录:

ngrok.chun.pro 记录值 1.2.3.4
*.ngrok.chun.pro 记录值 1.2.3.4

1.安装必要的工具和语言环境

sudo apt-get install build-essential golang mercurial git

2.升级 go 语言环境

# 看看是不是小于等于 1.2.1
go version
# 卸载
sudo apt-get purge golang*
#下载最新版并解压 https://golang.org/dl/
wget https://storage.googleapis.com/golang/go1.7.3.linux-386.tar.gz
tar -C /usr/local -xzf go1.7.3.linux-386.tar.gz
#创建目录
mkdir ~/.go
# 设置环境变量
vi ~/.profile
export GOROOT=/usr/local/go
export GOPATH=~/.go
export PATH=$PATH:$GOROOT/bin:$GOPATH/bin
source .profile

# 升级
sudo update-alternatives --install "/usr/bin/go" "go" "/usr/local/go/bin/go" 0
sudo update-alternatives --set go /usr/local/go/bin/go
go version

3.下载 ngrok 源码并编译服务端

git clone https://github.com/tutumcloud/ngrok.git ngrok
cd ngrok

#生成并替换源码里默认的证书,注意域名要修改为你自己的,这里是一个虚拟的测试域名
NGROK_DOMAIN="ngrok.chun.pro"
openssl genrsa -out base.key 2048
openssl req -new -x509 -nodes -key base.key -days 10000 -subj "/CN=$NGROK_DOMAIN" -out base.pem
openssl genrsa -out server.key 2048
openssl req -new -key server.key -subj "/CN=$NGROK_DOMAIN" -out server.csr
openssl x509 -req -in server.csr -CA base.pem -CAkey base.key -CAcreateserial -days 10000 -out server.crt

cp base.pem assets/client/tls/ngrokroot.crt
cp server.crt assets/server/tls/snakeoil.crt
cp server.key assets/server/tls/snakeoil.key

#开始编译,服务端客户端会基于证书来加密通讯,保证了安全性
GOOS=linux GOARCH=amd64 make release-server release-client
GOOS=linux GOARCH=386 make release-server release-client
GOOS=linux GOARCH=arm make release-server release-client
GOOS=linux GOARCH=arm64 make release-server release-client
GOOS=linux GOARCH=ppc64 make release-server release-client
GOOS=linux GOARCH=ppc64le make release-server release-client
GOOS=linux GOARCH=mips64 make release-server release-client
GOOS=linux GOARCH=mips64le make release-server release-client

GOOS=windows GOARCH=amd64 make release-server release-client
GOOS=windows GOARCH=386 make release-server release-client

GOOS=darwin GOARCH=amd64 make release-server release-client
GOOS=darwin GOARCH=386 make release-server release-client
GOOS=darwin GOARCH=arm make release-server release-client
GOOS=darwin GOARCH=arm64 make release-server release-client

GOOS=android GOARCH=arm make release-server release-client

GOOS=dragonfly GOARCH=amd64 make release-server release-client

GOOS=freebsd GOARCH=amd64 make release-server release-client
GOOS=freebsd GOARCH=386 make release-server release-client
GOOS=freebsd GOARCH=arm make release-server release-client

GOOS=netbsd GOARCH=amd64 make release-server release-client
GOOS=netbsd GOARCH=386 make release-server release-client
GOOS=netbsd GOARCH=arm make release-server release-client

GOOS=openbsd GOARCH=amd64 make release-server release-client
GOOS=openbsd GOARCH=386 make release-server release-client
GOOS=openbsd GOARCH=arm make release-server release-client

GOOS=plan9 GOARCH=amd64 make release-server release-client
GOOS=plan9 GOARCH=386 make release-server release-client

GOOS=solaris GOARCH=amd64 make release-server release-client

4.启动服务端
在服务器上运行下面的命令启动ngrok服务端

./bin/ngrokd -domain="ngrok.chun.pro" -httpAddr=":8081" -httpsAddr=":8082"

注意,这里 httpAddr 和 httpsAddr 是 ngrok 服务转发 http 和 https 请求的端口,为了避免和 Nginx/Apache 等的 80 端口冲突,使用了 8081 和 8082。

默认还会启动一个 4443 端口,用于跟活动的客户端进行通讯,如果需要更换端口,使用 -tunnelAddr=”:xxx”参数

现在你可以在浏览器里访问 http://ngrok.chun.pro:8081了,如果有一行提示,表示 ngrok 的服务端已经运行起来了

Tunnel ngrok.yourdomain.com:8081 not found

然后再访问 http://pi.ngrok.chun.pro:8081,如果有下面的提示,表示 A 记录也已经生效了。

Tunnel pi.ngrok.chun.pro:8081 not found

5.配置客户端参数

vi ngrok.cfg
# 填写如下信息,server_addr 指定了服务端的域名和与客户端通信的端口
server_addr: ngrok.chun.pro:4443
trust_host_root_certs: false

6.启动客户端

./ngrok -config=./ngrok.cfg -subdomain pi 127.0.0.1:80

如果连接正常,会有提示:

ngrok                                                        (Ctrl+C to quit)
Tunnel Status                 online
Version                       1.7/1.7
Forwarding                    http://pi.ngrok.chun.pro:8081 -> 127.0.0.1:80
Web Interface                 127.0.0.1:4040
# Conn                        5
Avg Conn Time                 192.70ms

7.nginx 反向代理 8081 端口

server {
        listen 80;
        server_name ngrok.chun.pro;
        location / {
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $http_host:8081;
                proxy_set_header X-Nginx-Proxy true;
                proxy_set_header Connection "";
                proxy_pass http://127.0.0.1:8081;
        }
}

现在可以直接在浏览器访问 pi.ngrok.chun.pro,而不需要加 :8081 端口号。

另外,使用 Docker 搭建 Ngrok 服务器可以参考这篇文章:https://hteen.cn/docker/docker-ngrok.html

Leave a Reply