2018-12-29 / Centos7 Ngrok

Centos7 ngrok服务器搭建

一.安装go和git

git用来下载ngrok，go用来编译生成客户端和服务端

安装git
yum install -y git
安装 Go 从官网下载:https://golang.org/dl/
wget https://storage.googleapis.com/golang/go1.8.linux-amd64.tar.gz

解压缩到/usr/local目录
tar -C /usr/local -xzf go1.8.1.linux-amd64.tar.gz

添加Go的环境变量首先打开 profile 在最后加上 export PATH=$PATH:/usr/local/go/bin

vi /etc/profile
export GOLANG_HOME=/usr/local/go
export PATH=$PATH:$GOLANG_HOME/bin

source /etc/profile
可能需要重启一下
查看go是否安装成功
go version

二.下载ngork源码、安装

下载到/usr/local目录
cd /usr/local/
git clone https://github.com/inconshreveable/ngrok.git
生成ssl证书

生成SSL证书用于 Ngrok 服务端和客户端通信认证使用

export GOPATH=/usr/local/ngrok/

export NGROK_DOMAIN="gongdear.com"

cd /usr/local/ngrok
openssl genrsa -out rootCA.key 2048
openssl req -x509 -new -nodes -key rootCA.key -subj "/CN=$NGROK_DOMAIN" -days 5000 -out rootCA.pem
openssl genrsa -out server.key 2048
openssl req -new -key server.key -subj "/CN=$NGROK_DOMAIN" -out server.csr
openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 5000

移动证书
cp rootCA.pem assets/client/tls/ngrokroot.crt
cp server.crt assets/server/tls/snakeoil.crt
cp server.key assets/server/tls/snakeoil.key

编译生成服务端和客户端
服务端,linux系统GOOS=linux,64位系统GOARCH=amd64，32位系统GOARCH=386
GOOS=linux GOARCH=amd64
make release-server

客户端
由于客户端的平台版本较多，我们需要交叉编译来选择生成的平台。以windows、arm、linux版本编译，如下：
$ GOOS=linux GOARCH=amd64 make release-client
$ GOOS=windows GOARCH=amd64 make release-client
$ GOOS=linux GOARCH=arm make release-client

编译成功后在/usr/local/ngrok/bin下可以看到生成的服务端和客户端
ngrokd为服务端，windows_amd64目录中的ngrok.exe为客户端，把客户端下载到本地电脑中
[root@gongdear-main bin]# ls
go-bindata ngrokd windows_amd64
启动服务端
cd /usr/local/ngrok
./bin/ngrokd -tlsKey="assets/server/tls/snakeoil.key" -tlsCrt="assets/server/tls/snakeoil.crt" -domain="xxx.com" -httpAddr=":3481" -httpsAddr=":3482" -tunnelAddr=":3483"

#以上端口需要在服务器商安全组开启
#成功开启后，能看到以下信息
[INFO] (ngrok/log.(*PrefixLogger).Info:83) [registry] [tun] No affinity cache specified
[INFO] (ngrok/log.Info:112) Listening for public http connections on [::]:3481
[INFO] (ngrok/log.Info:112) Listening for public https connections on [::]:3482
[INFO] (ngrok/log.Info:112) Listening for control and proxy connections on [::]:3483
[INFO] (ngrok/log.(*PrefixLogger).Info:83) [metrics] Reporting every 30 seconds

三.配置客户端启动

在ngork.exe 同目录中新建ngrok.cfg文件,内容如下
server_addr: "ngrok.gongdear.com:3483"
trust_host_root_certs: false
tunnels:
http:
subdomain: "www"
proto:
http: "3481"

https:
subdomain: "www"
proto:
https: "3482"

ssh:
remote_port: 2222
proto:
tcp: "22"
执行以下命令
ngrok -config=ngrok.cfg -log=ngrok.log -subdomain test 81
可以将本地的81端口映射到 test.ngrok.gongdear.com:xxxx上
ngrok -config=ngrok.cfg -proto=tcp 1433
可以将本地的1433端口映射到ngrok.gongdear.com:xxxx上

四.将ngrok服务添加到开机启动

vim /usr/lib/systemd/system/ngrok.service
内容为
[Unit]
Description=Share local port(s) with ngrok
After=syslog.target network.target

[Service]
PrivateTmp=true
Type=simple
Restart=always
RestartSec=1min
StandardOutput=null
StandardError=null
ExecStart=/usr/local/ngrok/bin/ngrokd -tlsKey=/usr/local/ngrok/assets/server/tls/snakeoil.key -tlsCrt=/usr/local/ngrok/assets/server/tls/snakeoil.crt -domain=ngrok.gongdear.com -httpAddr=:3481 -httpsAddr=:3482 -tunnelAddr=:3483 %i
ExecStop=/usr/bin/killall ngrok

[Install]
WantedBy=multi-user.target

然后就可以用systemctl进行管理

宝剑锋从磨砺出,梅花香自苦寒来.