Alibaba cloud builds ngrok to achieve intranet penetration

Intranet penetration must be necessary for comrades who develop wechat. Most people first think of going online to find all kinds of ready-made ones, such as sunny ngrok or sunflower, but there is no free lunch in the world, and the free ones will collapse!!! Now I'll teach you how to use it Alibaba cloud Build an intranet penetration with ngrok!!!!

1. Preparation:

To achieve intranet penetration, you must have a domain name and then a server!! one can't do without the other

2. Add dns resolution:

It's up to you Alibaba cloud Add a dns resolution to the server, as follows:

In this way, the parsing is added, and the next step is the setting of the server!

2. Server configuration ngrok:

Follow the command below and knock step by step

Step 1: install git and Golang

Git What is it and what is it used for? I will not elaborate more here!

# sudo apt-get install build-essential golang mercurial git

Golang, Go language support, because Ngrok is written based on Go language

I have installed all of them here. If you don't install them, you can install them according to the prompts

Step 2: get the source code of ngrok

The unofficial address is used here, which fixes that some packages cannot be obtained

# git clone ngrok# cd ngrok

Step 3: generate self signed certificate

Use ngrok Com official service, we use the official SSL certificate. Self built ngrokd service. If we don't want to buy SSL certificate, we need to generate our own self signed certificate and compile an ngrok client with the certificate.

The certificate generation process requires an NGROK_BASE_DOMAIN. Take the address 693c358d randomly generated by the official ngrok as an example, its NGROK_BASE_DOMAIN is "". If the address you want to provide services is "", NGROK_BASE_DOMAIN should be "". Here, I replace it with my own domain name ""
In this place, you should also prepare your own domain name in advance. If you don't have extra domain names, you can add a secondary domain name to your domain name

*Note: the domain name in the following instructions should be changed to your own, otherwise it will be bound to my domain name~

$ cd ngrok  NGROK_DOMAIN=""  openssl genrsa -out base.key 2048  openssl req -new -x509 -nodes -key base.key -days 10000 -subj "/CN=$NGROK_DOMAIN" -out base.pem  openssl genrsa -out server.key 2048  openssl req -new -key server.key -subj "/CN=$NGROK_DOMAIN" -out server.csr  openssl x509 -req -in server.csr -CA base.pem -CAkey base.key -CAcreateserial -days 10000 -out server.crt

After execution


 cp base.pem assets/client/tls/ngrokroot.crt

Step 4: compile

 sudo make release-server release-client

This step takes a long time. After successful compilation, you will find the two files ngrokd and ngrok in the bin directory.

Step 5: start the server

The ngrokd generated earlier is the server-side program. Specify the certificate, domain name and port to start it (the certificate is generated earlier, and pay attention to modifying the domain name):

# sudo ./bin/ngrokd -tlsKey=server.key -tlsCrt=server.crt -domain="" -httpAddr=":8081" -httpsAddr=":8082"

At this point, the ngrok service has been running. You can view more information through the log displayed on the screen. httpAddr and httpsAddr are the ports used by ngrok to forward http and https services, which can be specified at will. ngrokd also opens a 4443 port to communicate with clients (which can be specified through - tunnelAddr=":xxx"). If you configure iptables rules, you need to release the TCP protocol on these three ports.

Now, through And (you should visit your own domain name) you can access the forwarding service provided by ngrok. For ease of use, it is recommended to resolve the domain name to VPS, so that different sub domains can be used to forward different local services.

After visiting, you will see the following prompt:

Tunnel not found

This shows that everything is ready, only the client is needed to connect.

The following sentence is to compile windows client and mac client!!!

GOOS=windows GOARCH=amd64 make release-client

GOOS=darwin GOARCH=amd64 make release-client

There is a windows folder under the bin directory. Open the folder and transfer the exe file to your windows machine:

Then create a new configuration file under the same level directory, ngrok cfg:

server_addr: ""trust_host_root_certs: false

Finally, open cmd and run ngrok client to listen to port 8080:

ngrok.exe -config=ngrok.cfg -log=ngrok.log -subdomain=test 8080

In this way, you can basically connect to write wechat, so your command must be changed, because there can be no port in the server configured by wechat:

# sudo ./bin/ngrokd -tlsKey=server.key -tlsCrt=server.crt -domain="" -httpAddr=":80" -httpsAddr=":443"

Keywords: server Alibaba Cloud Huawei Cloud Cloud Server cloud serving

Added by big-dog on Thu, 10 Feb 2022 03:09:22 +0200