Building Your Own Ngrok Service on CentOS 7
What is ngrok? Ngrok is a reverse proxy tool which can establish a secure tunnel between local machine and the common service.
目录
I. Why Do We Need Ngrok?
Actually, there are many ngrok services on the web, free or non-free.
II. How to Build Own Ngrok Service?
Well then, how to build one ngrok service?
A. Prerequisites
First you need a actual or virtual private server that has own IP and have git installed, like vultr or DigitalOcean, and a local machine behind a router with Linux or Windows.
B. Configuring Go Environment
Since ngrok is written by go, we need install it. GO can be easily installed via yum or apt if ubuntu or debian. But if you want build a windows client, you need to compile go manually.
On the Server,
### via yum
sudo yum install go
### compiling manually ver: 1.7.1
wget https://storage.googleapis.com/golang/go1.7.1.linux-amd64.tar.gz
sudo tar -C /usr/local -xzf go.1.7.1.linux-amd64.tar.gz
When finished, we may need configure the bash environment like this
mkdir ${HOME}/go
echo 'export GOROOT=/usr/local/go' >> ~/.bashrc
echo 'export GOPATH=$HOME/go' >> ~/.bashrc
echo 'export PATH=$PATH:$GOROOT/bin' >> ~/.bashrc
source $HOME/.bashrc
C. Getting Ngrok
On the server,
git clone https://github.com/inconshreveable/ngrok.git
D. Compiling Ngrok
a. setting up environment variable
export NGROK_DOMAN="your.domain.tld"
b. generating a self-signed ssl certificate
cd ngrok
openssl genrsa -out rootCA.key 4096
openssl req -x509 -new -nodes -key rootCA.key -subj "/CN=$NGROK_DOMAIN" -days 50000 -out rootCA.pem
openssl genrsa -out device.key 4096
openssl req -new -key -device.key -subj "/CN=$NGROK_DOMAIN" -out device.csr
openssl x509 -req -in device.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out device.crt -days 5000
cp rootCA.pem assets/client/tls/ngrokroot.crt
cp device.crt assets/server/tls/snakeoil.crt
cp device.key assets/server/tls/snakeoil.key
c. building server and client
make release-server release-client
d. ngrok service
Creating a systemd service file named ngrok.service
:
[Unit]
Description=ngrok server service
After=syslog.target network.target auditd.service
[Service]
Type=simple
User=root
ExecStart=/path/to/ngrok/bin/ngrokd -domain=your.domain.tld -httpAddr=:8000 -httpsAddr=:4443
KillMode=process
Restart=on-failure
[Install]
WantedBy=multi-user.target
Copy ngrok.service
to /usr/lib/systemd/system
, enable and start ngrok service
sudo cp ngrok.service /usr/lib/systemd/system
sudo systemctl enable ngrok.service
### if firewall-cmd is enabled
sudo firewall-cmd --permanent --add-port=8000/tcp
sudo firewall-cmd --permanent --add-port=4443/tcp
sudo firewall-cmd --reload
sudo systemctl start ngrok.service
III. Comments


