What is ngrok? Ngrok is a reverse proxy tool which can establish a secure tunnel between local machine and the common service.

I. Why Do We Need Ngrok?

Actually, there are many ngrok services on the web, free or non-free.

II. How to Build Own Ngrok Service?

Well then, how to build one ngrok service?

A. Prerequisites

First you need a actual or virtual private server that has own IP and have git installed, like vultr or DigitalOcean, and a local machine behind a router with Linux or Windows.

B. Configuring Go Environment

Since ngrok is written by go, we need install it. GO can be easily installed via yum or apt if ubuntu or debian. But if you want build a windows client, you need to compile go manually.
On the Server,

1
2
3
4
5
### via yum
sudo yum install go
### compiling manually ver: 1.7.1
wget https://storage.googleapis.com/golang/go1.7.1.linux-amd64.tar.gz
sudo tar -C /usr/local -xzf go.1.7.1.linux-amd64.tar.gz

When finished, we may need configure the bash environment like this

1
2
3
4
5
mkdir ${HOME}/go
echo 'export GOROOT=/usr/local/go' >> ~/.bashrc
echo 'export GOPATH=$HOME/go' >> ~/.bashrc
echo 'export PATH=$PATH:$GOROOT/bin' >> ~/.bashrc
source $HOME/.bashrc

C. Getting Ngrok

On the server,

1
git clone https://github.com/inconshreveable/ngrok.git

D. Compiling Ngrok

a. setting up environment variable
1
export NGROK_DOMAN="your.domain.tld"
b. generating a self-signed ssl certificate
1
2
3
4
5
6
7
8
9
cd ngrok
openssl genrsa -out rootCA.key 4096
openssl req -x509 -new -nodes -key rootCA.key -subj "/CN=$NGROK_DOMAIN" -days 50000 -out rootCA.pem
openssl genrsa -out device.key 4096
openssl req -new -key -device.key -subj "/CN=$NGROK_DOMAIN" -out device.csr
openssl x509 -req -in device.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out device.crt -days 5000
cp rootCA.pem assets/client/tls/ngrokroot.crt
cp device.crt assets/server/tls/snakeoil.crt
cp device.key assets/server/tls/snakeoil.key
c. building server and client
1
make release-server release-client
d. ngrok service

Creating a systemd service file named ngrok.service:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
[Unit]
Description=ngrok server service
After=syslog.target network.target auditd.service

[Service]
Type=simple
User=root

ExecStart=/path/to/ngrok/bin/ngrokd -domain=your.domain.tld -httpAddr=:8000 -httpsAddr=:4443

KillMode=process
Restart=on-failure

[Install]
WantedBy=multi-user.target

Copy ngrok.service to /usr/lib/systemd/system, enable and start ngrok service

1
2
3
4
5
6
7
sudo cp ngrok.service /usr/lib/systemd/system
sudo systemctl enable ngrok.service
### if firewall-cmd is enabled
sudo firewall-cmd --permanent --add-port=8000/tcp
sudo firewall-cmd --permanent --add-port=4443/tcp
sudo firewall-cmd --reload
sudo systemctl start ngrok.service

III. Comments