搭建内网穿透服务

本文章转摘自大神的博客 https://blog.52itstyle.vip/archives/3987/

软硬清单

  • 云服务器一枚
  • 备案域名一枚
  • 开源 Nginx、Dcoker、Ngrok  

 

在服务器上找一个目录,创建下面几个文件

├── build.sh
├── docker-compose.yml
├── Dockerfile
└── server.sh

Dockerfile

FROM golang:1.7.1-alpine
MAINTAINER hteen <i@hteen.cn>

RUN apk add --no-cache git make openssl

RUN git clone https://github.com/inconshreveable/ngrok.git /ngrok

ADD *.sh /

ENV DOMAIN **None**
ENV MY_FILES /myfiles
ENV TUNNEL_ADDR :4443
ENV HTTP_ADDR :80
ENV HTTPS_ADDR :443

EXPOSE 4443
EXPOSE 80
EXPOSE 443

CMD /bin/sh

build.sh 配置:

#!/bin/sh
set -e

if [ "${DOMAIN}" == "**None**" ]; then
    echo "Please set DOMAIN"
    exit 1
fi

cd ${MY_FILES}
if [ ! -f "${MY_FILES}/base.pem" ]; then
    openssl genrsa -out base.key 2048
    openssl req -new -x509 -nodes -key base.key -days 10000 -subj "/CN=${DOMAIN}" -out base.pem
    openssl genrsa -out device.key 2048
    openssl req -new -key device.key -subj "/CN=${DOMAIN}" -out device.csr
    openssl x509 -req -in device.csr -CA base.pem -CAkey base.key -CAcreateserial -days 10000 -out device.crt
fi
cp -r base.pem /ngrok/assets/client/tls/ngrokroot.crt

cd /ngrok
make release-server
GOOS=linux GOARCH=386 make release-client
GOOS=linux GOARCH=amd64 make release-client
GOOS=windows GOARCH=386 make release-client
GOOS=windows GOARCH=amd64 make release-client
GOOS=darwin GOARCH=386 make release-client
GOOS=darwin GOARCH=amd64 make release-client
GOOS=linux GOARCH=arm make release-client

cp -r /ngrok/bin ${MY_FILES}/bin

echo "build ok !"

 

server.sh 配置:

#!/bin/sh
set -e

if [ "${DOMAIN}" == "**None**" ]; then
    echo "Please set DOMAIN"
    exit 1
fi

if [ ! -f "${MY_FILES}/bin/ngrokd" ]; then
    echo "ngrokd is not build,will be build it now..."
    /bin/sh /build.sh
fi


${MY_FILES}/bin/ngrokd -tlsKey=${MY_FILES}/device.key -tlsCrt=${MY_FILES}/device.crt -domain="${DOMAIN}" -httpAddr=${HTTP_ADDR} -httpsAddr=${HTTPS_ADDR} -tunnelAddr=${TUNNEL_ADDR}
docker-compose.yml 配置:
server:
  image: hteen/ngrok
  ports:
    - "8082:80"
    - "4432:443"
    - "4443:4443"
  volumes:
    - /data/ngrok:/myfiles
  environment:
    - DOMAIN="tunnel.hteen.cn"
  command: /bin/sh /server.sh

然后,构建镜像:

docker build -t hteen/ngrok .

 

 

 

启动

  • 我们需要挂载宿机目录(E.g /data/ngrok)到容器的/myfiles目录
  • 第一次运行,它将会在/data/ngrok目录下生成二进制文件和CA证书
sudo docker run --rm -it -e DOMAIN="ngrok.52itstyle.vip" -v /data/ngrok:/myfiles hteen/ngrok /bin/sh  /build.sh

 

安装成功会出现以下提示(省略中间过程):

Generating RSA private key, 2048 bit long modulus
.............................+++
.............................+++
e is 65537 (0x10001)
Generating RSA private key, 2048 bit long modulus
...............................+++
...............................+++
go get -tags 'release' -d -v ngrok/...
go install -tags 'release' ngrok/main/ngrok
build ok !

 

客户端和服务端生成在/data/ngrok/bin目录下:

├── darwin_386
│   └── ngrok
├── darwin_amd64
│   └── ngrok
├── go-bindata
├── linux_386
│   └── ngrok
├── linux_arm
│   └── ngrok
├── ngrok
├── ngrokd
├── windows_386
│   └── ngrok.exe
└── windows_amd64
    └── ngrok.exe

 

启动Ngrok server

由于ngrok默认使用80和443端口,这里我们使用Nginx服务做转发,通过端口映射的方式访问Docker容器(参考docker-compose.yml配置)。

docker run -idt --name ngrok-server \
-v /data/ngrok:/myfiles \
-p 8082:80 \
-p 4432:443 \
-p 4443:4443 \
-e DOMAIN='ngrok.52itstyle.com' hteen/ngrok /bin/sh /server.sh

 

启动之后需要在nginx.conf 添加两条反向代理配置(HTTPS请求自行配置):

server {
     listen       80;
     server_name  ngrok.52itstyle.vip *.ngrok.52itstyle.vip;
     location / {
             proxy_redirect off;
             proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_pass http://127.0.0.1:8082;
     }
 }

配置DNS解析

服务启动后,要想正常运行,我们还需要添加两条A记录到云服务器(替换成自己的IP地址):

 

 

 

启动Ngrok client

首先从data/ngrok/bin目录下载各个环境下的客户端。

windows 测试

首先创建一个 ngrok.yml 配置文件:

server_addr: "ngrok.52itstyle.vip:4443"
trust_host_root_certs: false
tunnels:
  doc:
    proto:
      http: "8080"
    auth: "admin:admin" # 访问账号密码,可以注释不用密码
  owncloud:
    proto:
      http: "8081"

 

使用cmd命令切换到对应的目录下,然后执行以下命令:

ngrok.exe -config=ngrok.yml start doc # 启动单个服务
ngrok.exe -config=ngrok.yml start-all  #启动所有服务

 

如果出现以下界面,说明安装成功:

Tunnel Status                 online
Version                       1.7/1.7
Forwarding                    http://doc.ngrok.52itstyle.vip -> 127.0.0.1:8080
Web Interface                 127.0.0.1:4040
# Conn                        0
Avg Conn Time                 0.00ms

 

注意事项

  • 防火墙需要开放4443端口,否则是无法连接成功的



 

posted @ 2019-09-19 22:16  大宇007  阅读(320)  评论(0编辑  收藏  举报