内网穿透

阿里云搭建属于自己的ngrok服务器,实现内网穿透,外网访问内网

Posted on by Administrator

阿里云搭建属于自己的ngrok服务器,实现内网穿透,外网访问内网
https://www.sunnyos.com/article-show-48.html

将*.ngrok与ngrok都指向您的主机IP.
A usa 47.240.38.77 Custom 600 Seconds
A *.usa 47.240.38.77 Custom 600 Seconds

域名:hk.343co.com

1. 安装git,我安装的是2.6版本,防止会出现另一个错误,安装git所需要的依赖包

1
yum -y install zlib-devel openssl-devel perl hg cpio expat-devel gettext-devel curl curl-devel perl-ExtUtils-MakeMaker hg wget gcc gcc-c++

2. 下载git

1
2
3
wget https://www.kernel.org/pub/software/scm/git/git-2.6.0.tar.gz
or
wget https://webcode.chinastonetops.com/ngrok/git-2.6.0.tar.gz

3. 解压git

1
tar zxvf git-2.6.0.tar.gz

4. 编译git

1
2
3
4
cd git-2.6.0
./configure --prefix=/usr/local/git
make
make install

5. 创建git的软连接

1
ln -s /usr/local/git/bin/* /usr/bin/

准备go环境,我的系统是64位的centos所以我下载amd64的包
1. 下载go的软件包

1
wget https://webcode.bndstone.com/ngrok/go1.8.linux-amd64.tar.gz

2. 解压出来可以随便指定位置

1
2
tar -zxvf go1.8.linux-amd64.tar.gz
mv go /usr/local/

3. go的命令需要做软连接到/usr/bin

1
ln -s /usr/local/go/bin/* /usr/bin/

4. 编译ngrok

1
2
3
4
5
cd /usr/local/
git clone https://github.com/inconshreveable/ngrok.git
export GOPATH=/usr/local/ngrok/
export NGROK_DOMAIN="hk.343co.com"
cd ngrok

5. 为域名生成证书

1
2
3
4
5
openssl genrsa -out rootCA.key 2048
openssl req -x509 -new -nodes -key rootCA.key -subj "/CN=$NGROK_DOMAIN" -days 5000 -out rootCA.pem
openssl genrsa -out server.key 2048
openssl req -new -key server.key -subj "/CN=$NGROK_DOMAIN" -out server.csr
openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 5000

6. 在软件源代码目录下面会生成一些证书文件,我们需要把这些文件拷贝到指定位置

1
2
3
cp rootCA.pem assets/client/tls/ngrokroot.crt              
cp server.crt assets/server/tls/snakeoil.crt
cp server.key assets/server/tls/snakeoil.key

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
7. 如果是在天朝的服务器需要改,香港或者国外的服务器不需要

1
2
vi /usr/local/ngrok/src/ngrok/log/logger.go
log "github.com/keepeye/log4go"

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

指定编译环境变量,如何确认GOOS和GOARCH,可以通过go env来查看
8. 编译服务端

1
2
3
4
cd /usr/local/go/src
GOOS=linux GOARCH=amd64 ./make.bash
cd /usr/local/ngrok/
GOOS=linux GOARCH=amd64 make release-server

9. 编译生成ngrok [客户端] 我这里生成Linux amd64下的客户端
为go生成交叉编译环境,执行如下命令:
Linux 平台 32 位系统:GOOS=linux GOARCH=386
Linux 平台 64 位系统:GOOS=linux GOARCH=amd64
Windows 平台 32 位系统:GOOS=windows GOARCH=386
Windows 平台 64 位系统:GOOS=windows GOARCH=amd64

1
2
3
4
#这里是交叉编译,linux系统GOOS=linux,64位系统GOARCH=amd64,32位系统GOARCH=386
#当前系统可用go env查看
cd /usr/local/ngrok/
GOOS=linux GOARCH=amd64 make release-client

成功会在/usr/local/ngrok/bin目录下看到ngrok,复制到内网centos电脑上即可启动

cp /usr/local/ngrok/bin/ngrok /root/ngrok

传输到内网Centos服务器上
scp root@47.240.38.77:/root/ngrok /root/ngrok //ssh-keygen -R 47.240.38.77

10. 客户机ngrok旁边新建一个ngrok.cfg文件,内容如下:

1
2
cd /root
vi ngrok.cfg
1
2
server_addr: "hk.343co.com:4443"
trust_host_root_certs: false

服务端启动[80]

1
/usr/local/ngrok/bin/ngrokd -domain="hk.343co.com" -httpAddr=":80"

客户端使用[80]

1
2
3
chmod 777 ngrok
./ngrok -config=./ngrok.cfg -subdomain=blog 80                    
./ngrok -config=./ngrok.cfg -subdomain=test 22

Putty连接

ssh -p 2222 root@hk.343co.com

非常奇怪的是要 服务端启动[22] – 客户端使用[22] – 服务端启动[80] 才能正常启动,我也不知道为什么.

11. 同时启动多个端口
80端口,22端口,443端口同时启动

1
2
cd /root
vi ngrok.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
server_addr: "hk.343co.com:4443"
trust_host_root_certs: false
tunnels:
  http:
    subdomain: "www"
    proto:
      http: "80"
     
  https:
    subdomain: "www"
    proto:
      https: "443"
 
  ssh:
    proto:
      tcp: "22"

11-1. 服务端启动

1
2
cd /usr/local/ngrok/
/usr/local/ngrok/bin/ngrokd -domain="hk.343co.com" -httpAddr=":80"                  //这个会启动所有端口,进行监听

11-2. 客户端启动

1
2
chmod 777 ngrok
./ngrok -config=./ngrok.cfg -log=/root/ngroklog123.log start http https ssh

12. ssh边接
ssh -p 38175 root@hk.343co.com

13. 解决Ali VPS 连接失败问题,把log加进去,看是什么地方报错

客户端使用[80]

1
2
3
chmod 777 ngrok
./ngrok -config=./ngrok.cfg -log=/root/ngroklog.log -subdomain=blog 80                    
./ngrok -config=./ngrok.cfg -log=/root/ngroklog.log -subdomain=test 22

14. 报错 如下

1
2
3
4
5
6
7
8
9
10
11
12
13
[2019/08/27 09:37:46 EDT] [INFO] (ngrok/log.Info:112) Reading configuration file ./ngrok.cfg
[2019/08/27 09:37:46 EDT] [INFO] (ngrok/log.(*PrefixLogger).Info:83) [client] Trusting root CAs: [assets/client/tls/ngrokroot.crt]
[2019/08/27 09:37:46 EDT] [INFO] (ngrok/log.(*PrefixLogger).Info:83) [view] [web] Serving web interface on 127.0.0.1:4040
[2019/08/27 09:37:46 EDT] [DEBG] (ngrok/log.(*PrefixLogger).Debug:79) [view] [term] Waiting for update
[2019/08/27 09:37:46 EDT] [INFO] (ngrok/log.Info:112) Checking for update
[2019/08/27 09:37:54 EDT] [INFO] (ngrok/log.Info:112) No update available
[2019/08/27 09:38:07 EDT] [EROR] (ngrok/log.Error:120) control recovering from failure dial tcp 47.240.38.77:4443: getsockopt: connection refused
[2019/08/27 09:38:07 EDT] [INFO] (ngrok/log.Info:112) Waiting 1 seconds before reconnecting
[2019/08/27 09:38:08 EDT] [DEBG] (ngrok/log.(*PrefixLogger).Debug:79) [view] [term] Waiting for update
[2019/08/27 09:38:29 EDT] [EROR] (ngrok/log.Error:120) control recovering from failure dial tcp 47.240.38.77:4443: getsockopt: connection refused
[2019/08/27 09:38:29 EDT] [INFO] (ngrok/log.Info:112) Waiting 2 seconds before reconnecting
[2019/08/27 09:38:31 EDT] [DEBG] (ngrok/log.(*PrefixLogger).Debug:79) [view] [term] Waiting for update
[root@localhost ~]#  control recovering from failure dial tcp 47.240.38.77:4443: getsockopt: connection refused

原因:
阿里云没有打开443端口

解决办法:
阿里云后台 – 安全 – 防火墙 – 增加规则 [自定义 tcp 4443]

15. 上一步解决就完全成功了.

Administrator

Leave a Reply

Your email address will not be published. Required fields are marked *