ngrok note

ngrok

Basic

ngrok.com has been GFWed

Installation

  1. https://ngrok.com/download
  2. unzip ngrok.zip

Usage

Expose a local web server to the internet

1
$ ngrok http 8000

output will be like

1
2
3
4
5
6
7
8
9
10
ngrok by @inconshreveable     (Ctrl+C to quit)
Tunnel Status                 online
Version                       2.0.19/2.0.19
Web Interface                 http://127.0.0.1:4040
Forwarding                    http://c9f486b5.ngrok.io -> localhost:8000
Forwarding                    https://c9f486b5.ngrok.io -> localhost:8000
Connections                   ttl     opn     rt1     rt5     p50     p90
                              0       0       0.00    0.00    0.00    0.00

http://c9f486b5.ngrok.io also GFWed

TCP Tunnels

1
$ ./ngrok tcp 22

output will be like

1
2
3
4
5
6
7
8
9
ngrok by @inconshreveable     (Ctrl+C to quit)
Tunnel Status                 online
Version                       2.0.19/2.0.19
Web Interface                 http://127.0.0.1:4040
Forwarding                    tcp://0.tcp.ngrok.io:33213 -> localhost:22
Connections                   ttl     opn     rt1     rt5     p50     p90
                              0       0       0.00    0.00    0.00    0.00

ssh login

1
2
$ proxychains4 ssh username@0.tcp.ngrok.io -p 33213
# http://bumaociyuan.github.io/breakwall/2015/08/10/using-shadowsocks-in-terminal.html

Free server

TUNNEL是一个基于NGROK的免费网络服务

Setup ngrok on your own server

自行编译ngrok服务端客户端,替代花生壳,跨平台

Setup ngrok

1
2
3
4
$ cd /usr/local/src/
$ git clone https://github.com/inconshreveable/ngrok.git
$ export GOPATH=/usr/local/src/ngrok/
$ export NGROK_DOMAIN="yourdomain.com"
1
2
3
4
5
6
7
8
$ openssl genrsa -out rootCA.key 2048
$ openssl req -x509 -new -nodes -key rootCA.key -subj "/CN=$NGROK_DOMAIN" -days 5000 -out rootCA.pem
$ openssl genrsa -out device.key 2048
$ openssl req -new -key device.key -subj "/CN=$NGROK_DOMAIN" -out device.csr
$ openssl x509 -req -in device.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out device.crt -days 5000
$ cp rootCA.pem assets/client/tls/ngrokroot.crt
$ cp device.crt assets/server/tls/snakeoil.crt 
$ cp device.key assets/server/tls/snakeoil.key

Compiling server

Installl golang on Ubuntu

1
2
3
$ sudo apt-get install golang 					# do not use this
$ go version 									# v1.02 is too low
$ sudo apt-get remove --auto-remove golang		# remove golang v1.02

Install Golang 1.4 on Ubuntu

For 32bit machine

1
2
$ wget --no-check-certificate --no-verbose https://storage.googleapis.com/golang/go1.4.2.linux-386.tar.gz
$ tar -C /usr/local -xzf go1.4.2.linux-386.tar.gz

Add this line on your .bashrc

1
export PATH=$PATH:/usr/local/go/bin

Compile

1
2
3
$ GOOS=linux GOARCH=amd64 
$ make release-server
#如果是32位系统,这里 GOARCH=386

Error

1
2
3
4
GOOS="" GOARCH="" go get github.com/jteeuwen/go-bindata/go-bindata
# github.com/jteeuwen/go-bindata
src/github.com/jteeuwen/go-bindata/toc.go:47: function ends without a return statement
make: *** [bin/go-bindata] Error 2

解决办法

Start server

1
2
3
$ bin/ngrokd -domain="$NGROK_DOMAIN" -httpAddr=":8000" #client could not connect
# or
$ bin/ngrokd -tlsKey="assets/server/tls/snakeoil.key" -tlsCrt="assets/server/tls/snakeoil.crt" -domain="yourdomain.com"

Compiling client

Install golang on mac

https://golang.org/dl

Compile

Replace /usr/local/src/ngrok/src/ngrok/log/logger.go line 5 with 

1
2
log "github.com/keepeye/log4go"
# Thanks GFW
1
2
$ GOOS=darwin GOARCH=amd64
$ make release-client

Start client

Edit config.cfg

1
2
3
4
5
6
7
8
9
10
11
12
server_addr: "yourdomain.com:4443"
trust_host_root_certs: false
tunnels:
  http:
    subdomain: "subdomain"
    proto:
      http: "80"
 
  ssh:
    remote_port: 2222
    proto:
      tcp: "22"
1
2
3
$ ./ngrok -config config.cfg start http ssh
# or
$ ngrok -config config.cfg -subdomain=test 8000

Launch client in mac on startup using Launchd

1
2
# Add Program to run following line
<ngrok-path>/bin/ngrok -config <ngrok-path>/config.cfg start ssh

Error on server log

1
2
3
4
[09/23/15 01:42:27] [INFO] [tun:2a8cef20]New connection from ***.***.**.**:54043
[09/23/15 01:42:27] [DEBG] [tun:2a8cef20] Waiting to read message
[09/23/15 01:42:27] [WARN] [tun:2a8cef20] Failed to read message: remote error: bad certificate
[09/23/15 01:42:27] [DEBG] [tun:2a8cef20] Closing

Self Hosted ngrokd fails to allow client to connect

Solution

1
2
$ bin/ngrokd -tlsKey="assets/server/tls/snakeoil.key" -tlsCrt="assets/server/tls/snakeoil.crt" -domain="yourdomain.com"
# compile client with the same certificate

Add ngrok start up

1
$ vim /etc/rc.local

add line before exit

1
<ngrok-path>/ngrok -config config.cfg start http ssh > /dev/null &