当前位置:网站首页>A complete detailed tutorial on building intranet penetration ngrok (with pictures and truth)
A complete detailed tutorial on building intranet penetration ngrok (with pictures and truth)
2022-08-03 17:09:00 【InfoQ】
如上 Everything found online is unstable Might as well build one yourself.Go ask the lady,发现了一堆.好吧,Then get started.
准备工作(In fact, it is also a hard condition):
1.服务器一台
2.备案域名一个.(A lot of people say it's okay not to file,我也不知道真假,I'm ready)
工具:
1.远程连接工具:xshell 或者 putty .(Don't care what it is It's fine to be able to connect Choose according to personal habits)
2.下载工具:winscp(This is my favorite ha) Of course, it is also possible to use commands.
安装:
1.git安装
# 安装git
yum -y install zlib-devel openssl-devel perl hg cpio expat-devel gettext-devel curl curl-devel perl-ExtUtils-MakeMaker hg wget gcc gcc-c++
This command was told to me by Du Niang 那啥 要是不好使 Just find an installationgittutorial or something I'm done with thisok了
由于ngrok是在goIt is developed on the basis of so install it firstgo(go语言完全不同 这不重要 Just install it)
2.安装go
I think the server downloadsgo太慢了 So I decided to download locally uploading to the server
下载地址:
Go下载 - Go语言中文网 - Golang中文社区
(我觉得这个挺好的)
下载linux版的 Numbers are looking good,These details must be paid attention to.
下载后 用winscp uploaded to the server /usr/local/下
解压
tar -zxvf go1.12.4.linux-amd64.tar.gz /usr/local/
available in the directory go 的目录
At this time, a soft connection needs to be made(为什么做 我也不知道啊 Which god can guide me)
# goThe command needs to do a soft link to/usr/bin
ln -s /usr/local/go/bin/* /usr/bin/
做完这些 Finally, set the global environment variables
export GOROOT=/usr/local/go
export GOPATH=$HOME/go
export PATH=$PATH:$GOROOT/bin
使环境生效
source /etc/profile
好了 到这 我们的go安装完了 Check if the installation is successful
go version
go env
执行其中一个 The corresponding can appear 代表安装成功
3.安装ngrok
为了查找方便 also installedlocal目录下
cd /usr/local/
//ngrok下载地址
git clone https://github.com/inconshreveable/ngrok.git
这个地址可以git下载 再传上去 也可以fockinto your project
You can see one after the download is complete ngrok的文件夹
配置 ngrok的环境变量
export GOPATH=/usr/local/ngrok/
#Write your own domain name here,不要前缀,比如www.abc.club 填写abc.club (域名已备案)
export NGROK_DOMAIN="abc.club"
4.生成ngrokcertificate and overwrite the original certificate
cd /usr/local/ngrok
openssl genrsa -out rootCA.key 2048
openssl req -x509 -new -nodes -key rootCA.key -subj "/CN=$NGROK_DOMAIN" -days 5000 -out rootCA.pem
openssl genrsa -out server.key 2048
openssl req -new -key server.key -subj "/CN=$NGROK_DOMAIN" -out server.csr
openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 5000
The above command is copied 不必介意 is to generate the certificate
Override certificate The following commands are split Finish each one will make you sure 按 y 就可以
cp rootCA.pem assets/client/tls/ngrokroot.crt
cp server.crt assets/server/tls/snakeoil.crt
cp server.key assets/server/tls/snakeoil.key
到此 安装配置结束
生成服务端
进入ngrok的目录
cd /usr/local/ngrok/
Execute the build server 其中amd64代表64位的linux系统 如果是32位的 改为:GOARCH=386
GOOS=linux GOARCH=amd64 make release-server
生成成功后 会在ngrok的bin下有一个ngrokd文件夹 即代表成功
生成客户端
和服务端一样
cd /usr/local/ngrok/
GOOS=windows GOARCH=amd64 make release-client
会在ngrok的bin下有一个windows_amd64文件夹 即代表成功
Below are versions of different systems that generate different clients 替换GOODS 和GOARCH的值即可
#Linux 平台 32 位系统:GOOS=linux GOARCH=386
#Linux 平台 64 位系统:GOOS=linux GOARCH=amd64
#Windows 平台 32 位系统:GOOS=windows GOARCH=386
#Windows 平台 64 位系统:GOOS=windows GOARCH=amd64
#MAC 平台 32 位系统:GOOS=darwin GOARCH=386
#MAC 平台 64 位系统:GOOS=darwin GOARCH=amd64
#ARM 平台:GOOS=linux GOARCH=arm
服务端的启动
在ngrock下执行
./bin/ngrokd -tlsKey=server.key -tlsCrt=server.crt -domain="abc.club" -httpAddr=":80" -httpsAddr=":443" -tunnelAddr=":4443"
参数说明:
#-domain 访问ngrokIt is the set service address when generating the certificate
#-httpAddr http协议端口 默认为80
#-httpsAddr https协议端口 默认为443
#-tunnelAddr 通道端口 默认4443
一定要注意 domain 代表 域名 Then this domain name is the domain name of the environment variable you defined earlier 千万不要错.
启动成功显示:
可以看出 监听80端口 443 端口 4443端口 并且30Execute a monitor every second 启动成功
Mapping settings for second-level domain names
这个 跟简单 But it is important as follows
Use general analysis Resolve first-level domain names 3level has not been studied Just follow the above analysis
客户端的启动
用winscp将生成的windows_amd64拉倒本地
里面只有一个ngrok.exe程序
同目录下新建ngrok.cfg文件 File types are customizable But be careful when doing it
ngrok.cfg内容
server_addr: "abc.club:4443"
trust_host_root_certs: false
server_addr: "abc.club:4443" 其中 abc.clubOr the domain name you set up yourself 4443Is the listening port when the server area starts 保持一致 (Change it all If you don't change, don't move)
The client has two startup methods:
1.cmd到windows_amd64根目录下
直接执行以下命令
ngrok -config=./ngrok.cfg -subdomain=test 8080
#参数说明
ngrok.cfg 刚才新建的文件
-subdomain=test test:The penetrated domain name prefix
8080 :Passthrough domain name mapping port
启动
代表成功 Access the assigned domain name
2.写一个.bat的脚本
boom.bat的内容
@echo OFF
color 0a
Title boom Ngrok启动工具
Mode con cols=109 lines=30
:START
set /p clientid= 请输入前缀:
echo.
set /p port= 请输入端口:
echo.
ngrok -config=ngrok.cfg -subdomain %clientid% %port%
PAUSE
goto TUNNEL
简单些 You can also get some patterns or something 根据个人喜好
Access the assigned domain name
图形界面
项目启动后 访问127.0.0.1:4040或者localhost:4040
将ngrok设置为系统服务 并且开机自启
编辑
vim /etc/rc.d/init.d/ngrok
ngrok内容
#!/bin/bash
#chkconfig: - 99 01
#description:ngrok
case "$1" in
start)
echo "start ngrok service.."
cd /usr/local/ngrok/
setsid ./bin/ngrokd -tlsKey=server.key -tlsCrt=server.crt -domain="abc.club" -httpAddr=":80" -httpsAddr=":443" -tunnelAddr=":4443"
;;
*)
exit 1
;;
esac
###参数说明:
### cd /usr/local/ngrok/:进入ngrok目录
### setsid:Start without this The result closes the window Found that the service stopped Plus it's easy to use now
### setsid ./bin/ngrokd -tlsKey=server.key -tlsCrt=server.crt -domain="abc.club" -httpAddr=":80" -httpsAddr=":443" -tunnelAddr=":4443" :启动ngrok服务端命令
给该配置文件权限
chmod 755 ngrok
注册为系统服务
chkconfig --add ngrok
然后查看是否添加成功
chkconfig
启动
service ngrok start
If it can appear and directly hit the command to appear before the monitor30s界面 则添加成功
设置为开机自启
After adding it as a system service ngrok状态都是off So it needs to be set to start automatically
systemctl enable ngrok.service //加入开机启动
systemctl daemon-reload //重新加载配置文件
重启服务器 Directly enable client detection
注意事项
服务端 启动成功 客户端连不上:
是因为 防火墙 端口没有开放443 4443 8080 等 All open
After opening, the firewall can be closed 没什么大用
开了之后 还是连不上 This requires you to go to the cloud server to set the inbound rules of the security group:
Just set it up It's okay to build 没有太多的问题 一路很顺
Code word code map is not easy 且看且珍惜
如有问题 Guidance is welcome 谢谢
边栏推荐
- Detailed explanation of setting HiSilicon MMZ memory and OS memory
- 11. Container With Most Water
- 【云驻共创】【HCSD大咖直播】亲授大厂面试秘诀
- 204. Count Primes
- Huawei, Lenovo, BAIC, etc. were selected as the first batch of training bases for "Enterprise Digital Transformation and Security Capability Improvement" by the Ministry of Industry and Information Te
- LeetCode·899.有序队列·最小表示法
- 通用型安全监测数据管理系统
- Excuse me this hologres dimension table is cached?How to Finished
- C专家编程 第3章 分析C语言的声明 3.3 优先级规则
- sphinx error connection to 127.0.0.1:9312 failed (errno=0, msg=)
猜你喜欢
随机推荐
酷开科技 × StarRocks:统一 OLAP 分析引擎,全面打造数字化的 OTT 模式
sibling component communication context
node连接mongoose数据库流程
高效的组织信息共享知识库是一种宝贵的资源
【Metaverse系列一】元宇宙的奥秘
#yyds干货盘点# 面试必刷TOP101:两个链表的第一个公共结点
产品-Axure9英文版,轮播图效果
C专家编程 第2章 这不是Bug,而是语言特性 2.2 多做之过
C专家编程 第1章 C:穿越时空的迷雾 1.9 阅读ANSI C标准,寻找乐趣和裨益
401. Binary Watch
最强分布式锁工具:Redisson
TypeScript的配置文件tsconfig.json
The strongest distributed lock tool: Redisson
[Unity Starter Plan] Making RubyAdventure01 - Player Creation & Movement
vant自动上传图片/文件
【LeetCode】899. 有序队列
#夏日挑战赛#【FFH】OpenHarmony设备开发基础(四)启动流程
405. Convert a Number to Hexadecimal
JSON.stringify()的深入学习和理解
Web3的开源为何会如此受到人们喜爱?