内网一键生成 LetsEncrypt HTTPS证书 - 2 - ngrok

版权声明:更多精彩请关注 http://book.opschina.org, 或者加入QQ新群648503385,或者直接加微信:zzlyzq, 让天下没有难做的运维。< https://blog.csdn.net/vbaspdelphi/article/details/53186007

ngrok是在内网用户可以获得公网访问的一个非常棒的软件。

 找一台有公网地址的机器

我们找到了假设是公网A

找一个域名,用于传输流量

我们找到了,假设是ops.ac.cn,注意,ac.cn是域名哦,虽然是二级域名,但是ac.cn是中科院相关的域名机构。
而且我们要设置 泛域名 A记录到 公网A

搭建ngrok

如下脚本一气呵成, 胆儿大的可以直接试试。最终的目录是在/usr/local/ngrok下面

# 安装基本依赖
yum -y install zlib-devel openssl-devel perl hg cpio expat-devel gettext-devel curl curl-devel perl-ExtUtils-MakeMaker hg wget gcc gcc-c++
 asciidoc
yum remove -y git
wget https://www.kernel.org/pub/software/scm/git/git-2.6.0.tar.gz

tar zxvf git-2.6.0.tar.gz

cd git-2.6.0
make configure
./configure --prefix=/usr/local/git --with-iconv=/usr/local/libiconv
make all doc
make install install-doc install-html
echo "export PATH=$PATH:/usr/local/git/bin" >> /etc/bashrc
source /etc/bashrc

ln -s /usr/local/git/bin/* /usr/bin/


# 安装go环境
yum install -y mercurial bzr subversion

wget https://storage.googleapis.com/golang/go1.4.1.linux-amd64.tar.gz

tar -C /usr/local -xzf go1.4.1.linux-amd64.tar.gz

mkdir $HOME/go

echo 'export GOROOT=/usr/local/go' >> ~/.bashrc 

echo 'export GOPATH=$HOME/go' >> ~/.bashrc 

echo 'export PATH=$PATH:$GOROOT/bin:$GOPATH/bin' >> ~/.bashrc 

source $HOME/.bashrc 

ln -s /usr/local/go/bin/* /usr/bin/

# 编译ngrok
cd /usr/local/
git clone https://github.com/inconshreveable/ngrok.git
export GOPATH=/usr/local/ngrok/
export NGROK_DOMAIN="ops.ac.cn"
cd ngrok

# 为域名生成证书
openssl genrsa -out rootCA.key 2048
openssl req -x509 -new -nodes -key rootCA.key -subj "/CN=$NGROK_DOMAIN" -days 5000 -out rootCA.pem
openssl genrsa -out server.key 2048
openssl req -new -key server.key -subj "/CN=$NGROK_DOMAIN" -out server.csr
openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 5000


cp rootCA.pem assets/client/tls/ngrokroot.crt

cp server.crt assets/server/tls/snakeoil.crt

cp server.key assets/server/tls/snakeoil.key

sed '5 ilog "github.com/keepeye/log4go"' -i /usr/local/ngrok/src/ngrok/log/logger.go

# 编译服务端
cd /usr/local/go/src 
GOOS=linux GOARCH=amd64 ./make.bash
cd /usr/local/ngrok/
GOOS=linux GOARCH=amd64 make release-server
GOOS=linux GOARCH=amd64 make release-client

# 编译客户端
cd /usr/local/go/src
GOOS=darwin GOARCH=amd64 ./make.bash
cd /usr/local/ngrok/
GOOS=darwin GOARCH=amd64 make release-client

cd /usr/local/go/src
GOOS=windows GOARCH=amd64 ./make.bash
cd /usr/local/ngrok/
GOOS=windows GOARCH=amd64 make release-client

ngrok服务启动

#!/bin/bash

cd /usr/local/ngrok/
./bin/ngrokd -tlsKey="assets/server/tls/snakeoil.key" -tlsCrt="assets/server/tls/snakeoil.crt" -domain="ops.ac.cn"

客户端连接

# 配置文件准备
server_addr: "ops.ac.cn:4443"
trust_host_root_certs: false

ngrok出现”bad certificate”的原因:
1. 看准了, server_address居然是直接使用的主域名,
2. 编译出来的ngrok程序一定是使用和server相同的证书产生的。如果server编译出来的在本地运行的时候出现“segment fault“,那么可以尝试着将/usr/local/ngrok放到本地,然后运行编译客户端的几行代码重新编译即可。
3. 客户端启动的配置文件中,trust_host_root_certs选项,除非你的证书是第三方的,否则就乖乖的使用false吧

展开阅读全文

没有更多推荐了,返回首页