ngrok是在内网用户可以获得公网访问的一个非常棒的软件。
找一台有公网地址的机器
我们找到了假设是公网A
找一个域名,用于传输流量
我们找到了,假设是ops.ac.cn,注意,ac.cn是域名哦,虽然是二级域名,但是ac.cn是中科院相关的域名机构。
而且我们要设置 泛域名 A记录到 公网A
搭建ngrok
如下脚本一气呵成, 胆儿大的可以直接试试。最终的目录是在/usr/local/ngrok下面
# 安装基本依赖
yum -y install zlib-devel openssl-devel perl hg cpio expat-devel gettext-devel curl curl-devel perl-ExtUtils-MakeMaker hg wget gcc gcc-c++
asciidoc
yum remove -y git
wget https://www.kernel.org/pub/software/scm/git/git-2.6.0.tar.gz
tar zxvf git-2.6.0.tar.gz
cd git-2.6.0
make configure
./configure --prefix=/usr/local/git --with-iconv=/usr/local/libiconv
make all doc
make install install-doc install-html
echo "export PATH=$PATH:/usr/local/git/bin" >> /etc/bashrc
source /etc/bashrc
ln -s /usr/local/git/bin/* /usr/bin/
# 安装go环境
yum install -y mercurial bzr subversion
wget https://storage.googleapis.com/golang/go1.4.1.linux-amd64.tar.gz
tar -C /usr/local -xzf go1.4.1.linux-amd64.tar.gz
mkdir $HOME/go
echo 'export GOROOT=/usr/local/go' >> ~/.bashrc
echo 'export GOPATH=$HOME/go' >> ~/.bashrc
echo 'export PATH=$PATH:$GOROOT/bin:$GOPATH/bin' >> ~/.bashrc
source $HOME/.bashrc
ln -s /usr/local/go/bin/* /usr/bin/
# 编译ngrok
cd /usr/local/
git clone https://github.com/inconshreveable/ngrok.git
export GOPATH=/usr/local/ngrok/
export NGROK_DOMAIN="ops.ac.cn"
cd ngrok
# 为域名生成证书
openssl genrsa -out rootCA.key 2048
openssl req -x509 -new -nodes -key rootCA.key -subj "/CN=$NGROK_DOMAIN" -days 5000 -out rootCA.pem
openssl genrsa -out server.key 2048
openssl req -new -key server.key -subj "/CN=$NGROK_DOMAIN" -out server.csr
openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 5000
cp rootCA.pem assets/client/tls/ngrokroot.crt
cp server.crt assets/server/tls/snakeoil.crt
cp server.key assets/server/tls/snakeoil.key
sed '5 ilog "github.com/keepeye/log4go"' -i /usr/local/ngrok/src/ngrok/log/logger.go
# 编译服务端
cd /usr/local/go/src
GOOS=linux GOARCH=amd64 ./make.bash
cd /usr/local/ngrok/
GOOS=linux GOARCH=amd64 make release-server
GOOS=linux GOARCH=amd64 make release-client
# 编译客户端
cd /usr/local/go/src
GOOS=darwin GOARCH=amd64 ./make.bash
cd /usr/local/ngrok/
GOOS=darwin GOARCH=amd64 make release-client
cd /usr/local/go/src
GOOS=windows GOARCH=amd64 ./make.bash
cd /usr/local/ngrok/
GOOS=windows GOARCH=amd64 make release-client
ngrok服务启动
#!/bin/bash
cd /usr/local/ngrok/
./bin/ngrokd -tlsKey="assets/server/tls/snakeoil.key" -tlsCrt="assets/server/tls/snakeoil.crt" -domain="ops.ac.cn"
客户端连接
# 配置文件准备
server_addr: "ops.ac.cn:4443"
trust_host_root_certs: false
ngrok出现”bad certificate”的原因:
1. 看准了, server_address居然是直接使用的主域名,
2. 编译出来的ngrok程序一定是使用和server相同的证书产生的。如果server编译出来的在本地运行的时候出现“segment fault“,那么可以尝试着将/usr/local/ngrok放到本地,然后运行编译客户端的几行代码重新编译即可。
3. 客户端启动的配置文件中,trust_host_root_certs选项,除非你的证书是第三方的,否则就乖乖的使用false吧