反向代理軟件ngrok

反向代理軟件：ngrok1.7 (2.0後不開源了）
做用：經過搭建ngrok內網穿透服務器，可實現web服務器本地化，tcp、udp轉發，簡單來講就是能夠讓你的本地服務
暴露在外網上面，能夠經過外網訪問
環境：CentOS Linux release 7.4.1708 (Core)
1、域名解析
A記錄 ：ngrok.xfs.com.cn --x.x.x.x
泛解析 *.ngrok.xfs.com.cn -x.x.x.x

2、go環境搭建
yum install go
3、安裝git環境
yum install git
4、獲取ngrok源碼
獲取源碼：
git clone https://github.com/inconshreveable/ngrok.git
5、編譯

cd
cd ngrok
export NGROK_DOMAIN="ngrok.xfs.com.cn"

2). 生成自簽名ssl證書

openssl genrsa -out rootCA.key 2048
openssl req -x509 -new -nodes -key rootCA.key -subj "/CN=$NGROK_DOMAIN" -days 5000 -out rootCA.pem
openssl genrsa -out device.key 2048
openssl req -new -key device.key -subj "/CN=$NGROK_DOMAIN" -out device.csr
openssl x509 -req -in device.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out device.crt -days 5000

3). 替換證書

\cp rootCA.pem assets/client/tls/ngrokroot.crt
\cp device.crt assets/server/tls/snakeoil.crt
\cp device.key assets/server/tls/snakeoil.key

4).設置變量：
GOOS=linux GOARCH=amd64
32位系統， GOARCH=386
5).生成服務端和客戶端
make release-server release-client
編譯以後，就會在ngrok源碼的bin目錄下生成兩個可執行文件：ngrokd、ngrok。其中ngrokd就是ngrok的服務端程序，ngrok就是ngrok的客戶端程序。
6、ngrokd服務啓動與使用
1).啓動ngrokd服務端
臨時啓動：

cd ngrok
bin/ngrokd -domain="ngrok.xfs.com.cn" -httpAddr=":80"

---

解析：

Usage of ./ngrokd:
-domain string
Domain where the tunnels are hosted (default "ngrok.com")
-httpAddr string
Public address for HTTP connections, empty string to disable (default ":80")
-httpsAddr string
Public address listening for HTTPS connections, emptry string to disable (default ":443")
-log string
Write log messages to this file. 'stdout' and 'none' have special meanings (default "stdout")
-log-level string
The level of messages to log. One of: DEBUG, INFO, WARNING, ERROR (default "DEBUG")
-tlsCrt string
Path to a TLS certificate file
-tlsKey string
Path to a TLS key file
-tunnelAddr string
Public address listening for ngrok client (default ":4443")
2).啓動ngrokd客戶端
建立ngrok.cfg配置文件
server_addr: "ngrok.xfs.com:4443"
trust_host_root_certs: false

客戶端解析：

Options:
-authtoken string
Authentication token for identifying an ngrok.com account
-config string
Path to ngrok configuration file. (default: $HOME/.ngrok)
-hostname string
Request a custom hostname from the ngrok server. (HTTP only) (requires CNAME of your DNS)
-httpauth string
username:password HTTP basic auth creds protecting the public tunnel endpoint
-log string
Write log messages to this file. 'stdout' and 'none' have special meanings (default "none")
-log-level string
The level of messages to log. One of: DEBUG, INFO, WARNING, ERROR (default "DEBUG")
-proto string
The protocol of the traffic over the tunnel {'http', 'https', 'tcp'} (default: 'http+https') (default "http+https")
-subdomain string
Request a custom subdomain from the ngrok server. (HTTP only)
Examples:
ngrok 80
ngrok -subdomain=example 8080
ngrok -proto=tcp 22
ngrok -hostname="example.com" -httpauth="user:password" 10.0.0.1

Advanced usage: ngrok [OPTIONS] <command> [command args] [...]
Commands:
ngrok start [tunnel] [...] Start tunnels by name from config file
ngork start-all Start all tunnels defined in config file
ngrok list List tunnel names from config file
ngrok help Print help
ngrok version Print ngrok version
Examples:
ngrok start www api blog pubsub
ngrok -log=stdout -config=ngrok.yml start ssh
ngrok start-all
ngrok version

---

客戶端配置文件：

server_addr: "ngrok.xfs.com.cn:4443"
tunnels:
mstsc:
remote_port: 1494
proto:
tcp: ":1494"
web: 
subdomain: citirx
proto:
http: ":8172"

windows批處理

cd %cd%
ngrok start mstsc citrix