NGROK 服务器搭建


NGROK 服务器搭建


1. 准备证书

1. 免费通配符域名CA证书

1. 安装必须的软件

Certbot的包装在EPEL(Enterprise Linux的额外软件包)中。要使用Certbot,必须首先启用EPEL存储库
yum -y install yum-utils
yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional

sudo yum install python2-certbot-nginx

2. 开始申请

sudo certbot -a dns-plugin -i nginx -d "*.betteryuan.top" -d betteryuan.top --server https://acme-v02.api.letsencrypt.org/directory
certbot certonly  -d "*.betteryuan.top" --manual --preferred-challenges dns-01  --server https://acme-v02.api.letsencrypt.org/directory
根据交互命令输入
生成的证书在下面生成
ls /etc/letsencrypt/live/betteryuan.top/

因为证书的有效期只有90天,所以我们需要通过以下方式来续期
可以通过以下命令来测试自动续期功能是否正常:
$ sudo certbot renew --dry-run
如果正常,我们可以通过系统的cron任务来定时执行续期命令:
$ certbot renew

设置一个定时任务crontab -e
0 23,7 * * * python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew

当前路径/root
mkdir cert
cp /etc/letsencrypt/live/betteryuan.top/* ./cert

openssl rsa -in privkey.pem -out server.key
openssl x509 -in cert.pem -out server.crt
cp server.crt ca.crt

3. 直接运行docker

docker pull yangqiang/ngrok-server:2.0.2
docker run  -d --net host -e DOMAIN="betteryuan.top" -v /root/certs/server.key:/server.key -v /root/certs/server.crt:/server.crt -v /root/certs/ca.crt:/ngrok/asserts/client/tls/ngrokroot.crt -v /usr/bin:/ngrok/bin yangqiang/ngrok-server:2.0.2

4. 通过docker-compse运行服务端

ngrok-server:
restart: always
container_name : 'ngrok-server'
image : 'yangqiang/ngrok-server:2.0.2'
ports:
    - "1080:80"
    - "1443:443"
    - "4443:4443"
environment :
    TZ: 'Asia/Shanghai'
    DOMAIN: "betteryuan.top"
 volumes :
    - '/root/certs/server.key:/server.key'
    - '/root/certs/server.crt:/server.crt'
    - '/root/certs/ca.crt:/ngrok/assets/client/tls/ngrokroot.crt'
    - '/usr/bin:/ngrok/bin'

docker-compose up [-d] 运行
可以看到 宿主的1080端口会映射到docker的80端口,其他和这相同
$ root     19303  2150  0 14:26 ?        00:00:00 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 4443 -container-ip 172.17.0.2 -container-port 4443
$ root     19314  2150  0 14:26 ?        00:00:00 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 1443 -container-ip 172.17.0.2 -container-port 443
$ root     19325  2150  0 14:26 ?        00:00:00 /usr/bin/docker-proxy -proto tcp -host-ip 0.0.0.0 -host-port 1080 -container-ip 172.17.0.2 -container-port 80

5. 客户端

如果客户端是和服务端相同的系统,拷贝服务端/usr/bin/ngrok 到客户端
 添加文件ngrok.yml
 server_addr: your.domain:4443
 trust_host_root_certs: false
 tunnels:
    gitlab:
    subdomain: gitlab
    proto:
        http: 80


 $ chmod +x ngrok
 $ ./ngrok -config=ngrok.yml start gitlab
 这样你就可以通过gitlab.betteryuan.top 访问 客户端80端口的服务了

如果客户端和服务端系统不同,需要自己编译ngrok
git clone https://github.com/inconshreveable/ngrok.git
把服务器端生成好的文件拷贝过来
$ cp ca.crt assets/client/tls/ngrokroot.crt
$ cp server.crt assets/server/tls/server.crt
$ cp server.key assets/server/tls/server.key

$ make all
最终会在bin下生成ngrok和ngrokd

引用: ngrok搭建指南 Ngrok服务端搭建 免费通配符域名CA证书