Ngrok penetration service installation

Posted by ruraldev on Tue, 08 Mar 2022 10:21:46 +0100

What is ngrok? Ngrok enables you to establish a secure channel between the local computer and the external service through the public port of tcp.

In other words, the services we provide (such as web sites) do not need to be built on an external server. As long as we map the site through ngrok, others can directly access our services.

People who have done WeChat official account should be familiar with it. In the development of WeChat official account, WeChat will push the relevant information from our users to our own server because of the interaction behavior generated by users and WeChat official account. The premise of this push is that WeChat can access our services. If the service is locally, then WeChat can not be pushed to us, which makes debugging when developing functions is rather troublesome. Fortunately, with the ngrok tool, we can use ngrok to map out the local site and solve the real-time local debugging of user information and other messages pushed to us by wechat.

Unfortunately, the services provided by domestic visitors to the website are quite unstable and often can't be connected. You know why. Although there are many third-party ngrok services in China, such as natapp and peanut shell, they are not sure about their stability. QQ browser actually provides such services for WeChat official account, but it is too limited for WeChat development.

Fortunately, ngrok is open source. We can download its source code from Github and build such a service on our own Internet server.

Source address:

Next, let's start building the ngrok service.

1, Preparatory work

To set up the ngrok service, one day the Internet server and a domain name are resolved to the Internet server.
This paper is based on a VPS of the external network. The system version builds the ngrok service for the linux server of CentOS.
The domain name establishes two A records and resolves the domain name to the server to associate with the ngrok service.

2, Build service

1. Install go locale

ngrok is developed based on go language, so you need to install go language development environment first

  • CentOS can be installed using yum or up2date
$ sudo yum install golang
  • Or use the go installation package to install
# Download go package
$ wget
# Unzip package
$ tar zxvf go1.8.5.linux-amd64.tar.gz
# Move the software package to the / usr/local path
$ mv go /usr/local

After the installation is completed, execute go version and see the following information to prove that the installation is successful:

go version go1.8.5 linux/amd64

2. Install git

# install
$ yum install -y git
# Check whether the installation is successful
$ git --version

3. Download the source code of ngrok

# Enter / usr/local path
$ cd /usr/local
# clone ngrok source code
$ git clone
# Setting environment variables
$ export GOPATH=/usr/local/ngrok/
$ export NGROK_DOMAIN=""
# Enter the ngrok directory
$ cd ngrok

4. Generate self signed certificate

Use ngrok Com official service, we use the official SSL certificate. To establish our own ngrok service, we need to generate our own certificate and provide the ngrok client with the certificate.

The certificate generation process needs to have its own basic domain name, and the address randomly generated on the official website, such as 693c358d, the basic domain name is ngrok com. The secondary domain name proxy mentioned above chhweb. COM is used as the basic domain name to be provided this time. If your domain name is ABC COM, then the basic domain name can be set as ngrok

Taking my basic domain name as an example (please replace it with your own domain name), the process of generating the certificate is as follows:

$ openssl genrsa -out rootCA.key 2048
$ openssl req -x509 -new -nodes -key rootCA.key -subj "/" -days 5000 -out rootCA.pem
$ openssl genrsa -out device.key 2048
$ openssl req -new -key device.key -subj "/" -out device.csr
$ openssl x509 -req -in device.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out device.crt -days 5000

Before compiling the executable file, we need to replace the generated certificates into assets/client/tls and assets/server/tls respectively. These two directories store the default certificates of ngrok and ngrokd respectively.

# If the file already exists, it will be overwritten directly
$ cp rootCA.pem assets/client/tls/ngrokroot.crt
$ cp device.crt assets/server/tls/snakeoil.crt
$ cp device.key assets/server/tls/snakeoil.key

5. Compile ngrok

First of all, we need to know that ngrokd is the execution file of the server and ngrok is the execution file of the client.
Next, let's compile ngrokd. Under the ngrok directory, execute the following command:

$ make release-server release-client

The compilation process needs to wait for a while because the related dependent packages need to be installed through git. If you are prompted that you do not have permission, use the sudo command to install.

Because there are many platform versions on the client side, we need cross compilation to select the generated platform.
Compiled in windows, arm and linux versions, as follows:

$ GOOS=linux GOARCH=amd64 make release-server release-client
$ GOOS=windows GOARCH=amd64 make release-server release-client
$ GOOS=linux GOARCH=arm make release-server release-client

Different platforms use different GOOS and GOARCH. GOOS compiles the operating system for go (windows,linux,darwin), GOARCH, and the corresponding architecture (386,amd64,arm)

Linux Platform 32-bit system: GOOS=linux GOARCH=386
Linux Platform 64 bit system: GOOS=linux GOARCH=amd64
Windows Platform 32-bit system: GOOS=windows GOARCH=386
Windows Platform 64 bit system: GOOS=windows GOARCH=amd64
MAC Platform 32-bit system: GOOS=darwin GOARCH=386
MAC Platform 64 bit system: GOOS=darwin GOARCH=amd64

ARM Platform: GOOS=linux GOARCH=arm

Through the above steps, all client files will be generated, and the client files will be placed in the corresponding folder, such as windows 64 bit: windows_amd64, the ngrok file of the linux client in the bin directory.

6. Start the ngrok server

Please put bin/ngrokd into the environment variable and start the command:

$ ngrokd -domain="" -tunnelAddr=":8680" -httpAddr=":8681" -httpsAddr=":8682"

Where, - domain is your ngrok service domain name and - httpAddr is the http service port address. The access form is XXX ngrok. xxxxx. COM: 8088, which can also be set as the default port of 80, - httpsAddr is https service, the same as above.

After ngrokd starts, exit the command line to shut down the service. If you want to run in the background:

$ nohup ngrokd -domain="" -tunnelAddr=":8680" -httpAddr=":8681" -httpsAddr=":8682" &

Note that there should be a & sign at the end. Search nohup for details.

Shut down the service by:

$ ps -A   # Find PID and execute shutdown
$ kill xxxid

7. Start the ngrok client

As in the preparatory work, ngrok has been put into operation xxxxx. Resolve the domain name of com to the server, and then start the client to test whether it is available.

  • Create ngrok configuration file: ngrok cfg
# The port number is tunnelAddr port
server_addr: ""
trust_host_root_certs: false
  • Run the client to expose the local 4000 port site
$ ngrok -subdomain test -config=./config.cfg 4000

After entering, you will see the online interface, which indicates that the startup is successful.

Browser input: to view the page request.