内网穿透的原理

image.png

内网穿透的实现

使用一位博主的代码

  1. #!/bin/bash
  2. # -*- coding: UTF-8 -*-
  3. #############################################
  4. #作者网名:Tommy                            #
  5. #作者博客:www.iyunw.cn                     #
  6. #作者QQ:351937287                          #
  7. #############################################
  8. # 获取当前脚本的路径。为什么不直接用pwd,pwd是打印当前执行这条脚本所在的绝对路径。
  9. SELFPATH=$(cd "$(dirname "$0")"; pwd)
  10. #echo '请输入你的域名'
  11. #read DOMAIN
  12. #安装ngrok需要的依赖包
  13. install_yilai(){
  14.     yum -y install zlib-devel openssl-devel perl hg cpio expat-devel gettext-devel curl curl-devel perl-ExtUtils-MakeMaker hg wget gcc gcc-c++ unzip
  15. }
  16. #git可以使用yum安装,并无差别
  17. # 安装git
  18. install_git(){
  19.     unstall_git
  20.     if [ ! -f $SELFPATH/git-2.6.0.tar.gz ];then
  21.         wget http://img.iyunw.cn/git-2.6.0.tar.gz
  22.     fi
  23.     tar zxvf git-2.6.0.tar.gz
  24.     cd git-2.6.0
  25.     ./configure --prefix=/usr/local/git
  26.     make
  27.     make install
  28.     ln -s /usr/local/git/bin/* /usr/bin/
  29.     rm -rf $SELFPATH/git-2.6.0
  30. }
  32. # 卸载git
  33. unstall_git(){
  34.     rm -rf /usr/local/git
  35.     rm -rf /usr/local/git/bin/git
  36.     rm -rf /usr/local/git/bin/git-cvsserver
  37.     rm -rf /usr/local/git/bin/gitk
  38.     rm -rf /usr/local/git/bin/git-receive-pack
  39.     rm -rf /usr/local/git/bin/git-shell
  40.     rm -rf /usr/local/git/bin/git-upload-archive
  41.     rm -rf /usr/local/git/bin/git-upload-pack
  42. }
  43. ###
  44. # 安装go
  45. install_go(){
  46.     cd $SELFPATH
  47.     uninstall_go
  48.     # 动态链接库,用于下面的判断条件生效
  49.     ldconfig
  50.     # 判断操作系统位数下载不同的安装包
  51.     #int型在32和64位系统中都是4给字节,但是64位中long型是8个字节
  52.     if [ $(getconf WORD_BIT) = '32' ] && [ $(getconf LONG_BIT) = '64' ];then
  53.         # 判断文件是否已经存在
  54.         if [ ! -f $SELFPATH/go1.7.6.linux-amd64.tar.gz ];then
  55.             wget http://img.iyunw.cn/go1.7.6.linux-amd64.tar.gz
  56.         fi
  57.         tar zxvf go1.7.6.linux-amd64.tar.gz
  58.     else
  59.         if [ ! -f $SELFPATH/go1.7.6.linux-386.tar.gz ];then
  60.             wget http://img.iyunw.cn/go1.7.6.linux-386.tar.gz
  61.         fi
  62.         tar zxvf go1.7.6.linux-386.tar.gz
  63.     fi
  64.     mv go /usr/local/
  65.     ln -s /usr/local/go/bin/* /usr/bin/
  66. }
  68. # 卸载go
  69. uninstall_go(){
  70.     rm -rf /usr/local/go
  71.     rm -rf /usr/bin/go
  72.     rm -rf /usr/bin/godoc
  73.     rm -rf /usr/bin/gofmt
  74. }
  76. # 安装ngrok
  77. install_ngrok(){
  78.     echo '请输入你的域名'
  79.     read DOMAIN
  80.     GOOS=`go env | grep GOOS | awk -F\" '{print $2}'` #转义"
  81.     #    GOOS=`go env | grep GOOS | awk -F '"' '{print $2}'`  单引号内内容,shell不做处理,两者效果一致
  82.     GOARCH=`go env | grep GOARCH | awk -F\" '{print $2}'`
  83.     uninstall_ngrok
  84.     cd /usr/local
  85.     if [ ! -f /usr/local/ngrok.zip ];then
  86.         cd /usr/local/
  87.         wget http://img.iyunw.cn/ngrok.zip #资源是博主网站的
  88.     fi
  89.     unzip ngrok.zip
  90.     export GOPATH=/usr/local/ngrok/
  91.     export NGROK_DOMAIN=$DOMAIN
  92.     cd ngrok
  93.     openssl genrsa -out rootCA.key 2048
  94.     openssl req -x509 -new -nodes -key rootCA.key -subj "/CN=$NGROK_DOMAIN" -days 5000 -out rootCA.pem
  95.     openssl genrsa -out server.key 2048
  96.     openssl req -new -key server.key -subj "/CN=$NGROK_DOMAIN" -out server.csr
  97.     openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 5000
  98.     cp rootCA.pem assets/client/tls/ngrokroot.crt
  99.     cp server.crt assets/server/tls/snakeoil.crt
  100.     cp server.key assets/server/tls/snakeoil.key
  101.     # 替换下载源地址 s 替换动作允许其他字符作为分割符,#代替/ 避免歧义。-i 直接修改源文件
  102.     sed -i 's#github.com/alecthomas/log4go#github.com/keepeye/log4go#' /usr/local/ngrok/src/ngrok/log/logger.go
  103.     cd /usr/local/go/src
  104.     GOOS=$GOOS GOARCH=$GOARCH ./make.bash
  105.     cd /usr/local/ngrok
  106.     GOOS=$GOOS GOARCH=$GOARCH make release-server
  107.     echo "install done"
  108.     # /usr/local/ngrok/bin/ngrokd -domain=$NGROK_DOMAIN -httpAddr=":80" &
  109.     # echo "/usr/local/ngrok/bin/ngrokd -domain=$NGROK_DOMAIN -httpAddr=':80' &" >>/etc/rc.local
  110. }
  112. # 卸载ngrok
  113. uninstall_ngrok(){
  114.     rm -rf /usr/local/ngrok
  115. }
  117. # 编译客户端
  118. compile_client(){
  120.     GOOS=`go env | grep GOOS | awk -F\" '{print $2}'`
  121.     GOARCH=`go env | grep GOARCH | awk -F\" '{print $2}'`
  122.     cd /usr/local/go/src
  123.     GOOS=$1 GOARCH=$2 ./make.bash
  124.     cd /usr/local/ngrok/
  125.     GOOS=$1 GOARCH=$2 make release-client
  126. }
  128. # 生成客户端
  129. client(){
  130.     echo '请输入你的域名'
  131.     read DOMAIN
  132.     echo "1、Linux 32位"
  133.     echo "2、Linux 64位"
  134.     echo "3、Windows 32位"
  135.     echo "4、Windows 64位"
  136.     echo "5、Mac OS 32位"
  137.     echo "6、Mac OS 64位"
  138.     echo "7、Linux ARM"
  140.     read num
  141.     case "$num" in
  142.         [1] )
  143.             compile_client linux 386
  144.         ;;
  145.         [2] )
  146.             compile_client linux amd64
  147.         ;;
  148.         [3] )
  149.             compile_client windows 386
  150.         ;;
  151.         [4] ) 
  152.             compile_client windows amd64
  153.         ;;
  154.         [5] ) 
  155.             compile_client darwin 386
  156.         ;;
  157.         [6] ) 
  158.             compile_client darwin amd64
  159.         ;;
  160.         [7] ) 
  161.             compile_client linux arm
  162.         ;;
  163.         *) echo "选择错误,退出";;
  164.     esac
  166. }
  169. echo "请输入下面数字进行选择"
  170. echo "------------------------"
  171. echo "1、全新安装"
  172. echo "2、安装依赖"
  173. echo "3、安装git"
  174. echo "4、安装go环境"
  175. echo "5、安装ngrok"
  176. echo "6、生成客户端"
  177. echo "7、卸载"
  178. echo "8、启动服务"
  179. echo "9、查看配置文件"
  180. echo "------------------------"
  181. read num
  182. case "$num" in
  183.     [1] )
  184.         install_yilai
  185.         install_git
  186.         install_go
  187.         install_ngrok
  188.     ;;
  189.     [2] )
  190.         install_yilai
  191.     ;;
  192.     [3] )
  193.         install_git
  194.     ;;
  195.     [4] )
  196.         install_go
  197.     ;;
  198.     [5] )
  199.         install_ngrok
  200.     ;;
  201.     [6] )
  202.         client
  203.     ;;
  204.     [7] )
  205.         unstall_git
  206.         uninstall_go
  207.         uninstall_ngrok
  208.     ;;
  209.     [8] )
  210.         echo "输入启动域名"
  211.         read domain
  212.         echo "启动端口"
  213.         read port
  214.         /usr/local/ngrok/bin/ngrokd -domain=$domain -httpAddr=":$port"
  215.     ;;
  216.     [9] )
  217.         echo "输入启动域名"
  218.         read domain
  219.         echo server_addr: '"'$domain:4443'"'
  220.         echo "trust_host_root_certs: false"
  221.     ;;
  222.     *) echo "";;
  223. esac

服务器启动ngrokd 

  1. nohup ./ngrokd -domain=home.xxxxx.top -tunnelAddr=':4443' -httpAddr=":99" -httpsAddr=":999" $
  2. //后台运行,终端关闭也不影响进程

后来我发现即使使用上面的方法,进程会自己挂掉,不确定是不是ngrokd自身的原因,所以我把启动语句写成脚本,并制作成service.
ngrokd.service放在下面两个文件夹下,后续就可以使用system管理脚本的启动、关闭、自启动
/etc/systemd/system
/usr/lib/systemd/system/

#ngrokd.service 
[Unit]
Description=The ngrokd Intranet penetration server

[Service]
Type=simple
PIDFile=/run/ngrokd.pid
ExecStart=/root/ngrokd.sh
[Install]
WantedBy=multi-user.target
~                                                                                                                                                                           
~