Skip to content

Instantly share code, notes, and snippets.

@sicay1

sicay1/ngrok-selfhosting-setup.md

Forked from lyoshenka/ngrok-selfhosting-setup.md
Last active December 27, 2018 07:08
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save sicay1/b395af399f4f1e52cc04dba7f41340f9 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save sicay1/b395af399f4f1e52cc04dba7f41340f9 to your computer and use it in GitHub Desktop.
Download ZIP
How to setup Ngrok with a self-signed SSL cert
Raw
ngrok-selfhosting-setup.md

Intro

The plan is to create a pair of executables (ngrok and ngrokd) that are connected with a self-signed SSL cert. Since the client and server executables are paired, you won't be able to use any other ngrok to connect to this ngrokd, and vice versa.

Server
  ngrokd can run on Linux, Windows, MacOS
Client
  ngrok can run on Linux, Windows, MacOS

DNS

Add two DNS records: one for the base domain and one for the wildcard domain. For example, if your base domain is domain.com, you'll need a record for that and for *.domain.com.

For testing you can set hosts file

[ip 192.168.1.100] my.domain.com
[ip 192.168.1.100] sub1.my.domain.com

On Server

MAKE SURE YOU SET NGROK_DOMAIN BELOW. Set it to the base domain, not the wildcard domain.

NGROK_DOMAIN="my.domain.com"
git clone https://github.com/inconshreveable/ngrok.git
cd ngrok

openssl genrsa -out rootCA.key 2048
openssl req -x509 -new -nodes -key rootCA.key -subj "/CN=$NGROK_DOMAIN" -days 5000 -out rootCA.pem
openssl genrsa -out device.key 2048
openssl req -new -key device.key -subj "/CN=$NGROK_DOMAIN" -out device.csr
openssl x509 -req -in device.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out device.crt -days 5000

cp rootCA.pem assets/client/tls/ngrokroot.crt
# make clean
# Build Server and Client for Linux
    make release-server release-client

# Build Server and Client for MacOS
    sudo GOOS="linux" GOARCH="amd64" make release-server
# Build Server and Client for Windows 32bit
    sudo GOOS=windows GOARCH=386 make release-client release-server
# Build Server and Client for Windows 64bit
    sudo GOOS=windows GOARCH=amd64 make release-client release-server

Copy bin/ngrok to whatever computer you want to connect from. Then start the server:

bin/ngrokd -tlsKey=device.key -tlsCrt=device.crt -domain="$NGROK_DOMAIN" -httpAddr=":8000" -httpsAddr=":8001"

On Client [Linux]

MAKE SURE YOU SET NGROK_DOMAIN BELOW. Set it to the base domain, not the wildcard domain.

NGROK_DOMAIN="my.domain.com"
echo -e "server_addr: $NGROK_DOMAIN:4443\ntrust_host_root_certs: false" > ngrok-config
./ngrok -config=ngrok-config 80

Or for SSH forwarding: ./ngrok -config=ngrok-config --proto=tcp 22

On Client [Windows]

Create conf.yml file in same folder with ngrok client:

server_addr: ngrok_server:4443
trust_host_root_certs: false
tunnels: 
    comy:
        #addr: 127.0.0.1
    proto:      
        http: sub1.my.domain.com:5555
    #host_header: my.domain.com
    #bind_tls: true
    subdomain: t1
    inspect: false
    auth: bob:bobpassword
    #crt: example.crt
    #key: example.key
    #remote_addr: 1.tcp.ngrok.io:12345

Run

ngrok.exe -config=conf.yml -subdomain=sub1 80

Browser

http://sub1.my.domain.com:8000

Creating a Windows Service (Windows)

To create the service you will need to download a program for creating services from non service executables. Here I'm going to how to do this with NSSM (Non-Sucking Service Manager).

Download the executable Open CMD run to following command:

path\to\nssm.exe install ngrok

select the ngrok executable in the window that appears and add the following to the arguments, then press 'Install service'.

start --all --config="C:\path\to\my\config.yml"

The service can now be managed from service manager. To start it open an admin terminal and run the following:

sc start ngrok
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment