Update ngrok and how to create the docker image

.gitignore

@@ -1,7 +1,2 @@
-ngrok
-device.crt
-device.csr
-device.key
-rootCA.key
-rootCA.srl
-rootCA.pem
+bin
+certificate

Dockerfile

@@ -1,23 +1,19 @@
-FROM debian:jessie
-MAINTAINER Joeri Verdeyen <joeriv@yappa.be>
+FROM ubuntu:18.04
 
 RUN apt-get update && \
-    apt-get install -y build-essential golang git mercurial && \
-    mkdir -p /release
+	apt-get install -y build-essential golang git
 
-ENV NGROK_VERSION 1.7
 RUN git clone https://github.com/inconshreveable/ngrok.git /ngrok
-RUN cd /ngrok; git checkout -fq $NGROK_VERSION
 
-ADD *.sh /
+ADD scripts/*.sh /
 
 ENV TLS_KEY **None**
 ENV TLS_CERT **None**
 ENV CA_CERT **None**
 ENV DOMAIN **None**
-ENV TUNNEL_ADDR :4443
-ENV HTTP_ADDR :80
-ENV HTTPS_ADDR :443
+ENV TUNNEL_PORT :4443
+ENV HTTP_PORT :80
+ENV HTTPS_PORT :443
 
 VOLUME ["/ngrok/bin"]
 

README.md

@@ -1,68 +1,156 @@
-ngrok-server
-============
+# ngrok-server
 
-Create a self signed certificate (docker host)
----------------------------------
+This repository gathers scripts, instructions and a `Dockerfile` to help setting up [`ngrok`](https://ngrok.com) on your own server and domain!! (So excited!!)
 
-    NGROK_DOMAIN="ngrok.yourdomain.com"
+Most of the instructions come from [this amazing post](https://www.svenbit.com/2014/09/run-ngrok-on-your-own-server/).
 
-    openssl genrsa -out rootCA.key 2048
-    openssl req -x509 -new -nodes -key rootCA.key -subj "/CN=$NGROK_DOMAIN" -days 5000 -out rootCA.pem
-    openssl genrsa -out device.key 2048
-    openssl req -new -key device.key -subj "/CN=$NGROK_DOMAIN" -out device.csr
-    openssl x509 -req -in device.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out device.crt -days 5000
 
+## Requirements
 
-Building the binaries (docker host)
----------------------
+- [`docker`](https://www.docker.com/)
+- Access to a computer with ip publicly available.
+- A domain you can change the DNS configuration.
 
-    docker run -it -v /tmp/bin:/ngrok/bin \
-        -e CA_CERT="`awk 1 ORS='\\n' rootCA.pem`" \
-        yappabe/ngrok-server
 
-Server and client binaries will be available in `/tmp/bin` on the host.
+## Client and Server
 
-Building the Mac OS X binaries (Mac)
--------------------------------
+There are 2 pieces of software you will need to be able to use `ngrok` on your own server: `ngrok` and `ngrokd`.
 
-    git clone https://github.com/inconshreveable/ngrok.git ngrok
-    cd ngrok
+`ngrok` is the client, the software you will run on the computer you want to expose to the internet. If you have a server running at `http://localhost:8080` and you want to make it publicly available, you need to run the client.
 
-You should copy the generated certificate to your Mac and place it in `ngrok/assets/client/tls/ngrokroot.crt`
+`ngrokd` is the server, the software you will probably run on someone else computer (aka cloud) with a publicly available ip address.
 
-    scp xxx@yourserver:/home/user/rootCA.pem assets/client/tls/ngrokroot.crt
-    make release-client
-    cp ./bin/ngrok /usr/local/bin/ngrok
-    chmod +x /usr/local/bin/ngrok
 
-Running the server (docker host)
-------------------
+## Building the docker image
 
-    docker run -d --net host \
-        -e TLS_CERT="`awk 1 ORS='\\n' device.crt`" \
-        -e TLS_KEY="`awk 1 ORS='\\n' device.key`" \
-        -e CA_CERT="`awk 1 ORS='\\n' rootCA.pem`" \
-        -e DOMAIN="$NGROK_DOMAIN" \
-        yappabe/ngrok-server
+You can use an already built docker image or build it yourself.
 
+To pull a built image from docker hub, run:
 
-Environment Variables
----------------------
+```bash
+docker pull murilopolese/ngrok-server
+```
 
-    TLS_CERT        TLS cert file for setting up tls connection
-    TLS_KEY         TLS key file for setting up tls connection
-    CA_CERT         CA cert file for compiling ngrok
-    DOMAIN          domain name that ngrok running on
-    TUNNEL_ADDR     address that ngrok server's control channel listens to, ":4443" by default
-    HTTP_ADDR       address that ngrok server's http tunnel listents to, ":80 by default"
-    HTTPS_ADDR      address that ngrok server's https tunnel listents to, ":80 by default"
+If you want o build yourself, you can run:
 
+```bash
+docker build -t yourname/ngrok-server:version .
+```
 
 
-Client configuration (Mac)
----------------------
+## Generating self signed certificates
 
-    cat >~/.ngrok <<EOL
-    server_addr: ngrok.youdomain.com:4443
-    trust_host_root_certs: false
-    EOL
+`ngrok` requires you to bake a SSL certificate on the "client" and run the "server" specifying which certificates it's expecting.
+
+You can sign your certificate with the respective authorities or sign it yourself. If you choose to do it yourself, run the following command:
+
+```bash
+docker run -v $(pwd)/certificate:/certificate \
+    -e DOMAIN="tunnel.yourdomain.com" \
+    murilopolese/ngrok-server \
+    ./generate_certificates.sh
+```
+
+**IMPORTANT**: If you want to create urls like `something.tunnel.yourdomain.com`, you have to specify the `DOMAIN` to be `tunnel.yourdomain.com`. If you want to create urls like `something.yourdomain.com`, set `DOMAIN` to `yourdomain.com`. Later on I will show how to configure your DNS but it's important to create the signature correctly.
+
+After this you will have a `certificate` folder on your repository folder. But as `docker` has created those files you will need to claim their ownership with:
+
+```
+sudo chown $USER certificate/*
+```
+
+
+## Building the binaries (Ubuntu 18.04)
+
+Once you have generated (or gathered) your SSL certificate you can build the binaries with:
+
+```bash
+docker run -v $(pwd)/bin:/ngrok/bin \
+    -e TLS_CERT="`awk 1 ORS='\\n' certificate/device.crt`" \
+    -e TLS_KEY="`awk 1 ORS='\\n' certificate/device.key`" \
+    -e CA_CERT="`awk 1 ORS='\\n' certificate/rootCA.pem`" \
+    -e DOMAIN="tunnel.yourdomain.com" \
+    murilopolese/ngrok-server \
+    ./build.sh
+```
+
+This will create a `bin` folder on your repository folder with `ngrok` and `ngrokd`. In order to be able to execute them run the following commands (use `sudo` if needed):
+
+```bash
+chown $USER bin
+chown $USER bin/*
+chmod +x bin/ngrok
+chmod +x bin/ngrokd
+```
+
+If you are planning to use the built client, remember to create an `ngrok` config file specifying where is your server. For example a `.ngrok` on the `bin` folder. The contents should be:
+
+```
+server_addr: tunnel.yourdomain.com:4443
+trust_host_root_certs: false
+```
+
+So to expose your `localhost:8080` as `something.tunnel.yourdomain.con` you would run do something like:
+
+```bash
+cd bin
+./ngrok -hostname=something.tunnel.yourdomain -config=./ngrok.cfg 8080
+```
+
+## Building the binaries on other OS
+
+Follow [`ngrok` development instructions](https://github.com/inconshreveable/ngrok/blob/master/docs/DEVELOPMENT.md)
+
+
+## Configuring DNS
+
+In order to make this work you will need to use a computer with a publicly available ip. Once you know this ip, go to whatever you manage your DNS and create an `A` record pointing to this ip.
+
+So if you want to create your urls as `something.tunnels.yourdomain.com`, you should set your DNS records to be something like this:
+
+| TYPE | NAME      | VALUE   |
+|------|-----------|---------|
+|  A   | *.tunnel  | 0.0.0.0 |
+
+**IMPORTANT**: Change the `0.0.0.0` for the public ip of the computer you are running the "server". If you want your urls being created as `something.yourdomain.com`, change `*.tunnels` to `*`.
+
+
+## Running the server inside Docker
+
+```bash
+docker run -d --net host \
+    -e TLS_CERT="`awk 1 ORS='\\n' certificate/device.crt`" \
+    -e TLS_KEY="`awk 1 ORS='\\n' certificate/device.key`" \
+    -e CA_CERT="`awk 1 ORS='\\n' certificate/rootCA.pem`" \
+    -e DOMAIN="tunnel.yourdomain.com" \
+    murilopolese/ngrok-server \
+    ./run-server.sh
+```
+
+
+## Running the client inside Docker
+
+```bash
+docker run --net host \
+    -e TLS_CERT="`awk 1 ORS='\\n' certificate/device.crt`" \
+    -e TLS_KEY="`awk 1 ORS='\\n' certificate/device.key`" \
+    -e CA_CERT="`awk 1 ORS='\\n' certificate/rootCA.pem`" \
+    -e DOMAIN="tunnel.yourdomain.com" \
+    murilopolese/ngrok-server \
+    ./run-client.sh -hostname=something.tunnel.yourdomain.com -config=/root/.ngrok 8080
+```
+
+**IMPORTANT**: Remember to switch `tunnel.yourdomain.com` by your domain. This example assumes you have a server running on `localhost:8080`.
+
+
+## Environment Variables
+
+```
+TLS_CERT        TLS cert file for setting up tls connection
+TLS_KEY         TLS key file for setting up tls connection
+CA_CERT         CA cert file for compiling ngrok
+DOMAIN          domain name that ngrok running on
+TUNNEL_PORT     port that ngrok server's control channel listens to, ":4443" by default
+HTTP_PORT       port that ngrok server's http tunnel listents to, ":80 by default"
+HTTPS_PORT      port that ngrok server's https tunnel listents to, ":80 by default"
+```

scripts/generate_certificates.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+set -e
+
+mkdir -p certificate
+
+openssl genrsa -out certificate/rootCA.key 2048
+openssl req -x509 -new -nodes -key certificate/rootCA.key -subj "/CN=$DOMAIN" -days 5000 -out certificate/rootCA.pem
+openssl genrsa -out certificate/device.key 2048
+openssl req -new -key certificate/device.key -subj "/CN=$DOMAIN" -out certificate/device.csr
+openssl x509 -req -in certificate/device.csr -CA certificate/rootCA.pem -CAkey certificate/rootCA.key -CAcreateserial -out certificate/device.crt -days 5000

run-client.sh → scripts/run-client.sh

@@ -4,7 +4,8 @@ set -e
 /build.sh
 
 cat > /root/.ngrok <<EOF
-server_addr: ${TUNNEL_ADDR}
+server_addr: ${DOMAIN}${TUNNEL_PORT}
+trust_host_root_certs: false
 EOF
 
 exec /ngrok/bin/ngrok "$@"

run-server.sh → scripts/run-server.sh

@@ -21,4 +21,4 @@ fi
 echo -e "${TLS_KEY}" > /server.key
 echo -e "${TLS_CERT}" > /server.crt
 
-exec /ngrok/bin/ngrokd -tlsKey=/server.key -tlsCrt=/server.crt -domain="${DOMAIN}" -httpAddr=${HTTP_ADDR} -httpsAddr=${HTTPS_ADDR} -tunnelAddr=${TUNNEL_ADDR}
+exec /ngrok/bin/ngrokd -tlsKey=/server.key -tlsCrt=/server.crt -domain="${DOMAIN}" -httpAddr=${HTTP_PORT} -httpsAddr=${HTTPS_PORT} -tunnelAddr=${TUNNEL_PORT}