Shulou(Shulou.com)06/01 Report--

This article mainly introduces docker how to build lanproxy intranet penetration service, the article is very detailed, has a certain reference value, interested friends must read it!

Document update instructions

April 6, 2018 v1.0

It is believed that intranet penetration is a requirement often encountered by back-end developers, but how to achieve it? In fact, there are off-the-shelf services: peanut shell, ngrok, etc., but recently, peanut shell announced that the free version of intranet penetration will not support port 80 mapping, and the free version of ngrok is not stable, so I began to find a new solution

This article uses docker, nginx, to understand all of them need a certain back-end foundation (of course, basically enter the door), I think there is still a certain reading threshold, but if you just want to build the service, it is not difficult to follow the steps.

1. Overview

In fact, private network penetration is to use the server to transfer the request and forward the request. This paper records the internal network penetration service based on docker on ubuntu 16.04.

1.1. Principle

The principle of intranet penetration is shown in the following figure:

Users visit our server, which has a public network IP, so users can access it without pressure.

The server maintains a long link with the local computer, and when there is a request, the server forwards the request to our local computer

The local computer will reply to the server in response

The server responds back to the user

1.2, implementation

To build intranet penetration, we have to complete two tasks

Run our intranet penetration service on a server that can be accessed by the public network; run an intranet penetration client on the local computer.

Of course, you can implement one according to the principle, but we have ready-made tripartite open source tools that can help us implement this set of functions. This is our protagonist lanproxy today.

2. Implementation steps

The ready-made tools have been found, and the next step is to simply build them. The building process is divided into server side and local computer side.

2.1. Server-side process:

Install docker and nginx on the server

Run lanproxy server through docker on the server

Resolve the domain name to our server

Configure nginx reverse proxy

Open the lanproxy background page and add client and mapping information

2.2. Local computer process:

Run the service to be mapped

Run the local computer mapping client program (lanproxy client)

Let's start the server configuration:

2.1.1. Install docker and nginx on the server

The installation of nginx is very simple, it can be done with one command.

Docker can also be installed using a script, which is also a matter of command

# 1. Install nginx$ sudo apt-get install nginx# 2 and install docker$ curl-fsSL https://get.docker.com | bash-s docker-- mirror Aliyun# optional step. Modify the docker source to Aliyun $sudo mkdir-p / etc/docker$ sudo tee / etc/docker/daemon.json to access the private network penetration service.

2.1.4 configure nginx reverse proxy

After the two domain names are resolved to our server, they are reversed to our lanproxy port by reverse proxy.

The final effect of the following configuration is:

We can access lanproxy through lanproxy.fengqiangboy.com

We can access the local computer mapping service through test.fengqiangboy.com

Lanproxy.fengqiangboy.com.conf:

Server {listen 80; # use your own domain name server_name lanproxy.fengqiangboy.com; charset utf-8; location / {proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $http_host; # here, according to your lanproxy configuration, change it to the value of config.server.port proxy_pass http://127.0.0.1:8090; client_max_body_size 35m Proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade";}}

Test.fengqiangboy.com.conf:

Server {listen 80; # use your own domain name server_name test.fengqiangboy.com; charset utf-8; location / {proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $http_host; # here, according to your lanproxy configuration, change it to the value of the public network interface, configure it on the lanproxy backend web page, and configure proxy_pass http://127.0.0.1:50000; later. Client_max_body_size 35m; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade";}}

2.1.5 Open the lanproxy background page and add client and mapping information

Open http://lanproxy.fengqiangboy.com

Log in to the backend with the account and password configured in the previous conf/config.properties file

Add a client and remember the client key

Add a configuration after adding the client, as shown in the following figure

At this point, the configuration of the server is complete. Let's start the configuration of the local computer.

2.2.1 run the service to be mapped

Since you want to map out the services of the intranet, you must first run the services of the local computer, otherwise what will be used to map? There are many methods of operation here, and each language is different. Just run your own service.

2.2.2 run the local computer mapping client program (lanproxy client)

There are two methods, one is to use the go version provided on the official website, there is no need to install the java environment on the local computer, and the other is to use the java version provided on the official website. Here I use the java version.

Clone the lanproxy code to the local computer

$git clone https://github.com/ffay/lanproxy.git lanproxy

Package lanproxy

You need to make sure you have maven installed before packing.

$cd lanproxy$ mvn package

Modify profile information

After the packaging is completed, the client file will appear in the distribution/proxy-client-0.1 directory, and after opening it, there will be a folder: bin, conf, lib and log. The configuration information is in the conf/config.properties file. Modify it according to the configuration information of the previous server.

# here is the key client.key=key# configuration ssl information configured in the lanproxy backend. Fill in the ipserver.host=163.162.161.160# of the ssl.enable=truessl.jksPath=test.jksssl.keyStorePassword=123456# server according to the configuration of the server. Enter the port of ssl if ssl is enabled, otherwise enter the normal port server.port=4993.

Start the client

After the client information is configured, you can start the client.

# mac/linux uses this $bash bin/startup.sh# Windows to run bin/startup.bat directly

Access test

According to the previous configuration, at this time we should be able to access our intranet service through test.fengqiangboy.com. Open it with a browser.

3. One point to add

Why use docker?

The main purpose of using docker is not to destroy the server environment, but to install a jdk8 environment for lanproxy, which does not affect the continued operation of other services; and using docker can also be easily transferred to other machines for deployment, as long as the Dockerfile is copied over.

Is it necessary to restart lanproxy manually if the server is restarted?

No, under the script for starting the docker container on the server, I added the-- restart unless-stopped parameter. As long as the docker service is started, the container will start with it. If you do not need this requirement, you can remove this parameter.

Why not use peanut shells?

Not long ago I saw the announcement of peanut shell, saying that from April 1 onwards, the free version will not provide 80 port mapping. In fact, the biggest need for me to use this mapping is to do Wechat debugging. If you remove 80 port, you will not be able to do Wechat debugging. It does not meet my needs. Of course, peanut shells are still good. If you can meet your needs, you can still save time and effort to complete private network penetration.

The above is all the contents of the article "how to build lanproxy Intranet Penetration Service by docker". Thank you for reading! Hope to share the content to help you, more related knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.