From f8f43b8bbac94c1b2714e2e17245b721d008a4e9 Mon Sep 17 00:00:00 2001
From: Murilo Polese <murilopolese@gmail.com>
Date: Thu, 6 Dec 2018 22:16:51 +0000
Subject: [PATCH 1/5] Update how to build the docker image

---
 .gitignore                             |  9 ++-----
 Dockerfile                             | 10 +++----
 run.sh                                 | 36 --------------------------
 build.sh => scripts/build.sh           |  0
 scripts/generate_certificates.sh       | 10 +++++++
 run-client.sh => scripts/run-client.sh |  0
 run-server.sh => scripts/run-server.sh |  0
 7 files changed, 15 insertions(+), 50 deletions(-)
 delete mode 100755 run.sh
 rename build.sh => scripts/build.sh (100%)
 create mode 100755 scripts/generate_certificates.sh
 rename run-client.sh => scripts/run-client.sh (100%)
 rename run-server.sh => scripts/run-server.sh (100%)

diff --git a/.gitignore b/.gitignore
index 590e195..3ea3c64 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,7 +1,2 @@
-ngrok
-device.crt
-device.csr
-device.key
-rootCA.key
-rootCA.srl
-rootCA.pem
\ No newline at end of file
+bin
+certificate
diff --git a/Dockerfile b/Dockerfile
index 8e06ea3..263034c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,15 +1,11 @@
-FROM debian:jessie
-MAINTAINER Joeri Verdeyen <joeriv@yappa.be>
+FROM ubuntu:18.04
 
 RUN apt-get update && \
-    apt-get install -y build-essential golang git mercurial && \
-    mkdir -p /release
+	apt-get install -y build-essential golang git
 
-ENV NGROK_VERSION 1.7
 RUN git clone https://github.com/inconshreveable/ngrok.git /ngrok
-RUN cd /ngrok; git checkout -fq $NGROK_VERSION
 
-ADD *.sh /
+ADD scripts/*.sh /
 
 ENV TLS_KEY **None**
 ENV TLS_CERT **None**
diff --git a/run.sh b/run.sh
deleted file mode 100755
index c34e2d7..0000000
--- a/run.sh
+++ /dev/null
@@ -1,36 +0,0 @@
-#!/bin/bash
-set -e
-
-if [ "${CA_CERT}" == "**None**" ]; then
-    echo "Please specify CA_CERT"
-    exit 1
-fi
-
-echo -e "${CA_CERT}" > /ngrok/assets/client/tls/ngrokroot.crt
-
-if [ ! -f /ngrok/bin/ngrokd ]; then
-    echo "=> Compiling ngrok binary files"
-    cd /ngrok; make release-server release-client
-    echo "=> Successfully built the binaries"
-fi
-
-if [ "${TLS_KEY}" == "**None**" ]; then
-    echo "Please specify TLS_KEY"
-    exit 1
-fi
-
-if [ "${TLS_CERT}" == "**None**" ]; then
-    echo "Please specify TLS_CERT"
-    exit 1
-fi
-
-if [ "${DOMAIN}" == "**None**" ]; then
-    echo "Please specify DOMAIN"
-    exit 1
-fi
-
-echo -e "${TLS_KEY}" > /server.key
-echo -e "${TLS_CERT}" > /server.crt
-
-echo "=> Running ngrok server"
-/ngrok/bin/ngrokd -tlsKey=/server.key -tlsCrt=/server.crt -domain="${DOMAIN}" -httpAddr=${HTTP_ADDR} -httpsAddr=${HTTPS_ADDR} -tunnelAddr=${TUNNEL_ADDR}
diff --git a/build.sh b/scripts/build.sh
similarity index 100%
rename from build.sh
rename to scripts/build.sh
diff --git a/scripts/generate_certificates.sh b/scripts/generate_certificates.sh
new file mode 100755
index 0000000..f11ab9c
--- /dev/null
+++ b/scripts/generate_certificates.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+set -e
+
+mkdir -p certificate
+
+openssl genrsa -out certificate/rootCA.key 2048
+openssl req -x509 -new -nodes -key certificate/rootCA.key -subj "/CN=$DOMAIN" -days 5000 -out certificate/rootCA.pem
+openssl genrsa -out certificate/device.key 2048
+openssl req -new -key certificate/device.key -subj "/CN=$DOMAIN" -out certificate/device.csr
+openssl x509 -req -in certificate/device.csr -CA certificate/rootCA.pem -CAkey certificate/rootCA.key -CAcreateserial -out certificate/device.crt -days 5000
diff --git a/run-client.sh b/scripts/run-client.sh
similarity index 100%
rename from run-client.sh
rename to scripts/run-client.sh
diff --git a/run-server.sh b/scripts/run-server.sh
similarity index 100%
rename from run-server.sh
rename to scripts/run-server.sh

From 0554e9daa1fc9b0f5d427879f39759f9497e374f Mon Sep 17 00:00:00 2001
From: Murilo Polese <murilopolese@gmail.com>
Date: Thu, 6 Dec 2018 22:17:00 +0000
Subject: [PATCH 2/5] Update README.md

---
 README.md | 176 +++++++++++++++++++++++++++++++++++++++---------------
 1 file changed, 128 insertions(+), 48 deletions(-)

diff --git a/README.md b/README.md
index 675f673..bcec72a 100644
--- a/README.md
+++ b/README.md
@@ -1,68 +1,148 @@
-ngrok-server
-============
+# ngrok-server
 
-Create a self signed certificate (docker host)
----------------------------------
+This repository gathers scripts, instructions and a `Dockerfile` to help setting up [`ngrok`](https://ngrok.com) on your own server and domain!! (So excited!!)
 
-    NGROK_DOMAIN="ngrok.yourdomain.com"
+Most of the instructions come from [this amazing post](https://www.svenbit.com/2014/09/run-ngrok-on-your-own-server/).
 
-    openssl genrsa -out rootCA.key 2048
-    openssl req -x509 -new -nodes -key rootCA.key -subj "/CN=$NGROK_DOMAIN" -days 5000 -out rootCA.pem
-    openssl genrsa -out device.key 2048
-    openssl req -new -key device.key -subj "/CN=$NGROK_DOMAIN" -out device.csr
-    openssl x509 -req -in device.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out device.crt -days 5000
 
+## Requirements
 
-Building the binaries (docker host)
----------------------
+- [`docker`](https://www.docker.com/)
+- Access to a computer with ip publicly available.
+- A domain you can change the DNS configuration.
 
-    docker run -it -v /tmp/bin:/ngrok/bin \
-        -e CA_CERT="`awk 1 ORS='\\n' rootCA.pem`" \
-        yappabe/ngrok-server
 
-Server and client binaries will be available in `/tmp/bin` on the host.
+## Client and Server
 
-Building the Mac OS X binaries (Mac)
--------------------------------
+There are 2 pieces of software you will need to be able to use `ngrok` on your own server: `ngrok` and `ngrokd`.
 
-    git clone https://github.com/inconshreveable/ngrok.git ngrok
-    cd ngrok
+`ngrok` is the client, the software you will run on the computer you want to expose to the internet. If you have a server running at `http://localhost:8080` and you want to make it publicly available, you need to run the client.
 
-You should copy the generated certificate to your Mac and place it in `ngrok/assets/client/tls/ngrokroot.crt`
+`ngrokd` is the server, the software you will probably run on someone else computer (aka cloud) with a publicly available ip address.
 
-    scp xxx@yourserver:/home/user/rootCA.pem assets/client/tls/ngrokroot.crt
-    make release-client
-    cp ./bin/ngrok /usr/local/bin/ngrok
-    chmod +x /usr/local/bin/ngrok
 
-Running the server (docker host)
-------------------
+## Building the docker image
 
-    docker run -d --net host \
-        -e TLS_CERT="`awk 1 ORS='\\n' device.crt`" \
-        -e TLS_KEY="`awk 1 ORS='\\n' device.key`" \
-        -e CA_CERT="`awk 1 ORS='\\n' rootCA.pem`" \
-        -e DOMAIN="$NGROK_DOMAIN" \
-        yappabe/ngrok-server
+You can use an already built docker image or build it yourself.
 
+To pull a built image from docker hub, run:
 
-Environment Variables
----------------------
+```bash
+docker pull murilopolese/ngrok-server
+```
 
-    TLS_CERT        TLS cert file for setting up tls connection
-    TLS_KEY         TLS key file for setting up tls connection
-    CA_CERT         CA cert file for compiling ngrok
-    DOMAIN          domain name that ngrok running on
-    TUNNEL_ADDR     address that ngrok server's control channel listens to, ":4443" by default
-    HTTP_ADDR       address that ngrok server's http tunnel listents to, ":80 by default"
-    HTTPS_ADDR      address that ngrok server's https tunnel listents to, ":80 by default"
+If you want o build yourself, you can run:
 
+```bash
+docker build -t yourname/ngrok-server:version .
+```
 
 
-Client configuration (Mac)
----------------------
+## Generating self signed certificates
 
-    cat >~/.ngrok <<EOL
-    server_addr: ngrok.youdomain.com:4443
-    trust_host_root_certs: false
-    EOL
+`ngrok` requires you to bake a SSL certificate on the "client" and run the "server" specifying which certificates it's expecting.
+
+You can sign your certificate with the respective authorities or sign it yourself. If you choose to do it yourself, run the following command:
+
+```bash
+docker run -v $(pwd)/certificate:/certificate \
+    -e DOMAIN="tunnel.yourdomain.com" \
+    murilopolese/ngrok-server \
+    ./generate_certificates.sh
+```
+
+**IMPORTANT**: If you want to create urls like `something.tunnel.yourdomain.com`, you have to specify the `DOMAIN` to be `tunnel.yourdomain.com`. If you want to create urls like `something.yourdomain.com`, set `DOMAIN` to `yourdomain.com`. Later on I will show how to configure your DNS but it's important to create the signature correctly.
+
+After this you will have a `certificate` folder on your repository folder. But as `docker` has created those files you will need to claim their ownership with:
+
+```
+sudo chown $USER certificate/*
+```
+
+
+## Building the binaries (Ubuntu 18.04)
+
+Once you have generated (or gathered) your SSL certificate you can build the binaries with:
+
+```bash
+docker run -v $(pwd)/bin:/ngrok/bin \
+    -e TLS_CERT="`awk 1 ORS='\\n' certificate/device.crt`" \
+    -e TLS_KEY="`awk 1 ORS='\\n' certificate/device.key`" \
+    -e CA_CERT="`awk 1 ORS='\\n' certificate/rootCA.pem`" \
+    -e DOMAIN="tunnel.yourdomain.com" \
+    murilopolese/ngrok-server \
+    ./build.sh
+```
+
+This will create a `bin` folder on your repository folder with `ngrok` and `ngrokd`. In order to be able to execute them run the following commands (use `sudo` if needed):
+
+```bash
+chown $USER bin/*
+chmod +x bin/ngrok
+chmod +x bin/ngrokd
+```
+
+If you are planning to use the built client, remember to create an `ngrok` config file specifying where is your server. For example a `.ngrok` on your home folder. The contents should be:
+
+```
+server_addr: tunnel.yourdomain.com:4443
+trust_host_root_certs: false
+```
+
+## Building the binaries on other OS
+
+Follow [`ngrok` development instructions](https://github.com/inconshreveable/ngrok/blob/master/docs/DEVELOPMENT.md)
+
+
+## Configuring DNS
+
+In order to make this work you will need to use a computer with a publicly available ip. Once you know this ip, go to whatever you manage your DNS and create an `A` record pointing to this ip.
+
+So if you want to create your urls as `something.tunnels.yourdomain.com`, you should set your DNS records to be something like this:
+
+| TYPE | NAME      | VALUE   |
+|------|-----------|---------|
+|  A   | *.tunnel  | 0.0.0.0 |
+
+**IMPORTANT**: Change the `0.0.0.0` for the public ip of the computer you are running the "server". If you want your urls being created as `something.yourdomain.com`, change `*.tunnels` to `*`.
+
+
+## Running the server inside Docker
+
+```bash
+docker run -d \
+    -e TLS_CERT="`awk 1 ORS='\\n' certificate/device.crt`" \
+    -e TLS_KEY="`awk 1 ORS='\\n' certificate/device.key`" \
+    -e CA_CERT="`awk 1 ORS='\\n' certificate/rootCA.pem`" \
+    -e DOMAIN="tunnel.yourdomain.com" \
+    murilopolese/ngrok-server \
+    ./run-server.sh
+```
+
+
+## Running the client inside Docker
+
+```bash
+docker run --net host \
+    -e TLS_CERT="`awk 1 ORS='\\n' certificate/device.crt`" \
+    -e TLS_KEY="`awk 1 ORS='\\n' certificate/device.key`" \
+    -e CA_CERT="`awk 1 ORS='\\n' certificate/rootCA.pem`" \
+    -e DOMAIN="tunnel.yourdomain.com:4443" \
+    murilopolese/ngrok-server \
+    ./run-client.sh ./run-client.sh -hostname=something.tunnel.yourdomain.com -config=/root/.ngrok 8080
+```
+
+**IMPORTANT**: Remember to switch `tunnel.yourdomain.com:4443` by your domain but keep the `4443` port. This example assumes you have a server running on `localhost:8080`.
+
+
+## Environment Variables
+
+```
+TLS_CERT        TLS cert file for setting up tls connection
+TLS_KEY         TLS key file for setting up tls connection
+CA_CERT         CA cert file for compiling ngrok
+DOMAIN          domain name that ngrok running on
+TUNNEL_ADDR     address that ngrok server's control channel listens to, ":4443" by default
+HTTP_ADDR       address that ngrok server's http tunnel listents to, ":80 by default"
+HTTPS_ADDR      address that ngrok server's https tunnel listents to, ":80 by default"
+```

From f09472125aaeb8db67cc18e11e46db731fe026d5 Mon Sep 17 00:00:00 2001
From: Murilo Polese <murilopolese@gmail.com>
Date: Thu, 6 Dec 2018 23:53:48 +0000
Subject: [PATCH 3/5] Improve README.md

---
 README.md | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index bcec72a..c682ae9 100644
--- a/README.md
+++ b/README.md
@@ -77,18 +77,26 @@ docker run -v $(pwd)/bin:/ngrok/bin \
 This will create a `bin` folder on your repository folder with `ngrok` and `ngrokd`. In order to be able to execute them run the following commands (use `sudo` if needed):
 
 ```bash
+chown $USER bin
 chown $USER bin/*
 chmod +x bin/ngrok
 chmod +x bin/ngrokd
 ```
 
-If you are planning to use the built client, remember to create an `ngrok` config file specifying where is your server. For example a `.ngrok` on your home folder. The contents should be:
+If you are planning to use the built client, remember to create an `ngrok` config file specifying where is your server. For example a `.ngrok` on the `bin` folder. The contents should be:
 
 ```
 server_addr: tunnel.yourdomain.com:4443
 trust_host_root_certs: false
 ```
 
+So to expose your `localhost:8080` as `something.tunnel.yourdomain.con` you would run do something like:
+
+```bash
+cd bin
+./ngrok -hostname=something.tunnel.yourdomain -config=./ngrok.cfg 8080
+```
+
 ## Building the binaries on other OS
 
 Follow [`ngrok` development instructions](https://github.com/inconshreveable/ngrok/blob/master/docs/DEVELOPMENT.md)
@@ -129,7 +137,7 @@ docker run --net host \
     -e CA_CERT="`awk 1 ORS='\\n' certificate/rootCA.pem`" \
     -e DOMAIN="tunnel.yourdomain.com:4443" \
     murilopolese/ngrok-server \
-    ./run-client.sh ./run-client.sh -hostname=something.tunnel.yourdomain.com -config=/root/.ngrok 8080
+    ./run-client.sh -hostname=something.tunnel.yourdomain.com -config=/root/.ngrok 8080
 ```
 
 **IMPORTANT**: Remember to switch `tunnel.yourdomain.com:4443` by your domain but keep the `4443` port. This example assumes you have a server running on `localhost:8080`.

From bb7cd922faf18b777b64dcf84ac0d1434d0c8e10 Mon Sep 17 00:00:00 2001
From: Murilo Polese <murilopolese@gmail.com>
Date: Sat, 8 Dec 2018 01:48:02 +0000
Subject: [PATCH 4/5] Fix how to run ngrok client from docker

---
 README.md             | 4 ++--
 scripts/run-client.sh | 3 ++-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index c682ae9..545a7de 100644
--- a/README.md
+++ b/README.md
@@ -135,12 +135,12 @@ docker run --net host \
     -e TLS_CERT="`awk 1 ORS='\\n' certificate/device.crt`" \
     -e TLS_KEY="`awk 1 ORS='\\n' certificate/device.key`" \
     -e CA_CERT="`awk 1 ORS='\\n' certificate/rootCA.pem`" \
-    -e DOMAIN="tunnel.yourdomain.com:4443" \
+    -e DOMAIN="tunnel.yourdomain.com" \
     murilopolese/ngrok-server \
     ./run-client.sh -hostname=something.tunnel.yourdomain.com -config=/root/.ngrok 8080
 ```
 
-**IMPORTANT**: Remember to switch `tunnel.yourdomain.com:4443` by your domain but keep the `4443` port. This example assumes you have a server running on `localhost:8080`.
+**IMPORTANT**: Remember to switch `tunnel.yourdomain.com` by your domain. This example assumes you have a server running on `localhost:8080`.
 
 
 ## Environment Variables
diff --git a/scripts/run-client.sh b/scripts/run-client.sh
index b505d0f..7a0ee36 100755
--- a/scripts/run-client.sh
+++ b/scripts/run-client.sh
@@ -4,7 +4,8 @@ set -e
 /build.sh
 
 cat > /root/.ngrok <<EOF
-server_addr: ${TUNNEL_ADDR}
+server_addr: ${DOMAIN}${TUNNEL_ADDR}
+trust_host_root_certs: false
 EOF
 
 exec /ngrok/bin/ngrok "$@"

From 61c75692d13e3daae3c7b7010f41298eb1f7c279 Mon Sep 17 00:00:00 2001
From: Murilo Polese <murilopolese@gmail.com>
Date: Sat, 8 Dec 2018 02:07:06 +0000
Subject: [PATCH 5/5] Using "PORT" instead of "ADDR" for ports

---
 Dockerfile            | 6 +++---
 README.md             | 8 ++++----
 scripts/run-client.sh | 2 +-
 scripts/run-server.sh | 2 +-
 4 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 263034c..f34dc0a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -11,9 +11,9 @@ ENV TLS_KEY **None**
 ENV TLS_CERT **None**
 ENV CA_CERT **None**
 ENV DOMAIN **None**
-ENV TUNNEL_ADDR :4443
-ENV HTTP_ADDR :80
-ENV HTTPS_ADDR :443
+ENV TUNNEL_PORT :4443
+ENV HTTP_PORT :80
+ENV HTTPS_PORT :443
 
 VOLUME ["/ngrok/bin"]
 
diff --git a/README.md b/README.md
index 545a7de..b8f57b1 100644
--- a/README.md
+++ b/README.md
@@ -118,7 +118,7 @@ So if you want to create your urls as `something.tunnels.yourdomain.com`, you sh
 ## Running the server inside Docker
 
 ```bash
-docker run -d \
+docker run -d --net host \
     -e TLS_CERT="`awk 1 ORS='\\n' certificate/device.crt`" \
     -e TLS_KEY="`awk 1 ORS='\\n' certificate/device.key`" \
     -e CA_CERT="`awk 1 ORS='\\n' certificate/rootCA.pem`" \
@@ -150,7 +150,7 @@ TLS_CERT        TLS cert file for setting up tls connection
 TLS_KEY         TLS key file for setting up tls connection
 CA_CERT         CA cert file for compiling ngrok
 DOMAIN          domain name that ngrok running on
-TUNNEL_ADDR     address that ngrok server's control channel listens to, ":4443" by default
-HTTP_ADDR       address that ngrok server's http tunnel listents to, ":80 by default"
-HTTPS_ADDR      address that ngrok server's https tunnel listents to, ":80 by default"
+TUNNEL_PORT     port that ngrok server's control channel listens to, ":4443" by default
+HTTP_PORT       port that ngrok server's http tunnel listents to, ":80 by default"
+HTTPS_PORT      port that ngrok server's https tunnel listents to, ":80 by default"
 ```
diff --git a/scripts/run-client.sh b/scripts/run-client.sh
index 7a0ee36..b8da201 100755
--- a/scripts/run-client.sh
+++ b/scripts/run-client.sh
@@ -4,7 +4,7 @@ set -e
 /build.sh
 
 cat > /root/.ngrok <<EOF
-server_addr: ${DOMAIN}${TUNNEL_ADDR}
+server_addr: ${DOMAIN}${TUNNEL_PORT}
 trust_host_root_certs: false
 EOF
 
diff --git a/scripts/run-server.sh b/scripts/run-server.sh
index 3d65218..0d8436f 100755
--- a/scripts/run-server.sh
+++ b/scripts/run-server.sh
@@ -21,4 +21,4 @@ fi
 echo -e "${TLS_KEY}" > /server.key
 echo -e "${TLS_CERT}" > /server.crt
 
-exec /ngrok/bin/ngrokd -tlsKey=/server.key -tlsCrt=/server.crt -domain="${DOMAIN}" -httpAddr=${HTTP_ADDR} -httpsAddr=${HTTPS_ADDR} -tunnelAddr=${TUNNEL_ADDR}
+exec /ngrok/bin/ngrokd -tlsKey=/server.key -tlsCrt=/server.crt -domain="${DOMAIN}" -httpAddr=${HTTP_PORT} -httpsAddr=${HTTPS_PORT} -tunnelAddr=${TUNNEL_PORT}