New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Self Hosted ngrokd fails to allow client to connect #84

Closed
jacobfike opened this Issue Jan 29, 2014 · 39 comments

Comments

Projects
None yet
@jacobfike

jacobfike commented Jan 29, 2014

I compiled the release server with no certificates and am running it on my server with -httpsAddr="" to disable HTTPS.

When I try to connect with ngrok, I get this error on the server:

[01/28/14 15:58:20] [INFO] [pub:480e9ed0] New connection from 10.217.162.141:57544
[01/28/14 15:58:20] [WARN] [pub:480e9ed0] Failed to read valid http request: malformed HTTP request "\x16\x03\x01\x00X\x01\x00\x00T\x03\x01R\xe8D\x1c\x119:\x87\x19\xe1\xf5ձ\xbbl\xac5\xe2FuG\xb18\x8b[j{\x86\x1aG\xbf\xfa\x00\x00\x10\x00\x05\x00"
[01/28/14 15:58:20] [DEBG] [pub:480e9ed0] Closing

Any ideas? Is this an encoding issue somewhere?

@inconshreveable

This comment has been minimized.

Show comment
Hide comment
@inconshreveable

inconshreveable Jan 30, 2014

Owner

Are you sending an HTTPS request to ngrok when it's listening for HTTP? That's my first guess.

Owner

inconshreveable commented Jan 30, 2014

Are you sending an HTTPS request to ngrok when it's listening for HTTP? That's my first guess.

@jacobfike

This comment has been minimized.

Show comment
Hide comment
@jacobfike

jacobfike Jan 30, 2014

I get the same error even when running the ngrok client like this:

ngrok -proto='http' 80

jacobfike commented Jan 30, 2014

I get the same error even when running the ngrok client like this:

ngrok -proto='http' 80

@inconshreveable

This comment has been minimized.

Show comment
Hide comment
@inconshreveable

inconshreveable Jan 30, 2014

Owner

Can you show me the full configuration file you're using for the client and the full command line options you're invoking the server and client with? Redact any authtoken

On Jan 30, 2014, at 10:00 AM, Jacob Fike notifications@github.com wrote:

I get the same error even when running the ngrok client like this:

ngrok -proto='http' 80


Reply to this email directly or view it on GitHub.

Owner

inconshreveable commented Jan 30, 2014

Can you show me the full configuration file you're using for the client and the full command line options you're invoking the server and client with? Redact any authtoken

On Jan 30, 2014, at 10:00 AM, Jacob Fike notifications@github.com wrote:

I get the same error even when running the ngrok client like this:

ngrok -proto='http' 80


Reply to this email directly or view it on GitHub.

@jacobfike

This comment has been minimized.

Show comment
Hide comment
@jacobfike

jacobfike Jan 30, 2014

Server command line:
./ngrokd -domain="blitz-app01.general.disney.private" -httpAddr=":8000" -httpsAddr=""

Config file:

server_addr: blitz-app01.general.disney.private:8000
trust_host_root_certs: true

Client Command Line:
ngrok -proto=http 80

jacobfike commented Jan 30, 2014

Server command line:
./ngrokd -domain="blitz-app01.general.disney.private" -httpAddr=":8000" -httpsAddr=""

Config file:

server_addr: blitz-app01.general.disney.private:8000
trust_host_root_certs: true

Client Command Line:
ngrok -proto=http 80

@inconshreveable

This comment has been minimized.

Show comment
Hide comment
@inconshreveable

inconshreveable Jan 30, 2014

Owner

So the server (ngrokd) has two ports which you need to think about: one is for http requests (this is specified with -httpAddr) and the other is for ngrok clients to connect to the server (this is specified with -tunnelAddr). By default, tunnelAddr will listen on port 4443. If you change your server_addr to point at that port it will connect, although you're going to need a valid ssl cert or to recompile ngrok to use your own self signed authority.

On Jan 30, 2014, at 10:57 AM, Jacob Fike notifications@github.com wrote:

Server command line:
./ngrokd -domain="blitz-app01.general.disney.private" -httpAddr=":8000" -httpsAddr=""

Config file:

server_addr: blitz-app01.general.disney.private:8000
trust_host_root_certs: true
Client Command Line:
ngrok -proto=http 80


Reply to this email directly or view it on GitHub.

Owner

inconshreveable commented Jan 30, 2014

So the server (ngrokd) has two ports which you need to think about: one is for http requests (this is specified with -httpAddr) and the other is for ngrok clients to connect to the server (this is specified with -tunnelAddr). By default, tunnelAddr will listen on port 4443. If you change your server_addr to point at that port it will connect, although you're going to need a valid ssl cert or to recompile ngrok to use your own self signed authority.

On Jan 30, 2014, at 10:57 AM, Jacob Fike notifications@github.com wrote:

Server command line:
./ngrokd -domain="blitz-app01.general.disney.private" -httpAddr=":8000" -httpsAddr=""

Config file:

server_addr: blitz-app01.general.disney.private:8000
trust_host_root_certs: true
Client Command Line:
ngrok -proto=http 80


Reply to this email directly or view it on GitHub.

@jacobfike

This comment has been minimized.

Show comment
Hide comment
@jacobfike

jacobfike Jan 30, 2014

Ah, that would explain the problem then. I was not aware of the true purpose of each setting. So, yeah, now I am getting bad certificate errors, which I can fix. Thanks.

jacobfike commented Jan 30, 2014

Ah, that would explain the problem then. I was not aware of the true purpose of each setting. So, yeah, now I am getting bad certificate errors, which I can fix. Thanks.

@jacobfike

This comment has been minimized.

Show comment
Hide comment
@jacobfike

jacobfike Jan 30, 2014

I guess I spoke too soon. I am still confused about how to use a self-signed cert. I need to recompile what? The server? The client? Both?

Here is what I have done:

  1. generate openssl key, ngrokd-wildcard.key, on server
  2. use key to create signed certificate, ngrokd-wildcard.cert on server
  3. run ngrokd on server with this command line: ./ngrokd -tlsKey="ngrokd-wildcard.key" -tlsCrt="ngrokd-wildcard.cert" -domain="ngrok.blitz-app01.general.disney.private" -httpAddr=":8000" -httpsAddr=":8001"
  4. replace contents of assets/client/ngrokroot.crt with contents of ngrokd-wildcard.cert
  5. compile release-client
  6. attempt to connect using newly compiled client

My client tells me the cert is signed by an invalid certificate authority. What am I missing here?

jacobfike commented Jan 30, 2014

I guess I spoke too soon. I am still confused about how to use a self-signed cert. I need to recompile what? The server? The client? Both?

Here is what I have done:

  1. generate openssl key, ngrokd-wildcard.key, on server
  2. use key to create signed certificate, ngrokd-wildcard.cert on server
  3. run ngrokd on server with this command line: ./ngrokd -tlsKey="ngrokd-wildcard.key" -tlsCrt="ngrokd-wildcard.cert" -domain="ngrok.blitz-app01.general.disney.private" -httpAddr=":8000" -httpsAddr=":8001"
  4. replace contents of assets/client/ngrokroot.crt with contents of ngrokd-wildcard.cert
  5. compile release-client
  6. attempt to connect using newly compiled client

My client tells me the cert is signed by an invalid certificate authority. What am I missing here?

@inconshreveable

This comment has been minimized.

Show comment
Hide comment
@inconshreveable

inconshreveable Feb 5, 2014

Owner

Jacob -

My sincere apologies I didn’t get back to you. I started writing this email on my phone and meant to finish it when I got back to my computer so I could point you to the right source code and then it got lost in the shuffle.

The client connects to the server over tls. The only root certificate it uses to validate the server is for ngrok.com. You can replace assests/client/tls/ngrokroot.ca with your own signing CA and then point the server at your own certificates that you signed with that CA. (via -tlsKey and -tlsCrt)

Hope that helps if you’re still having trouble. Sorry again for such a delayed response.

  • alan

On Jan 30, 2014, at 2:05 PM, Jacob Fike notifications@github.com wrote:

I guess I spoke too soon. I am still confused about how to use a self-signed cert. I need to recompile what? The server? The client? Both?


Reply to this email directly or view it on GitHub.

Owner

inconshreveable commented Feb 5, 2014

Jacob -

My sincere apologies I didn’t get back to you. I started writing this email on my phone and meant to finish it when I got back to my computer so I could point you to the right source code and then it got lost in the shuffle.

The client connects to the server over tls. The only root certificate it uses to validate the server is for ngrok.com. You can replace assests/client/tls/ngrokroot.ca with your own signing CA and then point the server at your own certificates that you signed with that CA. (via -tlsKey and -tlsCrt)

Hope that helps if you’re still having trouble. Sorry again for such a delayed response.

  • alan

On Jan 30, 2014, at 2:05 PM, Jacob Fike notifications@github.com wrote:

I guess I spoke too soon. I am still confused about how to use a self-signed cert. I need to recompile what? The server? The client? Both?


Reply to this email directly or view it on GitHub.

@jacobfike

This comment has been minimized.

Show comment
Hide comment
@jacobfike

jacobfike Feb 6, 2014

Hey, thanks for the reply. Unfortunately, I went and edited my comment instead of just posting a new one. There is no assets/client/tls/ngrokroot.ca file, but there is an assets/client/tls/ngrokroot.crt file, which I have replaced with my cert file. But still no luck.

Am I missing a step? Should there be more than just the .key and .cert that I create on the server? Is there another way to do that process that creates a .ca file or something?

jacobfike commented Feb 6, 2014

Hey, thanks for the reply. Unfortunately, I went and edited my comment instead of just posting a new one. There is no assets/client/tls/ngrokroot.ca file, but there is an assets/client/tls/ngrokroot.crt file, which I have replaced with my cert file. But still no luck.

Am I missing a step? Should there be more than just the .key and .cert that I create on the server? Is there another way to do that process that creates a .ca file or something?

@inconshreveable

This comment has been minimized.

Show comment
Hide comment
@inconshreveable

inconshreveable Feb 6, 2014

Owner

Yeah I meant to say assets/client/tls/ngrokroot.crt, sorry.

I create my own self-signed CA (which is just a self-signed cert) and then use that to sign a new certificate. I use this guide whenever I forget all of the openssl commands to set this stuff up:

http://datacenteroverlords.com/2012/03/01/creating-your-own-ssl-certificate-authority/

  • alan

On Feb 5, 2014, at 4:26 PM, Jacob Fike notifications@github.com wrote:

Hey, thanks for the reply. Unfortunately, I went and edited my comment instead of just posting a new one. There is no assets/client/tls/ngrokroot.ca file, but there is an assets/client/tls/ngrokroot.crt file, which I have replaced with my cert file. But still no luck.

Am I missing a step? Should there be more than just the .key and .cert that I create on the server? Is there another way to do that process that creates a .ca file or something?


Reply to this email directly or view it on GitHub.

Owner

inconshreveable commented Feb 6, 2014

Yeah I meant to say assets/client/tls/ngrokroot.crt, sorry.

I create my own self-signed CA (which is just a self-signed cert) and then use that to sign a new certificate. I use this guide whenever I forget all of the openssl commands to set this stuff up:

http://datacenteroverlords.com/2012/03/01/creating-your-own-ssl-certificate-authority/

  • alan

On Feb 5, 2014, at 4:26 PM, Jacob Fike notifications@github.com wrote:

Hey, thanks for the reply. Unfortunately, I went and edited my comment instead of just posting a new one. There is no assets/client/tls/ngrokroot.ca file, but there is an assets/client/tls/ngrokroot.crt file, which I have replaced with my cert file. But still no luck.

Am I missing a step? Should there be more than just the .key and .cert that I create on the server? Is there another way to do that process that creates a .ca file or something?


Reply to this email directly or view it on GitHub.

@jschroeder9000

This comment has been minimized.

Show comment
Hide comment
@jschroeder9000

jschroeder9000 Feb 12, 2014

I'm also not able to get this to work. I followed the instructions in the link you provided (which has an inconsistency... the last command there uses root.key and root.pem when the previous commands created rootCA.pem and rootCA.key). I recompiled both the client and the server after replacing assets/clients/tls/ngrokroot.crt with rootCA.pem (keeping the ngrokroot.crt file name). I run the server with ngrokd -tlsKey="device.key" -tlsCrt="device.crt" -domain="example.com". The client just loops trying to connect and the server reports 'Failed to read message: remote error: bad certificate'.

jschroeder9000 commented Feb 12, 2014

I'm also not able to get this to work. I followed the instructions in the link you provided (which has an inconsistency... the last command there uses root.key and root.pem when the previous commands created rootCA.pem and rootCA.key). I recompiled both the client and the server after replacing assets/clients/tls/ngrokroot.crt with rootCA.pem (keeping the ngrokroot.crt file name). I run the server with ngrokd -tlsKey="device.key" -tlsCrt="device.crt" -domain="example.com". The client just loops trying to connect and the server reports 'Failed to read message: remote error: bad certificate'.

@jacobfike

This comment has been minimized.

Show comment
Hide comment
@jacobfike

jacobfike Feb 12, 2014

I have tried every combination of generating certs and signing certs and replacing ngrokroot.crt in the client assets and the closest I have gotten is this new error:

[02/12/14 11:05:46] [EROR] control recovering from failure x509: certificate is valid for , not blitz-app01.general.private

If you have made this work, can you share your exact steps?

jacobfike commented Feb 12, 2014

I have tried every combination of generating certs and signing certs and replacing ngrokroot.crt in the client assets and the closest I have gotten is this new error:

[02/12/14 11:05:46] [EROR] control recovering from failure x509: certificate is valid for , not blitz-app01.general.private

If you have made this work, can you share your exact steps?

@davidreuss

This comment has been minimized.

Show comment
Hide comment
@davidreuss

davidreuss Feb 19, 2014

I'm also trying to get a ngrokd running with a self-signed cert - seeing the exact same issues, although i haven't tried generating the cert with the exact steps from the guide @inconshreveable linked to.

@jacobfike have you gotten anywhere with it, since?

davidreuss commented Feb 19, 2014

I'm also trying to get a ngrokd running with a self-signed cert - seeing the exact same issues, although i haven't tried generating the cert with the exact steps from the guide @inconshreveable linked to.

@jacobfike have you gotten anywhere with it, since?

@jacobfike

This comment has been minimized.

Show comment
Hide comment
@jacobfike

jacobfike Feb 19, 2014

@davidreuss I have given up at this point. I was doing this as an experiment for my company, but I think we'll have to find another solution.

jacobfike commented Feb 19, 2014

@davidreuss I have given up at this point. I was doing this as an experiment for my company, but I think we'll have to find another solution.

@sinhabis

This comment has been minimized.

Show comment
Hide comment
@sinhabis

sinhabis Feb 21, 2014

I am also sailing in the same boat. Anyone got it working yet?

sinhabis commented Feb 21, 2014

I am also sailing in the same boat. Anyone got it working yet?

@jbguerraz

This comment has been minimized.

Show comment
Hide comment
@jbguerraz

jbguerraz Mar 3, 2014

Same issue here.
Is there a way to help on this issue ? some advice so we could check deeper what's wrong ?

jbguerraz commented Mar 3, 2014

Same issue here.
Is there a way to help on this issue ? some advice so we could check deeper what's wrong ?

@lyrixderaven

This comment has been minimized.

Show comment
Hide comment
@lyrixderaven

lyrixderaven Mar 10, 2014

I'm having similar issues - i'm getting

[EROR] control recovering from failure x509: certificate signed by unknown authority

While i'm trying to get it to run on a mac as a client, I've gotten better debug output by starting the client via

bin/ngrok -proto="http" -log='stdout' 80

Maybe that helps? I posted a separate question/bug report with a more detailed description of my issues here: #93

lyrixderaven commented Mar 10, 2014

I'm having similar issues - i'm getting

[EROR] control recovering from failure x509: certificate signed by unknown authority

While i'm trying to get it to run on a mac as a client, I've gotten better debug output by starting the client via

bin/ngrok -proto="http" -log='stdout' 80

Maybe that helps? I posted a separate question/bug report with a more detailed description of my issues here: #93

@kk86bioinfo

This comment has been minimized.

Show comment
Hide comment
@kk86bioinfo

kk86bioinfo May 14, 2014

After several attemps, I get it working fine in Ubuntu LTS 12.04.4, Follow the steps at https://help.ubuntu.com/12.04/serverguide/certificates-and-security.html.

  1. Follow the steps on "Creating a Self-Signed Certificate" and "Installing the Certificate".
  2. sudo -i (must be root, to activate GOARCH and GOOS) to compile ngrokroot.crt with your server.crt in ngrokd-master/assets/client/tls, the command is 'make release-client'
  3. Set DNS for *.[yourdomain] to the server ip that you have running ngrokd.
  4. At client, set $HOME/.ngrok config to have trust_host_root_certs: false.
  5. Test on your browser first with https://[yourdomain]:[ngrokd-httpsAttr] to see if your cert key are valid, you should at least get untrusted site, proceed anyway button.
  6. If you get step 5 working, ngrokd should be working fine.

kk86bioinfo commented May 14, 2014

After several attemps, I get it working fine in Ubuntu LTS 12.04.4, Follow the steps at https://help.ubuntu.com/12.04/serverguide/certificates-and-security.html.

  1. Follow the steps on "Creating a Self-Signed Certificate" and "Installing the Certificate".
  2. sudo -i (must be root, to activate GOARCH and GOOS) to compile ngrokroot.crt with your server.crt in ngrokd-master/assets/client/tls, the command is 'make release-client'
  3. Set DNS for *.[yourdomain] to the server ip that you have running ngrokd.
  4. At client, set $HOME/.ngrok config to have trust_host_root_certs: false.
  5. Test on your browser first with https://[yourdomain]:[ngrokd-httpsAttr] to see if your cert key are valid, you should at least get untrusted site, proceed anyway button.
  6. If you get step 5 working, ngrokd should be working fine.
@jacobfike

This comment has been minimized.

Show comment
Hide comment
@jacobfike

jacobfike May 14, 2014

@kk86bioinfo Thanks a lot. I finally got mine to work with those steps. One thing to note is that the common name for your CSR should be just a domain and not a wildcard domain (I got an error about "the certificate is valid for domain.com, not *.domain.com" when I tried).

jacobfike commented May 14, 2014

@kk86bioinfo Thanks a lot. I finally got mine to work with those steps. One thing to note is that the common name for your CSR should be just a domain and not a wildcard domain (I got an error about "the certificate is valid for domain.com, not *.domain.com" when I tried).

@jbmartin

This comment has been minimized.

Show comment
Hide comment
@jbmartin

jbmartin May 15, 2014

Having the same problem, even after following @kk86bioinfo instructions upto step 5.

jbmartin commented May 15, 2014

Having the same problem, even after following @kk86bioinfo instructions upto step 5.

@wwebb

This comment has been minimized.

Show comment
Hide comment
@wwebb

wwebb May 20, 2014

Hello! Would you please elaborate on how to "recompile ngrok with your signing CA" ? I am using a self-signed certificate created using OpenSSL on Ubuntu. I replaced ./assets/server/tls/snakeoil.crt and snakeoil.key with my own key and certificate. Permissions on the file were chmod 400. I did a the following command to re-build the binary:

make clean
make release-server

I am always getting the following error in the ngrokd conle despite the aforementioned attempt.

Failed to read message: remote error: bad certificate

My configuration file on the client end follows your guidance:

server_addr: mydomain.com:4443
trust_host_root_certs: false

Do I also need to recompile the client as well? The client is running on Windows and the server is running on Ubuntu 14.04.

Thank you for your help, and for making such an awesome product. I exhibited a need for this last week, and never found what I was looking for, and then just today happened to see ngrok mentioned on HN. Great timing!

Attached image:
bad-cert

wwebb commented May 20, 2014

Hello! Would you please elaborate on how to "recompile ngrok with your signing CA" ? I am using a self-signed certificate created using OpenSSL on Ubuntu. I replaced ./assets/server/tls/snakeoil.crt and snakeoil.key with my own key and certificate. Permissions on the file were chmod 400. I did a the following command to re-build the binary:

make clean
make release-server

I am always getting the following error in the ngrokd conle despite the aforementioned attempt.

Failed to read message: remote error: bad certificate

My configuration file on the client end follows your guidance:

server_addr: mydomain.com:4443
trust_host_root_certs: false

Do I also need to recompile the client as well? The client is running on Windows and the server is running on Ubuntu 14.04.

Thank you for your help, and for making such an awesome product. I exhibited a need for this last week, and never found what I was looking for, and then just today happened to see ngrok mentioned on HN. Great timing!

Attached image:
bad-cert

@kk86bioinfo

This comment has been minimized.

Show comment
Hide comment
@kk86bioinfo

kk86bioinfo May 20, 2014

Recompile ngrok with your signing CA
Step 1: Copy your generated cert to ngrok-master/assets/client/tls/ngrokroot.crt (replace it).
Step 2: Recompile ngrok (binary, not server), with make release-client.
Step 3: Download this ngrok binary and install to your client machine. Start ngrokd that you compile before this (make release-server, I not mention the steps in detail here as it is in docs/SELFHOSTING.md). Run ngrokd in your server. Double check with browser by accessing it via port you defined as public access port (Step 5 I mention in comment above.)
Step4 : In your client machine, run ngrok.

kk86bioinfo commented May 20, 2014

Recompile ngrok with your signing CA
Step 1: Copy your generated cert to ngrok-master/assets/client/tls/ngrokroot.crt (replace it).
Step 2: Recompile ngrok (binary, not server), with make release-client.
Step 3: Download this ngrok binary and install to your client machine. Start ngrokd that you compile before this (make release-server, I not mention the steps in detail here as it is in docs/SELFHOSTING.md). Run ngrokd in your server. Double check with browser by accessing it via port you defined as public access port (Step 5 I mention in comment above.)
Step4 : In your client machine, run ngrok.

@jbmartin

This comment has been minimized.

Show comment
Hide comment
@jbmartin

jbmartin May 22, 2014

Thanks, @kk86bioinfo. It works now. Didn't realize that the client also needs to be compiled with the certs.

jbmartin commented May 22, 2014

Thanks, @kk86bioinfo. It works now. Didn't realize that the client also needs to be compiled with the certs.

@lyoshenka

This comment has been minimized.

Show comment
Hide comment
@lyoshenka

lyoshenka May 23, 2014

If anyone needs step-by-step instructions with commands, I wrote them up here: https://gist.github.com/lyoshenka/002b7fbd801d0fd21f2f

You should be able to basically copy-paste these instructions and everything should just work. Just don't forget to change the NGROK_DOMAIN variable in my script to your actual domain.

lyoshenka commented May 23, 2014

If anyone needs step-by-step instructions with commands, I wrote them up here: https://gist.github.com/lyoshenka/002b7fbd801d0fd21f2f

You should be able to basically copy-paste these instructions and everything should just work. Just don't forget to change the NGROK_DOMAIN variable in my script to your actual domain.

@inconshreveable

This comment has been minimized.

Show comment
Hide comment
@inconshreveable

inconshreveable May 23, 2014

Owner

@lyoshenka Would you mind if I included your steps in ngrok's self-hosting guide?

Owner

inconshreveable commented May 23, 2014

@lyoshenka Would you mind if I included your steps in ngrok's self-hosting guide?

@lyoshenka

This comment has been minimized.

Show comment
Hide comment
@lyoshenka

lyoshenka May 23, 2014

@inconshreveable no problem, go for it. I love ngrok and all the work you've done for it, so I'm glad to help how I can.

lyoshenka commented May 23, 2014

@inconshreveable no problem, go for it. I love ngrok and all the work you've done for it, so I'm glad to help how I can.

@inconshreveable

This comment has been minimized.

Show comment
Hide comment
@inconshreveable

inconshreveable May 23, 2014

Owner

@lyoshenka Thanks! Also, to all else in this thread, I'd love to improve the SELFHOSTING doc. If you have any improvements, clarifications, how-tos, etc, please submit them as a pull request to improve that doc!

Owner

inconshreveable commented May 23, 2014

@lyoshenka Thanks! Also, to all else in this thread, I'd love to improve the SELFHOSTING doc. If you have any improvements, clarifications, how-tos, etc, please submit them as a pull request to improve that doc!

@jbmartin

This comment has been minimized.

Show comment
Hide comment
@jbmartin

jbmartin May 23, 2014

@lyoshenka thanks for the instructions! the only thing i'd add is that GOOS/GOARCH env vars need to be set if your compiling OS is different from the target OS.

jbmartin commented May 23, 2014

@lyoshenka thanks for the instructions! the only thing i'd add is that GOOS/GOARCH env vars need to be set if your compiling OS is different from the target OS.

@wwebb

This comment has been minimized.

Show comment
Hide comment
@wwebb

wwebb May 23, 2014

Thanks all for the guidance! Following on Jay's note, I would appreciate it if someone could give guidance on compiling the client for Windows from a Linux environment. I've played with the GOOS/GOARCH variables, but can never seem to make it produce a .exe file like what is provided in the original distribution.

On May 23, 2014, at 17:29, "Jay B. Martin" notifications@github.com wrote:

@lyoshenka thanks for the instructions! the only thing i'd add is that GOOS/GOARCH env vars need to be set if your compiling OS is different from the target OS.


Reply to this email directly or view it on GitHub.

wwebb commented May 23, 2014

Thanks all for the guidance! Following on Jay's note, I would appreciate it if someone could give guidance on compiling the client for Windows from a Linux environment. I've played with the GOOS/GOARCH variables, but can never seem to make it produce a .exe file like what is provided in the original distribution.

On May 23, 2014, at 17:29, "Jay B. Martin" notifications@github.com wrote:

@lyoshenka thanks for the instructions! the only thing i'd add is that GOOS/GOARCH env vars need to be set if your compiling OS is different from the target OS.


Reply to this email directly or view it on GitHub.

@kk86bioinfo

This comment has been minimized.

Show comment
Hide comment
@kk86bioinfo

kk86bioinfo May 23, 2014

On 5/24/2014 1:28 AM, inconshreveable wrote:

@lyoshenka https://github.com/lyoshenka Would you mind if I included
your steps in ngrok's self-hosting guide?


Reply to this email directly or view it on GitHub
#84 (comment).

Hi, my pleasure. :)


This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com

kk86bioinfo commented May 23, 2014

On 5/24/2014 1:28 AM, inconshreveable wrote:

@lyoshenka https://github.com/lyoshenka Would you mind if I included
your steps in ngrok's self-hosting guide?


Reply to this email directly or view it on GitHub
#84 (comment).

Hi, my pleasure. :)


This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com

@inconshreveable

This comment has been minimized.

Show comment
Hide comment
@inconshreveable

inconshreveable May 23, 2014

Owner

@kk86bioinfo my apologies, I'll credit you in the self-hosting doc as well for your help and instructions

Owner

inconshreveable commented May 23, 2014

@kk86bioinfo my apologies, I'll credit you in the self-hosting doc as well for your help and instructions

@jbmartin

This comment has been minimized.

Show comment
Hide comment
@jbmartin

jbmartin May 26, 2014

@wwebb I compiled a Linux version of ngrokd on my Mac following the cross-compiler instructions found here. Even though I used a Mac, It appears that you can pretty much cross-compile from any source OS to any target OS. The last step was to run GOOS="linux" GOARCH="amd64" make release-server on the command line. My compiled ngrokd server has been humming along since. Not sure what the analog of all this would be on Windows...

jbmartin commented May 26, 2014

@wwebb I compiled a Linux version of ngrokd on my Mac following the cross-compiler instructions found here. Even though I used a Mac, It appears that you can pretty much cross-compile from any source OS to any target OS. The last step was to run GOOS="linux" GOARCH="amd64" make release-server on the command line. My compiled ngrokd server has been humming along since. Not sure what the analog of all this would be on Windows...

@jacobfike jacobfike closed this Sep 29, 2014

@gdtv

This comment has been minimized.

Show comment
Hide comment
@gdtv

gdtv Feb 6, 2015

I also have the same problem.
I use self-signed CA.
Finally, I solved this problem.
The most important things is:
you must use the client that you compile ngrok with your signing CA. DONOT download the client from ngrok.com

gdtv commented Feb 6, 2015

I also have the same problem.
I use self-signed CA.
Finally, I solved this problem.
The most important things is:
you must use the client that you compile ngrok with your signing CA. DONOT download the client from ngrok.com

@paoloantinori

This comment has been minimized.

Show comment
Hide comment
@paoloantinori

paoloantinori Mar 25, 2015

Hi guys, I'm trying to follow this guide without luck. I'm using https://gist.github.com/lyoshenka/002b7fbd801d0fd21f2f and the only different config in my step is that I'm providing directly ip address as NGROK_DOMAIN.

When I open the https endpoint in the browser I see a correct request to accept a self signed certificate, but when I run the client, it cannot connect, and I see this errors in server logs:

[03/25/15 08:37:36] [INFO] Listening for public http connections on [::]:8000
[03/25/15 08:37:36] [INFO] Listening for public https connections on [::]:8001
[03/25/15 08:37:36] [INFO] Listening for control and proxy connections on [::]:4443
[03/25/15 08:37:46] [INFO] [tun:2e91506e] New connection from xx.50.2.161:59970
[03/25/15 08:37:46] [DEBG] [tun:2e91506e] Waiting to read message
[03/25/15 08:37:46] [WARN] [tun:2e91506e] Failed to read message: remote error: bad certificate
[03/25/15 08:37:46] [DEBG] [tun:2e91506e] Closing
[03/25/15 08:37:48] [INFO] [tun:272901da] New conn

Any idea what I could be doing wrong?

I'm sure I'm using ngrok client I have built during the steps, to connect.

paoloantinori commented Mar 25, 2015

Hi guys, I'm trying to follow this guide without luck. I'm using https://gist.github.com/lyoshenka/002b7fbd801d0fd21f2f and the only different config in my step is that I'm providing directly ip address as NGROK_DOMAIN.

When I open the https endpoint in the browser I see a correct request to accept a self signed certificate, but when I run the client, it cannot connect, and I see this errors in server logs:

[03/25/15 08:37:36] [INFO] Listening for public http connections on [::]:8000
[03/25/15 08:37:36] [INFO] Listening for public https connections on [::]:8001
[03/25/15 08:37:36] [INFO] Listening for control and proxy connections on [::]:4443
[03/25/15 08:37:46] [INFO] [tun:2e91506e] New connection from xx.50.2.161:59970
[03/25/15 08:37:46] [DEBG] [tun:2e91506e] Waiting to read message
[03/25/15 08:37:46] [WARN] [tun:2e91506e] Failed to read message: remote error: bad certificate
[03/25/15 08:37:46] [DEBG] [tun:2e91506e] Closing
[03/25/15 08:37:48] [INFO] [tun:272901da] New conn

Any idea what I could be doing wrong?

I'm sure I'm using ngrok client I have built during the steps, to connect.

@kissthink

This comment has been minimized.

Show comment
Hide comment
@kissthink

kissthink Apr 17, 2015

how to add auth service as ngrok.com by the source ?

-authtoken="": Authentication token for identifying an ngrok.com account
-httpauth="": username:password HTTP basic auth creds protecting the public

kissthink commented Apr 17, 2015

how to add auth service as ngrok.com by the source ?

-authtoken="": Authentication token for identifying an ngrok.com account
-httpauth="": username:password HTTP basic auth creds protecting the public

@facat

This comment has been minimized.

Show comment
Hide comment
@facat

facat May 13, 2015

how to add auth service as ngrok.com by the source ?

The same question to me. I cannot find official tutorial on this.

facat commented May 13, 2015

how to add auth service as ngrok.com by the source ?

The same question to me. I cannot find official tutorial on this.

@kissthink

This comment has been minimized.

Show comment
Hide comment
@kissthink

kissthink May 15, 2015

yes , i had read some source code about it ,but noting found !
same question again : how to add auth service as ngrok.com ?

kissthink commented May 15, 2015

yes , i had read some source code about it ,but noting found !
same question again : how to add auth service as ngrok.com ?

@fsamir

This comment has been minimized.

Show comment
Hide comment
@fsamir

fsamir Jun 29, 2015

+1 for some docs on auth on self hosted ngrokd.

fsamir commented Jun 29, 2015

+1 for some docs on auth on self hosted ngrokd.

@werty1st

This comment has been minimized.

Show comment
Hide comment
@werty1st

werty1st Jul 21, 2015

I finally got it by carefully reading the log output. after some hours i realized that the original client uses a ~/.ngrok2/ngrok.yml config file but the client i compiled used a file under ~/.ngrok

as this file was never created the client tried to connect to the wrong host.

my steps:
setup dns: python dnsproxy.py -H 127.0.1.1 -p 53 -s 8.8.8.8
to try things locally

create CA: like in post #issuecomment-34279559 without wildcard

replace files: rootCA.pem -> ngrokroot.crt, server.crt -> snakeoilca.crt, server.crt -> snakeoil.crt, server.key -> snakeoil.key

compile

config: ~/.ngrok
server_addr: xxx.eu:4443
trust_host_root_certs: false

run:
sudo ./ngrokd -tlsKey="server.key" -tlsCrt="server.crt" -domain="xxx.eu"
./ngrok -log=stdout 1337

thanks for this cool software

werty1st commented Jul 21, 2015

I finally got it by carefully reading the log output. after some hours i realized that the original client uses a ~/.ngrok2/ngrok.yml config file but the client i compiled used a file under ~/.ngrok

as this file was never created the client tried to connect to the wrong host.

my steps:
setup dns: python dnsproxy.py -H 127.0.1.1 -p 53 -s 8.8.8.8
to try things locally

create CA: like in post #issuecomment-34279559 without wildcard

replace files: rootCA.pem -> ngrokroot.crt, server.crt -> snakeoilca.crt, server.crt -> snakeoil.crt, server.key -> snakeoil.key

compile

config: ~/.ngrok
server_addr: xxx.eu:4443
trust_host_root_certs: false

run:
sudo ./ngrokd -tlsKey="server.key" -tlsCrt="server.crt" -domain="xxx.eu"
./ngrok -log=stdout 1337

thanks for this cool software

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment