我们经常会有「把本机开发中的 web 项目给朋友看一下」这种临时需求,为此专门在 VPS 上部署一遍就有点太浪费了。之前通常是在 ADSL 路由器上配个端口映射让本机服务在外网可以访问,但现在大部分运营商不会轻易让你这么干了。一般小运营商也没有公网 IP,自己的路由器出口还是在局域网内,端口映射这种做法就不管用了。
这时候我们可以利用公网 IP 的主机中转来实现这种需求。Hole 就是为了这一目标而开发出来的,并且我还为它建立一个公共服务 HoleHUB。现在我展示手动搭建一套 hole 服务给自己用,一劳永逸地解决了内网穿透这个难题。下面展示这一过程。
编译 hole
我的 VPS 系统是 coreos 所以得本地编译后上传上去或者利用 docker。 这里我是利用 mac osx 来编译的:brew install go --with-cc-common
go get -v github.com/Lupino/hole/...
GOOS=linux GOARCH=amd64 go build github.com/Lupino/hole/cmd/holed$ hole-keys
2015/08/29 16:56:58 write to ca.pem
2015/08/29 16:56:58 write to ca.key
2015/08/29 16:56:58 write to cert.pem
2015/08/29 16:56:58 write to cert.key
2015/08/29 16:56:58 check signature trueholed ca.pem ca.key scp 到 VPS 上面。服务端
Hole 支持使用证书认证和非证书认证,而我这里使用证书。Hole 支持 udp, tcp, unix socket 方式链接,而现在演示的 web 项目是 http,tcp 的一种。 所以:
$ holed --help
Usage of holed:
-addr string
server address. (default "tcp://127.0.0.1:4000")
-ca string
The ca file. (default "ca.pem")
-key string
The ca key file. (default "ca.key")
-use-tls
use TLS
$ holed -addr tcp://holehub.com:4000 -ca ca.pem -key ca.key -use-tls
2015/08/29 17:09:18 Hole proxy server started on tcp://holehub.com:4000客户端
我现在是要把本地的 :3000 端口映射出去:$ hole --help
Usage of hole:
-addr string
Hole server address. (default "tcp://127.0.0.1:4000")
-cert string
The cert file. (default "cert.pem")
-key string
The cert key file. (default "cert.key")
-src string
Source server address. (default "tcp://127.0.0.1:8080")
-use-tls
use TLS
$ hole -addr tcp://holehub.com:4000 -cert cert.pem -key cert.key -use-tls -src tcp://:3000
2015/08/29 17:15:08 Connect Hole server: tcp://holehub.com:4000
2015/08/29 17:15:08 Process: tcp://:3000扩展
朋友们没有自己的 VPS 也不用担心可以使用 http://holehub.com 同样可以实现内网穿透。 并且 holehub 帮你做了很多事情,穿透就更加简单了。既然 hole 支持 tcp, udp, unix socket, 所以它还有很多玩法。比如:
- 转发 ssh 端口
- 和 shadowsocks 配合实现 local proxy
- 本地主机服务,什么智能家居…
- 其它 …
----------
A hole to pass through the gateway
When I visit raspberry pi' ssh server on some places, I must set port forwarding on the home route, and set a dynamic DNS. If the route is not your's, you will helpless.
I think it may have another way, so I try ssh port forwarding
ssh -CfNgR remote-port:localhost:local-port user@remote, then visit the remote-port.The hole is an other way similar ssh port forwarding. On the global server create a
holed, and the target host start hole.
Last you can visit the holed to replace the real server.The hole suit the situation: A(private) can connect B(global), C(private) can connect B, but B can't connect C, B can't connect A, and A can't connect C.
The hole support protocol
tcp tcp6 and unix socket.Install
go get -v github.com/Lupino/hole/cmd/holed
go get -v github.com/Lupino/hole/cmd/hole
Quick start
# Start on B
holed -addr=tcp://B-IP:B-PORT
# Start on C
hole -addr=tcp://B-IP:B-PORT -src=tcp://localhost:C-PORT
# On A just vist tcp://B-IP:B-PORT to replace visit C server
Example:
# A IP is 192.168.1.101
# B IP is 120.26.120.168
# C IP is 172.17.3.10
# Now on B server
holed -addr=tcp://120.26.120.168:4000
# On C server
hole -addr=tcp://120.26.120.168:4000 -src=tcp://127.0.0.1:22
# On A server
ssh root@120.26.120.168 -p 4000
# Now A can visit C via B server
Connect with tls
go get -v github.com/Lupino/hole/cmd/hole-keys
hole-keys
holed -use-tls
hole -use-tls from https://github.com/Lupino/hole------- HoleHUB
A cluster server of holed.An easy way to run hole
Dirctory
- /config the config of holehub.com.
- /front the site front of holehub.com
- /holehubd the backend server of holehub.com.
- /holehub the client of holehub.com.
Install
go get -v github.com/Lupino/holehub/holehub
Quick start
Go to holehub.com then signup or signup by curl:# signup on holehub.com
curl -d username=yourusername -d password=yourpassword -d email=youremail http://holehub.com/api/signup/
# then go to you email inbox active you account
Process the client:# Login holehub.com
holehub login
# run a app
holehub run --rm -n sshd -lp 22 from https://github.com/Lupino/holehub
No comments:
Post a Comment