Intranet penetrator: the correct posture of Ngrok in payment

preface

With the development of the Internet, more and more third-party payments (Alipay, wechat and UnionPay) are integrated in both Web services and mobile apps. Generally, as a service provider, after the payment is successful, there will be a back-end callback URL to notify the caller whether the payment is successful or not. The URL must be in a public network environment and can be accessed. However, in the actual development and testing environment, we generally develop on the Intranet, so it is a more troublesome thing to pay for testing.

Intranet through

At this point, we need Intranet penetration services to solve the problem that third-party services cannot call back. Let’s take a look at some of the popular Intranet penetration technologies.

Ngrok

Ngrok is a reverse proxy that establishes a secure channel between a common endpoint and a Web server running locally. Ngrok captures and analyzes traffic on all channels for later analysis and replay.

• Advantages: easy to use, Docker container, simple configuration, supported by various platforms, can also build their own server
• Disadvantages: Ngrok is an open source program, the official website service in foreign countries, domestic access to foreign slow. 1.7+ no longer open source, charging is the driving force for sustainable development

There are also corresponding NGROk services in China, such as NATApp, FRP, NAT123 port mapping, netcom, peanut shell, etc., which will not be introduced one by one here. If you are interested, you can Google it yourself, after all, the protagonist of today is NGROk.

The following figure shows the Ngrok penetration process:

The environment that

Cloud server Linux(centos7.4), Nginx, Docker, hteen/ngrok Docker image, one registered domain name

Installation instructions

Docker installation instructions are omitted here, please install Docker by yourself.

Get the ngrok image:

docker pull hteen/ngrokCopy the code

Start the

• We need to mount the host directory (LLDB /data/ngrok) to the/myFiles directory of the container
• On the first run, it will generate binaries and CA certificates in the /data/ngrok directory

sudo docker run --rm -it -e DOMAIN="ngrok.52itstyle.com" -v /data/ngrok:/myfiles hteen/ngrok /bin/sh  /build.shCopy the code

The following message will be displayed if the installation is successful (the intermediate process is omitted) :

Generating RSA private key, 2048 bit long modulus ............................. + + +... +++ e is 65537 (0x10001) Generating RSA private key, 2048 bit long modulus ............................... + + +... +++ go get -tags 'release' -d -v ngrok/... go install -tags 'release' ngrok/main/ngrok build ok !Copy the code

The client and server are generated in /data/ngrok/bin:

Bin /ngrokd server bin/ngrok Linux client bin/darwin_amd64/ngrok OSX client bin/windows_amd64/ngrok.exe Windows clientCopy the code

Start the Ngrok server

Since ngrok uses ports 80 and 443 by default, here we use Nginx service for forwarding and access the Docker container through port mapping (see docker-comemage.yml configuration).

docker run -idt --name ngrok-server \
-v /data/ngrok:/myfiles \
-p 8082:80 \
-p 4432:443 \
-p 4443:4443 \
-e DOMAIN='ngrok.52itstyle.com' hteen/ngrok /bin/sh /server.shCopy the code

After startup, you need to add two reverse proxy configurations to nginx.conf (HTTPS request configuration) :

server { listen 80; server_name ngrok.52itstyle.cn *.ngrok.52itstyle.com; location / { proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; Proxy_pass http://127.0.0.1:8082; }}Copy the code

Configuring DNS Resolution

After the service is started, in order to run properly, we need to add two A records to the cloud server (replaced by their own IP address) :

Start the Ngrok client

First download the client for each environment from the data/ngrok/bin directory.

Windows environment

First create a ngrok.cfg configuration file:

server_addr: "ngrok.52itstyle.com:4443"
trust_host_root_certs: falseCopy the code

Run the CMD command to switch to the corresponding directory and run the following command:

Ngrok. exe -config ngrok. CFG -subdomain doc 192.168.1.125:4999Copy the code

If the following information is displayed, the installation is successful:

Linux environment

The following error has been reported under Linux:

-bash:./ngrok: /lib/ld-musl-x86_64.so.1: Bad ELF interpreter: Does not have that file or directoryCopy the code

Matters needing attention

• The firewall must open port 4443; otherwise, the connection fails
• Wechat qr code payment callback is required domain name authentication (background can only input a URL), this a bit pit!!

Finally recommend a alipay, wechat, unionPay detailed code cases: gitee.com/52itstyle/s…

reference

Hub.docker.com/r/hteen/ngr… Hteen. Cn/docker/dock… Github.com/hteen/docke… Gitee.com/52itstyle/s…

Author: Xiao Qi

Reference: blog.52itstyle.com

Sharing is a happy experience, and it also witnessed the personal growth process. Most of the articles are summary of work experience and daily learning accumulation. Based on my own cognitive deficiencies, I would like to ask you to correct me and make progress together.

The copyright of this article belongs to the author, welcome to reprint, but without the consent of the author must retain this paragraph of statement, and give a prominent position in the article page, if you have any questions, please email ([email protected]) for consultation.

WebSocket seckill push notifications from building distributed seckill systems
How to use distributed Redis locks from building distributed seckill systems