ngrok在防火墙后面是如何工作的?

huangapple go评论104阅读模式
英文:

How does ngrok work behind a firewall?

问题

Ngrok(https://ngrok.com/)可以通过转发来将本地端口和服务暴露给全球网络。但是,如果我像这样在本地机器上打开80端口:

ngrok 80

然后我得到以下结果:

Tunnel Status                 online
Version                       1.3/1.3
Forwarding                    http://3a4bfceb.ngrok.com -> 127.0.0.1:80
Forwarding                    https://3a4bfceb.ngrok.com -> 127.0.0.1:80
Web Interface                 http://127.0.0.1:4040
# Conn                        0
Avg Conn Time                 0.00ms

我知道任何对http://3a4bfceb.ngrok.com的请求都会转发到我本地机器的80端口,但是如果我处于一个阻止传入流量的NAT/防火墙后面(这是一个非常常见的情况),ngrok会发起轮询请求来确定何时接收到数据吗?

英文:

Ngrok (https://ngrok.com/) is supposed to allow you to expose local ports and services to the world wide web through forwarding. But if I open port 80 on my local machine like this:

ngrok 80

and I get back:

Tunnel Status                 online
Version                       1.3/1.3
Forwarding                    http://3a4bfceb.ngrok.com -> 127.0.0.1:80
Forwarding                    https://3a4bfceb.ngrok.com -> 127.0.0.1:80
Web Interface                 http://127.0.0.1:4040
# Conn                        0
Avg Conn Time                 0.00ms

I understand that any requests to http://3a4bfceb.ngrok.com will go to my local machine on port 80 but what if I am sitting behind a NAT/Firewall that's blocking incoming traffic (a very common scenario). Does ngrok initiate polling requests to determine when data has been received?

答案1

得分: 136

由于ngrok隧道始终首先在客户端上启动,这就是它如何与服务器协商建立安全通道的方式。这是绕过传统防火墙配置的一个非常巧妙的解决方案。

这是通过客户端打开一个长期存在的TCP连接来实现的,在一个物理套接字连接中创建了许多逻辑套接字。这种技术被称为流复用。通过这种设置,不需要任何形式的轮询,因为客户端和服务器仍然具有完全的双向通信。

客户端和服务器通过心跳机制保持活动状态,确保连接处于打开和适当工作的状态,甚至在错误或丢失/关闭连接时重新连接。

更多信息请参见:github.com上的开发者指南

英文:

Because an ngrok tunnel is always initiated on the client-side first, this is how it can negotiate a secure channel with the server. It's a really slick solution to getting around conventional firewall configurations.

This is internally accomplished by the client opening up a single long-lived tcp connection where many logical sockets are created within one physical socket connection. This technique is called stream multiplexing. With this setup in place there is no need for any kind of polling because the client and server still have fully bi-directional communication in place.

The client and server then stay alive with a heartbeat mechanism that makes sure the connection is open and working appropriately and will even reconnect upon error or a lost/closed connection.

See this for more information: Developer Guide on github.com

答案2

得分: 0

你可以创建基本的http-https-tcp隧道而无需authtoken。对于自定义子域和其他功能,您应该通过在ngrok.com上注册来获取authtoken。一旦设置好,它将存储在ngrok配置中,并用于所有隧道。有几种方法:

await ngrok.authtoken(token);
await ngrok.connect({authtoken: token, ...});

英文:

You can create basic http-https-tcp tunnel without authtoken. For custom subdomains and more you should obtain authtoken by signing up at ngrok.com. Once you set it, it's stored in ngrok config and used for all tunnels. Few ways:

await ngrok.authtoken(token);
await ngrok.connect({authtoken: token, ...});

huangapple
  • 本文由 发表于 2014年5月1日 02:08:01
  • 转载请务必保留本文链接:https://go.coder-hub.com/23395129.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定