With a thinking,try to make a cloud environment to do my job,that i can use a chromebook for a whole day work.
for this,I try to split a 48h128g server to some small server,like windows,kali,centos…
there is some question i met
1.I only have 2 IP,how to make all computer can connected the internat
2.The server is in Intranet,how can I connected it,it’s better have a high speed
3.How can i keep my safe
There is the answer for me to deal it
1.use a Soft router to build a NAT,the two ip ,one give to ESXI server ,other give to router.All server by split from ESXI connect to soft route.In this,I choose pfSense
2.this is not a different question.It’s easy to use teamviewer,but i don’t want to use it,for one it’s not stable,it’s usually disconneted for 5 min.other is in sometime,it is very slow.
3.All things is make by myself,the server for Reverse proxy server is build in docker.If someone use docker Escape loophole,I recognized.Just del the vps,change it.
Start
Soft router
There is a lot of router to choose,just like PFsense,Routeros,Sophos,Untangle.
I select the pfSense-CE-2.4.0-RELEASE-amd64
download the ova file
I use pfSense-CE-2.4.0-RELEASE-amd64.ova
Deploy it
In ESXI,deploy the template.You can change the router Configuration,I make it 4h4g.
you can set it in shell or in web(you should make a computer connected in the nat)
setting DNS in computer
I’m sad,beacuse i can’t solve it,I want to make the DNS in router,but failed.
Connect
The way to connected should use Reverse proxy,I use ngork.
update and install docker
sudo apt-get update
sudo apt-get upgrade -y
sudo apt-get install docker.io
the other useful command for install docker
yum install docker-ce
yum install docker-io
sudo apt-get install docker.ce
pull docker images
I choose docker pull hteen/ngrok
build it
docker run --rm -it -e DOMAIN="< your domain >" -v /data/ngrok:/myfiles hteen/ngrok /bin/sh /build.sh
if you see build ok !,it’s ok,if error,sometimes may be your vps is not support docker.
start docker images
if you only want to proxy the http or https.You can just use
docker run -idt --name ngrok-server -v /data/ngrok:/myfiles -p 80:80 -p 443:443 -p 4443:4443 -e DOMAIN='< your domain >' hteen/ngrok /bin/sh /server.sh
if you want to proxy ssh or rdp.You should open more ports.
just like
docker run -idt --name ngrok-server -v /data/ngrok:/myfiles -p 80:80 -p 443:443 -p 4443:4443 -p 50001:50001 -p 50002:50002 -p 50003:50003 -p 50004:50004 -p 50005:50005 -p 50006:50006 -p 50007:50007 -p 50008:50008 -p 50009:50009 -p 50010:50010 -p 50011:50011 -p 50012:50012 -p 50013:50013 -p 50014:50014 -p 50015:50015 -p 50016:50016 -p 50017:50017 -p 50018:50018 -p 50019:50019 -p 50020:50020 -p 50021:50021 -p 50022:50022 -p 50023:50023 -p 50024:50024 -p 50025:50025 -p 50026:50026 -p 50027:50027 -p 50028:50028 -p 50029:50029 -p 50030:50030 -p 50031:50031 -p 50032:50032 -p 50033:50033 -p 50034:50034 -p 50035:50035 -p 50036:50036 -p 50037:50037 -p 50038:50038 -p 50039:50039 -p 50040:50040 -p 50041:50041 -p 50042:50042 -p 50043:50043 -p 50044:50044 -p 50045:50045 -p 50046:50046 -p 50047:50047 -p 50048:50048 -p 50049:50049 -p 50050:50050 -p 50051:50051 -p 50052:50052 -p 50053:50053 -p 50054:50054 -p 50055:50055 -p 50056:50056 -p 50057:50057 -p 50058:50058 -p 50059:50059 -p 50060:50060 -p 50061:50061 -p 50062:50062 -p 50063:50063 -p 50064:50064 -p 50065:50065 -p 50066:50066 -p 50067:50067 -p 50068:50068 -p 50069:50069 -p 50070:50070 -p 50071:50071 -p 50072:50072 -p 50073:50073 -p 50074:50074 -p 50075:50075 -p 50076:50076 -p 50077:50077 -p 50078:50078 -p 50079:50079 -p 50080:50080 -p 50081:50081 -p 50082:50082 -p 50083:50083 -p 50084:50084 -p 50085:50085 -p 50086:50086 -p 50087:50087 -p 50088:50088 -p 50089:50089 -p 50090:50090 -p 50091:50091 -p 50092:50092 -p 50093:50093 -p 50094:50094 -p 50095:50095 -p 50096:50096 -p 50097:50097 -p 50098:50098 -p 50099:50099 -p 50100:50100 -e DOMAIN='< your domain >' hteen/ngrok /bin/sh /server.sh
it’s too fool,you can use other to replace it
docker run -idt --name ngrok-server -v /data/ngrok:/myfiles -p 80:80 -p 443:443 -p 4443:4443 -p 50000-50200:50000-50200 -e DOMAIN='< your domain >' hteen/ngrok /bin/sh /server.sh
there is something you should be notice.The ports number can’t be too much,I try to open 10000 ports,1000ports,all failed.In the end,I choose 200.
And a dns
in your Domain provider to add two records.
USE mstsc
In step 2,we will find a folder bin in /data/ngork/,those are the program to connect to our server.
Download them and choose what fit your OS
there are linux_x64,win_x64
for other,you should use there commands
sudo GOOS=windowsGOARCH=i386 make release-server release-client
sudo GOOS=darwin GOARCH=i386 make release-server release-client
create a file named ngork.cfg
server_addr: "< your domain >:4443"
trust_host_root_certs: false
tunnels:
ssh:
remote_port: 50001
proto:
tcp: "127.0.0.1:22"
mstsc:
remote_port: 50002
proto:
tcp: "127.0.0.2:3389"
web:
subdomain: "web"
proto:
http: 80
there are two way to use:
fit for web:
#Linux:
./ngrok -config ./ngrok.cfg -subdomain wechat ip:80
#Windows:
ngrok -config ./ngrok.cfg -subdomain wechat ip:80
it is easy to assign the domain,BUT !!! it’t can’t be used in tcp
other
#win
ngrok -config ngrok.cfg start mstsc
#linux
./ngrok -config ngrok.cfg start ssh
maybe you should see,in mstsc,I use 127.0.0.2 and in ssh I use 127.0.0.1
the reason for it is we can’t mstsc 127.0.0.1 when is os higher than winxp,but we can use 127.0.0.2,127.0.0.3….
but linux can ssh 127.0.0.1
The other thing for ngork is add a user,and add it to mstsc groud.Modify the max connections for rdp.In the end,
use ngork start the program and mstsc the computer.
Go!Than I can use the ESXI anywhere with out school vpn.
add
nohup ngrok -log=stdout 80 > /dev/null &
