I have a custom config here is the sample:
log_level: info
region: ap
tunnels:
http:
addr: 5000
proto: http
ssh:
addr: 22
proto: tcp
I specify the config path on pyngrok but when I try to run ngrok.connect() only HTTP part is working and show on my ngrok dashboard, no ssh tunnel. When I try the ngrok binary provided by pyngrok:
ngrok start --all --config=/ngrok.yaml
It works! On my ngrok dashboard I have HTTP, HTTPS and TCP.
These commands do not map to each other, which is why they do not do the same thing. connect() calls ngrok start --none, so it starts the ngrok process and API with no tunnels running, then it starts a tunnel using the API with the params you've passed to connect(). To start multiple tunnels, just call connect() more than once with different params.
from pyngrok import ngrok
conf.get_default().region = "ap"
tunnel1 = ngrok.connect(addr=5000)
tunnel2 = ngrok.connect(addr=22, proto="tcp")
In the above example, the config file isn't even necessary. If you already have tunnel definitions in your config though, you can use them by just passing their name.
from pyngrok import ngrok
conf.get_default().config_path = "/ngrok.yml"
tunnel1 = ngrok.connect(name="http")
tunnel1 = ngrok.connect(name="tcp")
The docs, which have many examples of this and other usage, can be found here.
Related
$
grok start --all
Your account may not run more than 3 tunnels over a single ngrok agent session.
The tunnels already running on this session are:
tn_2HpYCEfpJb2VAiIPS, tn_2HpYCKQh6q9j9R3nyKiJ, tn_2HpYCIPYGWWN9f3am75
ERR_NGROK_324
I tried to stop the running process but I could not.
I searched everywhere but had no luck.
thanks
Ngrok automatically opens a http and https tunnel for every configuration.
Add bind_tls:true to your configs to only open an https tunnel.
This way you can open three connections.
Example configuration:
tunnels:
first_service:
addr: 4200
proto: http
bind_tls: true
second_service:
addr: 8080
proto: http
bind_tls: true
third-service:
addr: 8085
proto: http
bind_tls: true
Background
I have a strange use-case where my VPN cannot be on any of the private subnets, but, also cannot use a TAP interface. The machine will be moving through different subnets, and requires access to the entire private address space by design. A single blocked IP would be considered a failure of design.
So, these are all off limits:
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16
169.254.0.0/16
In searching for a solution, I came across RFC 5735, which defines:
192.0.2.0/24 TEST-NET-1
198.51.100.0/24 TEST-NET-2
203.0.113.0/24 TEST-NET-3
As:
For use in documentation and example code. It is often used in conjunction with domain names
example.com or example.net in vendor and protocol documentation. As described in [RFC5737], addresses within this block do not legitimately appear on the public Internet and can be used without any coordination with IANA or an Internet registry.
Which, was a "Jackpot" moment for me and my use case.
Config
I configured an OpenVPN server as such:
local 0.0.0.0
port 443
proto tcp
dev tun
topology subnet
server 203.0.113.0 255.255.255.0 # TEST-NET-3 RFC 5735
push "route 203.0.113.0 255.255.255.0"
...[Snip]...
With Client:
client
nobind
dev tun
proto tcp
...[Snip]...
And ufw rules:
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 203.0.113.0/24 -o ens160 -j MASQUERADE
COMMIT
However, upon running I get /sbin/ip route add 203.0.113.0/24 via 203.0.113.1 RTNETLINK answers: File exists in the error logs. While the VPN completes the rest of its connection successfully.
No connection
Running the following commands:
Server: sudo python3 -m http.server 80
Client: curl -X GET / 203.0.113.1
Results in:
curl: (28) Failed to connect to 203.0.113.1 port 80: Connection timed out
I have tried:
/sbin/ip route replace 203.0.113.0/24 dev tun 0 on client and server.
/sbin/ip route change 203.0.113.0/24 dev tun 0 on client and server.
Adding route 203.0.113.0 255.255.255.0 to the server.
Adding push "route 203.0.113.0 255.255.255.0 127.0.0.1" to server
And none of it seems to work.
Does anyone have any idea how I can force the client to push this traffic over the VPN to my server, instead of to the public IP?
This does actually work!
Just dont forget to allow connections within your firewall. I fixed my config with:
sudo ufw allow in on tun0
However, 198.18.0.0/15 and 100.64.0.0/10 defined as Benchmarking and Shared address space respectively, may be more appropriate choices, since being able to forward TEST-NET addresses may be considered a bug.
Ngrok servers a folder using inbuild server when we run the following in command line
ngrok http file://<path to file>
I am trying to configure more tunnels like ssh in the same machine using config files like
tunnels:
httpbin:
proto: http
file: "//<path to file>" ##THIS IS ERROR ##
demo:
proto: ssh
addr: 22
is does not seems to be possible to configure inbuild file sharing using a configuration file in ngrok. Or is there some way?
You try this steps:
https://dashboard.ngrok.com/get-started/your-authtoken and login
Terminal and run: ngrok authtoken token_id
result: Authtoken saved to configuration file: /home/user/.ngrok2/ngrok.yml
Terminal: ngrok http file:///home
Finish !
result: https://i.stack.imgur.com/FPZbP.png
ngrok doc: https://ngrok.com/docs
Actually just stumbled across it by accident. A bit of experimentation, and no guarantees that it will continue to work since it's not mentioned in the docs. Just use the file: protocol in the addr yaml option.
authtoken: <REDACTED>
tunnels:
dev2:
proto: http
addr: file:///some/path/just/like/command/line
hostname: my-great-subdomain.ngrok.io
I have ngrok installed on Ubuntu. I want to expose an application at 8080. The machine is behind a corporate proxy. I exported an environment variable http_proxy with the proxy value and tried to run the command:
./ngrok http 8080
The status remains reconnecting and the error says "Proxy Authorization required".
I have also tried it using a ngrok.yml config file with the proxy value. And specified the path of the file:
./ngrok http -config=./ngrok.yml 8080
This is how the config file looks:
console_ui: true
inspect_db_size: 50000000
log_level: debug
log_format: json
log: /var/log/ngrok.log
http_proxy: "http://username:password#proxyhost.co.in:8080"
tunnels:
jenkins:
addr: 8080
bind_tls: true
inspect: false
proto: http
Still the error persists. Inspite of specifying the correct proxy, its failing. Any help would be appreciated.
open CMD. And type this:
set http_proxy=
set https_proxy=
There should be the following entry:
authtoken: YOUR_NGROK_TOKEN
in the configuration file. Perhaps, due to its absence you get the error.
The token you can find from your ngrok-account, from dashboard.
Is there a way to bind Kibana to more than one IP address using kibana's config file: kibana.yml?
Right now, if I modify the line
server.host: "127.0.0.1"
to
server.host: ["127.0.0.1","123.45.67.89"]
which is valid YML, I get an error.
Is there any way to accomplish this from within Kibana or do I need to do it through a proxy/nginx?
Try 0.0.0.0 if you want kibana to be available on real ip and localhost at the same time.
Install ngrok from https://ngrok.com/, then from your command line type:
ngrok http 5601
Ngrok will create a tunnel to the server and provide you with a url from which you can access your kibana UI.
If you need to acceess the ngrok and the 4040 port is closed on the server then do the same
ngrok http 4040