• 欢迎访问db1024网站,推荐使用最新版火狐浏览器和Chrome浏览器访问本网站
  • 如果您觉得本站非常有看点,那么赶紧使用Ctrl+D 收藏db1024吧

sish:一个开源、轻量且类似于Servo/Ngrok的内网穿透工具

主机教程 Liam 11个月前 (11-07) 561次浏览 18个评论 扫描二维码
文章目录[隐藏]

说明:sish是一个SSH服务器,仅用于远程端口转发,可以快速将本地端口暴露在外网,作者声称其为Servo/Ngrok替代方案,仅使用SSHHTTP(S)WS(S)TCP隧道连接到他们的localhost服务器,该工具和Servo差不多一样,不同就是Servo官方提供了免费的SSH客户端,而sish作者提供的客户端貌似因为滥用关闭了,所以就需要我们自己搭建了,这里就水下Docker和手动安装。

Docker安装

Github地址:https://github.com/antoniomika/sish

1、安装Docker

#CentOS 6 rpm -iUvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm yum update -y yum -y install docker-io service docker start chkconfig docker on  #CentOS 7、Debian、Ubuntu curl -sSL https://get.docker.com/ | sh systemctl start docker systemctl enable docker 

2、拉取镜像
这里由于直接使用ip的话,只能用于转发TCPHTTP(S)等就需要配置下域名了,所以以下全部默认使用域名。

先解析一个主/泛域名到服务器ip,比如解析moerats.com*.moerats.com到服务器ip

然后再参考下面的参数详解,再自行修改部分参数后,使用命令:

#配置http域名 docker run -d --name sish    --restart=always    -v ~/sish/keys:/keys    -v ~/sish/pubkeys:/pubkeys    --net=host antoniomika/sish    -sish.addr=:3333    -sish.http=:80    -sish.keysdir=/pubkeys    -sish.pkloc=/keys/ssh_key    -sish.forcerandomsubdomain=false    -sish.domain moerats.com    -sish.bindrandom=false    -sish.redirectrootlocation https://www.baidu.com   #配置https域名,这里需要提供泛域名证书 docker run -d --name sish    --restart=always    -v ~/sish/ssl:/ssl    -v ~/sish/keys:/keys    -v ~/sish/pubkeys:/pubkeys    --net=host antoniomika/sish    -sish.addr=:3333    -sish.https=:443    -sish.http=:80    -sish.httpsenabled=true    -sish.httpspems=/ssl    -sish.keysdir=/pubkeys    -sish.pkloc=/keys/ssh_key    -sish.forcerandomsubdomain=false    -sish.domain moerats.com    -sish.bindrandom=false    -sish.redirectrootlocation https://www.baidu.com

部分参数如下:

-sish.addr=:3333  #ssh监听地址 -sish.forcerandomsubdomain=false  #是否强制随机子域,这个建议关掉 -sish.bindrandom=false  #是否随机绑定端口,这个建议关掉 -sish.domain moerats.com  #使用的域名 -sish.redirectrootlocation https://www.baidu.com  #主域名(-sish.domain参数)强制跳转到该地址 -sish.httpspems=/ssl  #泛域名SSL证书路径,存放路径~/sish/ssl,证书命名格式fullchain.pem和privkey.pem

其他参数默认即可,也可以自行添加或修改其它参数。

全部参数如下:

Usage of sish:   -sish.addr string         The address to listen for SSH connections (default "localhost:2222")   -sish.auth         Whether or not to require auth on the SSH service   -sish.bannedcountries string         A comma separated list of banned countries   -sish.bannedips string         A comma separated list of banned ips   -sish.bannedsubdomains string         A comma separated list of banned subdomains (default "localhost")   -sish.bindrandom         Bind ports randomly (OS chooses) (default true)   -sish.bindrange string         Ports that are allowed to be bound (default "0,1024-65535")   -sish.cleanupunbound         Whether or not to cleanup unbound (forwarded) SSH connections (default true)   -sish.debug         Whether or not to print debug information   -sish.domain string         The domain for HTTP(S) multiplexing (default "ssi.sh")   -sish.forcerandomsubdomain         Whether or not to force a random subdomain (default true)   -sish.http string         The address to listen for HTTP connections (default "localhost:80")   -sish.httpport int         The port for HTTP connections. This is only for output messages (default 80)   -sish.https string         The address to listen for HTTPS connections (default "localhost:443")   -sish.httpsenabled         Whether or not to listen for HTTPS connections   -sish.httpspems string         The location of pem files for HTTPS (fullchain.pem and privkey.pem) (default "ssl/")   -sish.httpsport int         The port for HTTPS connections. This is only for output messages (default 443)   -sish.keysdir string         Directory for public keys for pubkey auth (default "pubkeys/")   -sish.password string         Password to use for password auth (default "S3Cr3tP4$$W0rD")   -sish.pkloc string         SSH server private key (default "keys/ssh_key")   -sish.pkpass string         Passphrase to use for the server private key (default "S3Cr3tP4$$phrAsE")   -sish.proxyprotoenabled         Whether or not to enable the use of the proxy protocol   -sish.proxyprotoversion string         What version of the proxy protocol to use. Can either be 1, 2, or userdefined. If userdefined, the user needs to add a command to SSH called proxy:version (ie proxy:1) (default "1")   -sish.redirectroot         Whether or not to redirect the root domain (default true)   -sish.redirectrootlocation string         Where to redirect the root domain to (default "https://github.com/antoniomika/sish")   -sish.subdomainlen int         The length of the random subdomain to generate (default 3)   -sish.usegeodb         Whether or not to use the maxmind geodb   -sish.verifyorigin         Whether or not to verify origin on websocket connection (default true)   -sish.verifyssl         Whether or not to verify SSL on proxy connection (default true)   -sish.whitelistedcountries string         A comma separated list of whitelisted countries   -sish.whitelistedips string         A comma separated list of whitelisted ips

看不懂的,可以使用下谷歌翻译。

最后CentOS系统建议关闭防火墙使用,或者打开部分端口也行,关闭命令:

#CentOS 6系统 service iptables stop chkconfig iptables off  #CentOS 7系统 systemctl stop firewalld systemctl disable firewalld 

像阿里云等服务器,还需要去安全组那里开放下端口。

手动安装

Docker虽然方便很多,但也有人会喜欢手动安装,这里作者没直接给出二进制文件,所以就需要我们手动来构建二进制文件了。

1、安装Go
这里由于需要新版的Go环境,所以这里就使用Go二进制包安装环境,下载地址→传送门

然后根据自己的服务器架构下载对应的最新安装包,一般可以直接使用命令:

#32位系统下载 wget -O go.tar.gz https://dl.google.com/go/go1.13.3.linux-386.tar.gz #64位系统下载 wget -O go.tar.gz https://dl.google.com/go/go1.13.3.linux-amd64.tar.gz  #解压压缩包 tar -zxvf go.tar.gz -C /usr/local #设置环境变量,将以下一起复制进ssh客户端运行 mkdir $HOME/go echo 'export GOROOT=/usr/local/go export GOPATH=$HOME/go export PATH=$PATH:$GOROOT/bin:$GOPATH/bin' >> /etc/profile source /etc/profile #查看go版本,有输出即为安装成功 go version 

2、安装sish

#下载源码到主目录 git clone https://github.com/antoniomika/sish cd sish #编译二进制文件 go install

这里提示-bash: git: command not found的,可以先使用命令:

#CentOS yum -y install git  #Debian、Ubuntu apt install git -y 

3、运行sish
运行参数这里就不贴了,直接参考上面Docker安装最下面的全部参数就行了。

先解析一个主/泛域名到服务器ip,比如解析moerats.com*.moerats.com到服务器ip

这里就贴个大概需要使用的参数,其它的根据需求自行修改,使用命令:

#配置http域名 sish -sish.addr=:3333 -sish.http=:80 -sish.domain moerats.com -sish.forcerandomsubdomain=false -sish.bindrandom=false -sish.redirectrootlocation https://www.moerats.com -sish.keysdir=/sish/pubkeys -sish.pkloc=/sish/keys/ssh_key   #配置https域名 sish -sish.addr=:3333 -sish.https=:443 -sish.http=:80 -sish.domain moerats.com -sish.forcerandomsubdomain=false -sish.bindrandom=false -sish.httpsenabled=true -sish.redirectrootlocation https://www.moerats.com -sish.keysdir=/sish/pubkeys -sish.pkloc=/sish/keys/ssh_key -sish.httpspems=/sish/ssl 

部分参数详解:

-sish.addr=:3333  #ssh监听地址,这里为3333 -sish.forcerandomsubdomain=false  #是否强制随机子域,这个建议关掉 -sish.bindrandom=false  #是否随机绑定端口,这个建议关掉 -sish.domain moerats.com  #使用的域名 -sish.redirectrootlocation https://www.baidu.com  #主域名(-sish.domain参数)强制跳转到该地址 -sish.httpspems=/sish/ssl  #泛域名SSL证书存放路径,证书命名格式fullchain.pem和privkey.pem -sish.keysdir=/sish/pubkeys  #pubkey auth的公共密钥存放文件夹 -sish.pkloc=/sish/keys/ssh_key  #SSH服务器私钥

这里/sish/ssl/sish/pubkeys/sish/keys目录需要自己提前创建下,使用命令:

mkdir -p /sish/ssl /sish/pubkeys /sish/keys 

4、开机自启
如果你使用手动命令没问题了,先使用Ctrl+C断开命令。

再新建systemd配置文件,适用CentOS 7Debian 8+Ubuntu 16+

#修改成你手动运行命令的全部参数 command="-sish.addr=:3333 -sish.http=:80 -sish.domain moerats.com -sish.forcerandomsubdomain=false -sish.bindrandom=false -sish.redirectrootlocation https://www.moerats.com -sish.keysdir=/sish/pubkeys -sish.pkloc=/sish/keys" #将以下代码一起复制到SSH运行 cat > /etc/systemd/system/sish.service <<EOF [Unit] Description=sish After=network.target  [Service] Type=simple ExecStart=$(command -v sish) ${command} Restart=on-failure  [Install] WantedBy=multi-user.target EOF 

启动并设置开机自启:

systemctl start sish systemctl enable sish 

最后CentOS系统建议关闭防火墙使用,或者打开部分端口也行,关闭命令:

#CentOS 6系统 service iptables stop chkconfig iptables off  #CentOS 7系统 systemctl stop firewalld systemctl disable firewalld 

像阿里云等服务器,还需要去安全组那里开放下端口。

使用

使用要求:可以使用SSH,并且能连接到互联网,LinuxWindows等系统都行。

以下所使用的的moerats.com为上面配置好的客户端域名地址,自行修改成自己的即可。

1、转发HTTP(S)
将本地3000端口穿透到公网中,使用命令:

#要转发其它端口的自行替换 ssh -p 3333 -R 80:localhost:3000 moerats.com 

第一次如果有提示,选择yes即可,之后会为你随机生成一个moerats.com的二级域名,然后就可以使用浏览器间接访问本地的localhost:3000了。

如果要指定二级域名,可以使用命令:

#这里默认为no1.moerats.com,自行替换即可 ssh -p 3333 -R no1:80:localhost:3000 moerats.com 

此时你就可以在外网使用no1.moerats.com访问你本地的localhost:3000了。

2、转发TCP
将本地6789端口穿透到公网的9876端口中,使用命令:

#可以自行设置公网端口,这里默认6789,如果你要转发SSH端口,那就改成你的SSH端口 ssh -p 3333 -R 9876:localhost:6789 moerats.com 

这里只说了下简单用法,客户端我们还可以设置国家/地区、IP白名单等,使用参考→传送门

最后没有泛域名证书的,可以查看该教程自己申请→传送门,或者等博主发码子→传送门


db1024 , 版权所有丨如未注明 , 均为原创丨本网站采用BY-NC-SA协议进行授权
转载请注明原文链接:sish:一个开源、轻量且类似于Servo/Ngrok的内网穿透工具
喜欢 (0)
关于作者:
发表我的评论
取消评论
表情 贴图 加粗 删除线 居中 斜体 签到

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址
(18)个小伙伴在吐槽
  1. Write more, thats all I have to say. Literally, it seems as though you relied on the video to make your point. You definitely know what youre talking about, why throw away your intelligence on just posting videos to your blog when you could be giving us something informative to read?
    cheap flights2020-08-28 13:18 回复 Windows XP | 360浏览器 JK
  2. Hi there Dear, are you really visiting this website on a regular basis, if so then you will definitely get good experience. cheap flights yynxznuh
    cheap flights2020-08-25 20:15 回复 Linux | Chrome 65.0.3325.181
  3. Link exchange is nothing else except it is only placing the other person's webpage link on your page at appropriate place and other person will also do same in favor of you.
    website host2020-08-14 19:34 回复 Mac OS X | Chrome 67.0.3396.79
  4. Wow that was strange. I just wrote an really long comment but after I clicked submit my comment didn't show up. Grrrr... well I'm not writing all that over again. Anyway, just wanted to say excellent blog!
    content hosting2020-08-14 04:56 回复 Mac OS X | Chrome 66.0.3359.181
  5. Heya! I realize this is sort of off-topic however I needed to ask. Does operating a well-established blog such as yours require a large amount of work? I'm completely new to running a blog however I do write in my diary daily. I'd like to start a blog so I can share my experience and feelings online. Please let me know if you have any ideas or tips for brand new aspiring bloggers. Appreciate it!
    web hosting providers2020-08-11 01:09 回复 Mac OS X | Chrome 66.0.3359.117
  6. If some one needs to be updated with hottest technologies then he must be pay a quick visit this site and be up to date everyday.
    web hosting company2020-08-08 00:07 回复 Linux | 未知浏览器
  7. Have you ever considered about including a little bit more than just your articles? I mean, what you say is valuable and all. However think about if you added some great images or videos to give your posts more, "pop"! Your content is excellent but with pics and video clips, this website could certainly be one of the best in its field. Superb blog!
    best website hosting2020-08-07 02:30 回复 Linux | 未知浏览器
  8. I’m not that much of a online reader to be honest but your blogs really nice, keep it up! I'll go ahead and bookmark your site to come back in the future. Cheers
    best web hosting company2020-08-05 23:17 回复 Linux | Chrome 64.0.3282.167
  9. Definitely imagine that which you said. Your favourite justification appeared to be at the web the easiest thing to keep in mind of. I say to you, I definitely get annoyed at the same time as folks consider concerns that they plainly don't know about. You controlled to hit the nail upon the top as neatly as defined out the whole thing without having side effect , people could take a signal. Will probably be back to get more. Thanks adreamoftrains web hosting providers
    adreamoftrains best hosting2020-07-30 18:59 回复 Linux | Firefox浏览器 2.0.0.2
  10. I'm really enjoying the design and layout of your blog. It's a very easy on the eyes which makes it much more pleasant for me to come here and visit more often. Did you hire out a designer to create your theme? Excellent work!
    cheap flights 20202020-07-27 21:19 回复 Windows 7 | 360浏览器 SE
  11. Great article! That is the type of information that are supposed to be shared across the web. Disgrace on Google for not positioning this post upper! Come on over and consult with my site . Thank you =)
    web hosting service2020-07-27 03:18 回复 Windows 8.1 | Chrome 66.0.3359.181
  12. Hi there just wanted to give you a brief heads up and let you know a few of the images aren't loading correctly. I'm not sure why but I think its a linking issue. I've tried it in two different internet browsers and both show the same outcome.
    best web hosting sites2020-07-26 09:54 回复 Linux | 未知浏览器
  13. Do you have a spam issue on this blog; I also am a blogger, and I was curious about your situation; many of us have developed some nice methods and we are looking to trade strategies with other folks, be sure to shoot me an email if interested.
    webhosting2020-07-22 06:47 回复 Linux | Firefox浏览器 52.9
  14. If you are going for best contents like myself, simply visit this web site all the time since it provides feature contents, thanks
    cbd oil that works 20202020-06-29 13:19 回复 Linux | Chrome 67.0.3394.0
  15. Today, I went to the beach front with my kids. I found a sea shell and gave it to my 4 year old daughter and said "You can hear the ocean if you put this to your ear." She put the shell to her ear and screamed. There was a hermit crab inside and it pinched her ear. She never wants to go back! LoL I know this is completely off topic but I had to tell someone!
    cbd oil that works 20202020-06-28 11:37 回复 Linux | Chrome 68.0.3398.0
  16. Hi there, just wanted to mention, I liked this blog post. It was helpful. Keep on posting!
    cbd oil that works 20202020-06-28 01:52 回复 Linux | Firefox浏览器 51.0
  17. Hello, Neat post. There's a problem along with your web site in internet explorer, would test this? IE nonetheless is the marketplace chief and a good component of other people will omit your great writing because of this problem.
    tinyurl.com2020-06-26 20:28 回复 Linux | Chrome 51.0.2705.45
  18. If you would like to grow your experience just keep visiting this site and be updated with the most recent news posted here.
    rsacwgxy g2020-06-22 11:19 回复 Windows 8.1 | Chrome 66.0.3359.139