DEV Community: Soft Ground The latest articles on DEV Community by Soft Ground (@softground). https://dev.to/softground https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Forganization%2Fprofile_image%2F9233%2Fbd10a5b6-167c-49e4-b5c7-ff431bdf0527.jpeg DEV Community: Soft Ground https://dev.to/softground en Built a Ngrok replacement Schuster Braun Sun, 25 Aug 2024 16:48:55 +0000 https://dev.to/softground/built-a-ngrok-replacement-212m https://dev.to/softground/built-a-ngrok-replacement-212m <p>TL;DR (Not worth it)</p> <p>I'm building an app that requires an authentication callback. You can't just use localhost. The internet can't route to it. I've used <a href="https://ngrok.com/docs/" rel="noopener noreferrer">Ngrok</a> before. I wasn't a fan of how the URL keeps changing when you use the Ngrok free tier. Also, there's a limit to Ngrok requests. So I thought to myself I should just build a Ngrok replacement. </p> <p>What we needed is a reverse proxy server. This server would act as our local app while we develop. That server has a domain name that we could register as a callback url. </p> <p>So I built a virtual machine in Azure, setup the routing, installed and configured Nginx. Then I stopped because I had to configure my home's network firewall to allow for traffic to stream via an ssh tunnel from laptop to the proxy server. That was way too much for me. I could do it, I've done it before. But I work a lot from other networks and don't have access to those routers and firewalls. </p> <p>So I came back to Ngrok. Their software is an agent that doesn't require any networking setup. It's pretty cool and now I have a deepr understanding how convenient their product is to use. </p> <h3> Implementation </h3> <p>Wanted to share the code and how to do it here if you're interested in setting up a reverse proxy server.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="c1"># main.tf</span> <span class="c1"># We strongly recommend using the required_providers block to set the</span> <span class="c1"># Azure Provider source and version being used</span> <span class="k">terraform</span> <span class="p">{</span> <span class="nx">required_providers</span> <span class="p">{</span> <span class="nx">azurerm</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">source</span> <span class="p">=</span> <span class="s2">"hashicorp/azurerm"</span> <span class="nx">version</span> <span class="p">=</span> <span class="s2">"~&gt;4.0.1"</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="k">provider</span> <span class="s2">"azurerm"</span> <span class="p">{</span> <span class="nx">features</span> <span class="p">{}</span> <span class="p">}</span> <span class="k">variable</span> <span class="nx">NGROK_ALT_UNAME</span> <span class="p">{</span> <span class="nx">type</span> <span class="p">=</span> <span class="nx">string</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"description"</span> <span class="p">}</span> <span class="k">variable</span> <span class="nx">NGROK_ALT_PWD</span> <span class="p">{</span> <span class="nx">type</span> <span class="p">=</span> <span class="nx">string</span> <span class="nx">default</span> <span class="p">=</span> <span class="s2">""</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"description"</span> <span class="p">}</span> <span class="c1"># Resource Group</span> <span class="k">resource</span> <span class="s2">"azurerm_resource_group"</span> <span class="s2">"proxy"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"ngrok-alt-rg"</span> <span class="nx">location</span> <span class="p">=</span> <span class="s2">"West Europe"</span> <span class="p">}</span> <span class="c1"># Virtual Network</span> <span class="k">resource</span> <span class="s2">"azurerm_virtual_network"</span> <span class="s2">"proxy"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"ngrok-alt-vnet"</span> <span class="nx">address_space</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"10.0.0.0/16"</span><span class="p">]</span> <span class="nx">location</span> <span class="p">=</span> <span class="nx">azurerm_resource_group</span><span class="p">.</span><span class="nx">proxy</span><span class="p">.</span><span class="nx">location</span> <span class="nx">resource_group_name</span> <span class="p">=</span> <span class="nx">azurerm_resource_group</span><span class="p">.</span><span class="nx">proxy</span><span class="p">.</span><span class="nx">name</span> <span class="p">}</span> <span class="c1"># Subnet</span> <span class="k">resource</span> <span class="s2">"azurerm_subnet"</span> <span class="s2">"proxy"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"subnet1"</span> <span class="nx">resource_group_name</span> <span class="p">=</span> <span class="nx">azurerm_resource_group</span><span class="p">.</span><span class="nx">proxy</span><span class="p">.</span><span class="nx">name</span> <span class="nx">virtual_network_name</span> <span class="p">=</span> <span class="nx">azurerm_virtual_network</span><span class="p">.</span><span class="nx">proxy</span><span class="p">.</span><span class="nx">name</span> <span class="nx">address_prefixes</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"10.0.1.0/24"</span><span class="p">]</span> <span class="p">}</span> <span class="c1"># Public IP</span> <span class="k">resource</span> <span class="s2">"azurerm_public_ip"</span> <span class="s2">"proxy"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"ngrok-alt-ip"</span> <span class="nx">location</span> <span class="p">=</span> <span class="nx">azurerm_resource_group</span><span class="p">.</span><span class="nx">proxy</span><span class="p">.</span><span class="nx">location</span> <span class="nx">resource_group_name</span> <span class="p">=</span> <span class="nx">azurerm_resource_group</span><span class="p">.</span><span class="nx">proxy</span><span class="p">.</span><span class="nx">name</span> <span class="nx">allocation_method</span> <span class="p">=</span> <span class="s2">"Static"</span> <span class="p">}</span> <span class="c1"># Virtual Machine</span> <span class="k">resource</span> <span class="s2">"azurerm_linux_virtual_machine"</span> <span class="s2">"proxy"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"ngrok-alt-vm"</span> <span class="nx">resource_group_name</span> <span class="p">=</span> <span class="nx">azurerm_resource_group</span><span class="p">.</span><span class="nx">proxy</span><span class="p">.</span><span class="nx">name</span> <span class="nx">location</span> <span class="p">=</span> <span class="nx">azurerm_resource_group</span><span class="p">.</span><span class="nx">proxy</span><span class="p">.</span><span class="nx">location</span> <span class="nx">size</span> <span class="p">=</span> <span class="s2">"Standard_B1s"</span> <span class="nx">admin_username</span> <span class="p">=</span> <span class="kd">var</span><span class="p">.</span><span class="nx">NGROK_ALT_UNAME</span> <span class="nx">admin_password</span> <span class="p">=</span> <span class="kd">var</span><span class="p">.</span><span class="nx">NGROK_ALT_PWD</span> <span class="c1"># Use a more secure method in production!</span> <span class="nx">network_interface_ids</span> <span class="p">=</span> <span class="p">[</span> <span class="nx">azurerm_network_interface</span><span class="p">.</span><span class="nx">proxy</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="p">]</span> <span class="nx">os_disk</span> <span class="p">{</span> <span class="nx">caching</span> <span class="p">=</span> <span class="s2">"ReadWrite"</span> <span class="nx">storage_account_type</span> <span class="p">=</span> <span class="s2">"Standard_LRS"</span> <span class="p">}</span> <span class="nx">source_image_reference</span> <span class="p">{</span> <span class="nx">publisher</span> <span class="p">=</span> <span class="s2">"Canonical"</span> <span class="nx">offer</span> <span class="p">=</span> <span class="s2">"UbuntuServer"</span> <span class="nx">sku</span> <span class="p">=</span> <span class="s2">"18.04-LTS"</span> <span class="nx">version</span> <span class="p">=</span> <span class="s2">"latest"</span> <span class="p">}</span> <span class="nx">computer_name</span> <span class="p">=</span> <span class="s2">"ngrok-alt-vm"</span> <span class="nx">admin_ssh_key</span> <span class="p">{</span> <span class="nx">username</span> <span class="p">=</span> <span class="kd">var</span><span class="p">.</span><span class="nx">NGROK_ALT_UNAME</span> <span class="nx">public_key</span> <span class="p">=</span> <span class="nx">file</span><span class="p">(</span><span class="s2">"~/.ssh/ngrok-key.pub"</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> <span class="c1"># Network Interface</span> <span class="k">resource</span> <span class="s2">"azurerm_network_interface"</span> <span class="s2">"proxy"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"ngrok-alt-nic"</span> <span class="nx">location</span> <span class="p">=</span> <span class="nx">azurerm_resource_group</span><span class="p">.</span><span class="nx">proxy</span><span class="p">.</span><span class="nx">location</span> <span class="nx">resource_group_name</span> <span class="p">=</span> <span class="nx">azurerm_resource_group</span><span class="p">.</span><span class="nx">proxy</span><span class="p">.</span><span class="nx">name</span> <span class="nx">ip_configuration</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"internal"</span> <span class="nx">subnet_id</span> <span class="p">=</span> <span class="nx">azurerm_subnet</span><span class="p">.</span><span class="nx">proxy</span><span class="p">.</span><span class="nx">id</span> <span class="nx">private_ip_address_allocation</span> <span class="p">=</span> <span class="s2">"Dynamic"</span> <span class="nx">public_ip_address_id</span> <span class="p">=</span> <span class="nx">azurerm_public_ip</span><span class="p">.</span><span class="nx">proxy</span><span class="p">.</span><span class="nx">id</span> <span class="p">}</span> <span class="p">}</span> <span class="c1"># Network Security Group</span> <span class="k">resource</span> <span class="s2">"azurerm_network_security_group"</span> <span class="s2">"proxy"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"ngrok-alt-nsg"</span> <span class="nx">location</span> <span class="p">=</span> <span class="nx">azurerm_resource_group</span><span class="p">.</span><span class="nx">proxy</span><span class="p">.</span><span class="nx">location</span> <span class="nx">resource_group_name</span> <span class="p">=</span> <span class="nx">azurerm_resource_group</span><span class="p">.</span><span class="nx">proxy</span><span class="p">.</span><span class="nx">name</span> <span class="nx">security_rule</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"AllowSSH"</span> <span class="nx">priority</span> <span class="p">=</span> <span class="mi">1000</span> <span class="nx">direction</span> <span class="p">=</span> <span class="s2">"Inbound"</span> <span class="nx">access</span> <span class="p">=</span> <span class="s2">"Allow"</span> <span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"Tcp"</span> <span class="nx">source_port_range</span> <span class="p">=</span> <span class="s2">"*"</span> <span class="nx">destination_port_range</span> <span class="p">=</span> <span class="s2">"22"</span> <span class="nx">source_address_prefix</span> <span class="p">=</span> <span class="s2">"*"</span> <span class="nx">destination_address_prefix</span> <span class="p">=</span> <span class="s2">"*"</span> <span class="p">}</span> <span class="p">}</span> <span class="k">resource</span> <span class="s2">"azurerm_network_interface_security_group_association"</span> <span class="s2">"proxy"</span> <span class="p">{</span> <span class="nx">network_interface_id</span> <span class="p">=</span> <span class="nx">azurerm_network_interface</span><span class="p">.</span><span class="nx">proxy</span><span class="p">.</span><span class="nx">id</span> <span class="nx">network_security_group_id</span> <span class="p">=</span> <span class="nx">azurerm_network_security_group</span><span class="p">.</span><span class="nx">proxy</span><span class="p">.</span><span class="nx">id</span> <span class="p">}</span> <span class="c1"># DNS Zone</span> <span class="k">resource</span> <span class="s2">"azurerm_dns_zone"</span> <span class="s2">"proxy"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"yourdomain.com"</span> <span class="nx">resource_group_name</span> <span class="p">=</span> <span class="nx">azurerm_resource_group</span><span class="p">.</span><span class="nx">proxy</span><span class="p">.</span><span class="nx">name</span> <span class="p">}</span> <span class="c1"># A Record</span> <span class="k">resource</span> <span class="s2">"azurerm_dns_a_record"</span> <span class="s2">"proxy"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"tunnel"</span> <span class="nx">zone_name</span> <span class="p">=</span> <span class="nx">azurerm_dns_zone</span><span class="p">.</span><span class="nx">proxy</span><span class="p">.</span><span class="nx">name</span> <span class="nx">resource_group_name</span> <span class="p">=</span> <span class="nx">azurerm_resource_group</span><span class="p">.</span><span class="nx">proxy</span><span class="p">.</span><span class="nx">name</span> <span class="nx">ttl</span> <span class="p">=</span> <span class="mi">300</span> <span class="nx">records</span> <span class="p">=</span> <span class="p">[</span><span class="nx">azurerm_public_ip</span><span class="p">.</span><span class="nx">proxy</span><span class="p">.</span><span class="nx">ip_address</span><span class="p">]</span> <span class="p">}</span> </code></pre> </div> <p>You'll need public a key at <code>~/.ssh/ngrok-key.pub</code> and <code>/.ssh/ngrok-key.pem</code>.</p> <p>Set Env var for subscription: <code>export ARM_SUBSCRIPTION_ID=00000000-xxxx-xxxx-xxxx-xxxxxxxxxxxx</code></p> <p><code>terraform apply -var-file local.tfvars</code></p> <p>To ssh you'll have to update the permission on the key. Or else ssh will determine the connection insecure and refuse the connection.</p> <p><code>chmod 400 ~/.ssh/ngrok-key.pem</code></p> <p><code>ssh -i ~/.ssh/ngrok-key.pem adminuser@[public-ip]</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>apt update <span class="nb">sudo </span>apt <span class="nb">install </span>nginx <span class="nt">-y</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>vim /etc/nginx/sites-available/tunnel.yourdomain.com </code></pre> </div> <p>Append the below configuration:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight nginx"><code><span class="k">server</span> <span class="p">{</span> <span class="kn">listen</span> <span class="mi">80</span><span class="p">;</span> <span class="kn">server_name</span> <span class="s">tunnel.yourdomain.com</span><span class="p">;</span> <span class="kn">location</span> <span class="n">/</span> <span class="p">{</span> <span class="kn">proxy_pass</span> <span class="s">http://127.0.0.1:8080</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Host</span> <span class="nv">$host</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Real-IP</span> <span class="nv">$remote_addr</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Forwarded-For</span> <span class="nv">$proxy_add_x_forwarded_for</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Forwarded-Proto</span> <span class="nv">$scheme</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>The below steps do:</p> <ul> <li>Link configuration</li> <li>Test configuration</li> <li>If test successful restart service </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo ln</span> <span class="nt">-s</span> /etc/nginx/sites-available/tunnel.yourdomain.com /etc/nginx/sites-enabled/ <span class="nb">sudo </span>nginx <span class="nt">-t</span> <span class="nb">sudo </span>systemctl restart nginx </code></pre> </div> <p>The below setups an ssh tunnel. However, you'll also have to go to your router/firewall and open up your development port so this tunnel would work.<br> <code>ssh -R &lt;azure-port&gt;:localhost:&lt;local-laptop-port&gt; &lt;laptop-username&gt;@&lt;laptop-public-ip-or-domain&gt;</code></p> <p>To make the tunnel more reliable setup with <a href="https://linux.die.net/man/1/autossh" rel="noopener noreferrer">autossh</a>.</p>