Qnap [ NGrok ] [ 2.3.35.0 ] secure introspectable tunnels to localhost

je viens de faire un test rapide pour voir si mon start.sh fonctionnait

touch /share/Public/toto.test

et cela me créé bien toto.test au redémarrage

doit y avoir un coquille dans le script

peut être un export d'une variable d'environnement nécessaire qui n'est pas exporté

quand tu lances en SSH pas mal de variable sont exportés par défaut et non présente quand tu lances un script bash dans une session lambda

du style :

Code:
export SHELL=/bin/sh
export LC_ALL=en_US.UTF-8
export USER=admin
export LANG=en_US.UTF-8
export LC_CTYPE=en_US.UTF-8
 
Tu penses donc que le problème peut venir de mon script? Je vais alors essayer de le semplifier et voir si ça marche

Sent from my A0001 using Tapatalk
 
Le problème était dans nohup qui évidemment ne marchait pas correctement, mnt tout marche. Je vais poster le script final si cela peut servir à quelqu'un.
 
Voici le script start.sh:
Code:
#!/bin/sh
## /opt/NGrok/ngrok (type your command below for automatic exec when NAS/QPKG Start)
/opt/NGrok/ngrok http -bind-tls=false -inspect=false 58000 &
# after tunnel creation sleep for 10 seconds to ensure the tunnel is created
sleep 10
# take timestamp for notification
TIMESTAMP=$(date +"%Y-%m-%d %Hh%M")   
# create temp files and assign variables
CURL_NGROK="/share/homes/admin/script/ngrok/ngrok-curl.txt"
TR_NGROK="/share/homes/admin/script/ngrok/ngrok-tr.txt"
MAIL="/share/homes/admin/script/ngrok/ngrok-mail.txt"
# take raw information
curl http://127.0.0.1:4040/api/tunnels > $CURL_NGROK
# put raw information in column (by ")
tr '"' '\n' < $CURL_NGROK > $TR_NGROK
# take 24th line (information on tunneled server)
# take 14th line (information on tunneled url)
# send output to QTS
/sbin/log_tool -a "$TIMESTAMP - Ngrok http tunnel created for `sed '24q;d' $TR_NGROK` to `sed '14q;d' $TR_NGROK`." -t 1 >&2 
# send email
echo "To: "xxxx" <xxxx.xxxx@xxxx.xxx>" > $MAIL
echo "To: "yyyy" <yyyy.yyyy@yyyy.yyy>" >> $MAIL
echo "Subject: ngrok tunnel created" >> $MAIL
echo "From: "zzzz" <zzz@zzzz.zzz>" >> $MAIL
echo "" >> $MAIL
echo "" >> $MAIL
echo "$TIMESTAMP - Ngrok http tunnel created for `sed '24q;d' $TR_NGROK` to `sed '14q;d' $TR_NGROK`." >> $MAIL
/usr/sbin/sendmail -vvv -t < $MAIL
exit 0
fi
Cela est le stop.sh script:
Code:
#!/bin/sh                                                                 
# terminate all ngrok services                                            
killall -9 -f /opt/NGrok/ngrok                                            
# assign variables                                                        
CURL_NGROK="/share/homes/admin/script/ngrok/ngrok-curl.txt"               
TR_NGROK="/share/homes/admin/script/ngrok/ngrok-tr.txt"                   
MAIL="/share/homes/admin/script/ngrok/ngrok-mail.txt"                     
# remove temporary files                                                  
rm $CURL_NGROK $TR_NGROK $MAIL                                            
exit 0
 
la bonne chose est que ainsi je peux fermer la porte ssh (et de KeyBox) de mon parefeu et sécuriser ma box un peu plus :)
 
Salut Stéphane,

pour info il doit y avoir un problème avec le paquet disponible dans le repository car NGrok ne marche pas (installation clean sur la beta). Le problème semble être lié à l'executable "/opt/Ngrok/ngrok". Si je telecharge le fichier NGrok_2.1.3.0_x86_64.qpkg depuis cette page, NGrok marche correctement.

Je sens que les problèmes avec d'autres applis (Qmono etc) pourraient venir de cela (peut être une corruption pendant l'upload du fichier, ou bien pendand la phase de téléchargement).

giopas
 
on est au courant...

en fait l'appcenter ne regarde pas l'extension des qpkg.. ils m'ont demandé aujourd'hui de basculer le Qmono x86 avec les binaires x64 :lol:

bonne blagues... quid des anciens NAS sans les instructions EMT64 ... bref on se bas avec Cris pour qu'il change la façon dont les qpkg sont vu par l'AppCenter

solution préconisé faire deux Appcenter Fw 4.2 et FW 4.3 .. un peu Lame comme solution
 
Oui un peu conne comme solution, mais vu qu'il s'agit d'un fichier XML ne devrait pas être trop dur... En attendant que ton HQ pense à quelque chose de mieux...

Sent from my A0001 using Tapatalk
 
Salut Stéphane,

pas de news dès Taiwan sur le repository?

pour info j'ai un petit message d'erreur lors de l'installation manuelle (mais ça marche quand même):

inflating: NGrok_2.1.3.0_x86_64.qpkg
[/share/Download] # chmod 777 NGrok_2.1.3.0_x86_64.qpkg
[/share/Download] # ./NGrok_2.1.3.0_x86_64.qpkg
Install QNAP package on TS-NAS...
./
./built_info
./qinstall.sh
./package_routines
./qpkg.cfg
168+1 records in
168+1 records out
3980936 bytes (3.8MB) copied, 0.034313 seconds, 110.6MB/s
3887+1 records in
3887+1 records out
3980936 bytes (3.8MB) copied, 0.036410 seconds, 104.3MB/s
Firmware check is fine.
Link service start/stop script: NGrok.sh
Set QPKG information in /etc/config/qpkg.conf
AH00526: Syntax error on line 3 of /share/CACHEDEV1_DATA/.qpkg/NGrok/apache.conf:
Invalid command 'LockFile', perhaps misspelled or defined by a module not included in the server configuration

[App Center] NGrok 2.1.3.0 has been installed in /share/CACHEDEV1_DATA/.qpkg/NGrok successfully.
[App Center] NGrok enabled.
 
Pour info, si quelqu'un cherche une façon pour utiliser ngrok :)

https://forum.qnap.com/viewtopic.php?f=12&t=48811#p588302

Hi there,

I am resuming this thread (but there are many very similar) to explain my way to surf the internet from remote using my NAS connection. This could be useful to bypass geo restrictions (using those of where your NAS is located) or stringent corporate firewall rules. Everything without requiring to install anything on your client desktop/machine and just using a web browser.

The trick is to use a light ubuntu machine (with docker to simplify things), noVNC (a VNC server not requiring a client other than a browser) and ngrok (I will explain why).

Here are the steps:

1. on QTS install Container Station and ngrok (packaged by QNAP_Stephane)

2. from Container Station install the dorowu/ubuntu-desktop-lxde-vnc docker container which runs a noVNC server on port 6080.

3. check which is the host port used by this docker (i.e. the port used by the NAS to forward requests to the docker). e.g. 32764. In this way going to http://[NAS ip]:32764 you will reach your dockerized ubuntu desktop which has no lock screen access (sudo password is "ubuntu" by default).

4. if you don't want to port forward port 32764 of your router to your NAS and secure your access a bit, I suggest you to use ngrok (which starts at boot and just needs to be configured once).

ngrok, if you don't know it, is an awesome service which, upon installation of this tiny client, creates a tunnel (i.e. a reverse proxy) toward ngrok.io website giving the tunnel a randomly chosen alphanumeric subdomain (e.g. http://03d8b034.ngrok.io).

This is extremelly useful as you will just need to type (in the example) http://03d8b034.ngrok.io to reach your ubuntu machine (and therefore use the browser) without having to open router ports or install anything on your client workstation.

The problem is that ngrok creates - for non paying accounts - random subdomains, it is therefore essential to know where to point your browser to access your system.

This is why I have created the following start.sh and stop.sh scripts for our NAS.

Code:
#!/bin/sh
# test if line is up
wget -q --spider http://google.com
if [ $? != 0 ]; then
sleep 60
/etc/init.d/NGrok.sh restart
else
## /opt/NGrok/ngrok (type your command below for automatic exec when NAS/QPKG Start)
/opt/NGrok/ngrok http -auth="admin:password" -bind-tls=false -inspect=false 192.168.1.3:32769 &
# after tunnel creation sleep for 10 seconds to ensure the tunnel is created
sleep 10
# take timestamp for notification
TIMESTAMP=$(date +"%Y-%m-%d %Hh%M")
# create temp files and assign variables
CURL_NGROK="/share/Public/ngrok-curl.txt"
TR_NGROK="/share/Public/ngrok/ngrok-tr.txt"
MAIL="/share/Public/ngrok/ngrok-mail.txt"
# take raw information
curl http://127.0.0.1:4040/api/tunnels > $CURL_NGROK
# put raw information in column (by ")
tr '"' '\n' < $CURL_NGROK > $TR_NGROK
# take 24th line (information on tunneled server)
# take 14th line (information on tunneled url)
# send output to QTS
/sbin/log_tool -a "$TIMESTAMP - Ngrok http tunnel created for `sed '24q;d' $TR_NGROK` to `sed '14q;d' $TR_NGROK`." -t 1 >&2
# send email
echo "To: "xxx" <xxx.yyy@zzz.com>" > $MAIL
echo "Subject: ngrok http tunnel created" >> $MAIL
echo "From: "aaa" <aaa@aaaa.com>" >> $MAIL
echo "" >> $MAIL
echo "" >> $MAIL
echo "$TIMESTAMP - Ngrok http tunnel created for `sed '24q;d' $TR_NGROK` to `sed '14q;d' $TR_NGROK`." >> $MAIL
/usr/sbin/sendmail -vvv -t < $MAIL
exit 0
fi
As you can see the important line is the following:

Code:
/opt/NGrok/ngrok http -auth="admin:password" -bind-tls=false -inspect=false 127.0.0.1:32764 &
This means that ngrok will create an http tunnel (not https) with the HTTP basic authentication credentials "admin" and "password" (of course you can change) for the service (in our case the container ubuntu system) running on 127.0.0.1:32764.

The other part of the script is simply to:
a) verify that the internet connection is on (if not, wait 60 seconds), useful in case of reboot
b) check which is the subdomain given by ngrok to the tunnel
c) send an email (and a notification on QTS) with the subdomain, so that you know what is this subdomain.

Of course you could also check the ngrok website or check localhost:4040, but this is the easiest way.

The stop.sh script is the following:

Code:
#!/bin/sh
# terminate all ngrok services
killall -9 -f ngrok
# assign variables
CURL_NGROK="/share/Public/ngrok-curl.txt"
TR_NGROK="/share/Public/ngrok-tr.txt"
MAIL="/share/Public/ngrok-mail.txt"
# remove temporary files
rm $CURL_NGROK $TR_NGROK $MAIL
exit 0
You should put these scripts in /opt/NGrok/ which is the folder automatically generated at the installation of ngrok.

5. Just restart ngrok from QTS (having changed email parameters) and you will receive an email with the ngrok tunnel URL.

Now you can access internet without restrictions! :)

ps: just few notes

a) you need to set up your email credentials on QTS in the notification section to send emails from "aaa@aaaa.com" (check here).
b) you need to register to ngrok (it is free) to use the HTTP base authentication. Once done that you need to install the authtoken (check here).
 
Salut
Le port 27308 ne donne rien, timeout, par contre ngrok semble marcher derrière. Une idée ou est-ce connu ? Merci ! ;)