Warning
This project is for personal use only. Use at your own risk!
A SSH Client in a container for configure remote port forwarding using Reverse SSH Tunnelling.
Exposing service running in localhost of a server behind NAT to the internet
Consider the scenario below. The client runs a web server on port 3000 but cannot expose this web server to the public internet as the client
machine is behind NAT. The remote server, on the other hand, can be reachable via the internet. The client can SSH into this remote server. In this situation, how can the client expose the webserver on port 3000
to the internet? Via reverse SSH tunnel!
Example
-
Run a web server on client localhost port
3000
. -
Configure reverse tunnel with command.
$ ssh -R 80:127.0.0.1:3000 user@<remote_server_ip>
-
Now, when users from distant internet visit port
80
of the remote server ashttp://<remote_server_ip>
, the request is redirected back to the client's local server (port3000
) via SSH tunnel where the local server handles the request and response.
By default, the remote port forwarding tunnel will bind to the localhost
of the remote server. To enable it to listen on the public interface (for a scenario like above), set the SSH configuration GatewayPorts yes
in sshd_config
.
Further reading:
First, make a copy of the example
directory to configure for your own use.
Generate a key pair for the SSH Forward Client container.
ssh-keygen -t ed25519 -f key -C "ssh-proxy-client"
Note
Please do not set a passphrase for the key pair.
To deploy the stack, run the following command:
make deploy
Note
You might need to set the REMOTE_USER & REMOTE_HOST variable for the make deploy
command.
e.g. make deploy REMOTE_USER=ubuntu REMOTE_HOST=192.168.0.10
Or create a .env
file with the following content:
REMOTE_USER=ubuntu
REMOTE_HOST=192.168.0.10
To teardown the stack, run the following command:
make teardown
Licensed under Apache License, Version 2.0. See LICENSE for more details.