# Accessing Services/Applications via SSH Tunnels

This section explains how to securely access services (e.g., FileBrowser) running on internal FABRIC VMs using SSH port forwarding.

---

## Why Use SSH Tunnels?

Many FABRIC VMs are not directly reachable from the public Internet. Instead, access is typically provided through a **bastion host**. SSH tunnels allow you to forward ports securely through the bastion to reach internal services running on private VMs.

## Import the FABlib Library

In [None]:
from fabrictestbed_extensions.fablib.fablib import FablibManager as fablib_manager

fablib = fablib_manager()

## Create the Experiment Slice



In [None]:
slice_name = "MySlice-tunnels"

In [None]:
# Create a slice
slice = fablib.new_slice(name=slice_name)

# Add a node
node = slice.add_node(name="Node1", disk=100, image='docker_rocky_8')

node.add_post_boot_upload_directory('node_tools','.')
node.add_post_boot_execute('node_tools/enable_docker.sh {{ _self_.image }}')


# Submit the slice
slice.submit();

## Run a Web Service on the Node 

Many FABRIC users want an easy way to transfer files to/from their FABRIC nodes.  [File Browser](https://filebrowser.org/) is a self-hosted webservice for transfering files.

The following cell will start a Docker container on you node that serves the File Browser webservice on port 5555.  

After running this cell, you can use a browser to connect the File Brower and transfer files to/from the node. However, the node is securely protected by the FABRIC's bastion host.  

In [None]:
slice = fablib.get_slice(slice_name)
node = slice.get_node('Node1')

node.execute("docker run -d "
                "--name filebrowser "
                "-p 127.0.0.1:5555:5555 "
                f"-v /home/{node.get_username()}/data:/data "
                "-e FB_BASEURL=/filebrowser "
                "-e FB_ROOT=/data "
                "-e FB_PORT=5555 "
                "-e FB_NOAUTH=noauth "
                "filebrowser/filebrowser "
                , quiet=True, output_file=f"{node.get_name()}.log");


## Start the SSH Tunnel

- Create SSH Tunnel Configuration `fabric_ssh_tunnel_tools.zip`
- Download your custom `fabric_ssh_tunnel_tools.zip` tarball from the `fabric_config` folder.  
- Untar the tarball and put the resulting folder (`fabric_ssh_tunnel_tools`) somewhere you can access it from the command line.
- Open a terminal window. (Windows: use `powershell`) 
- Use `cd` to navigate to the `fabric_ssh_tunnel_tools` folder.
- In your terminal, run the command that results from running the following cell (leave the terminal window open).

In [None]:
fablib.create_ssh_tunnel_config(overwrite=True)

#### Port Forwarding Example

FileBrowser is running on the VM at port `5555`, use the following SSH command from your laptop:

In [None]:
import os
# Port on your local machine that you want to map the File Browser to.
local_port='5555'
# Local interface to map the File Browser to (can be `localhost`)
local_host='127.0.0.1'

# Port on the node used by the File Browser Service
target_port='5555'

# Username/node on FABRIC
target_host=f'{node.get_username()}@{node.get_management_ip()}'

print(f'ssh  -L {local_host}:{local_port}:127.0.0.1:{target_port} -i {os.path.basename(fablib.get_default_slice_public_key_file())[:-4]} -F ssh_config {target_host}')

## Connect to the File Browser

The File Browser service on the node is now mapped to 127.0.0.1:5555 on your local machine. You can open a browser and navigate to the following address (or just click the link): 

[http://127.0.0.1:5555](http://127.0.0.1:5555)

The default login/password is admin/admin. If you want to use File Browser in your FABRIC experiments, please pick better passwords.

You can now drag/drop files from your laptop to the FABRIC node. By default, the files will be stored in `~/data`.  

SSH to the node and observe the files you put there.

## Delete the Slice

Please delete your slice when you are done with your experiment.

In [None]:
slice.delete()