Skip to content
A docker container that redirects incoming HTTP traffic to a local port for reverse SSH tunneling
Dockerfile JavaScript
Branch: master
Clone or download
Latest commit 6e11c7b Aug 23, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
node-hello Add README and sample app Aug 2, 2019
.gitignore Add README and sample app Aug 2, 2019
Dockerfile Add GatewayPorts and fix ROOTPW arg Aug 22, 2019 Fix SSH example Aug 23, 2019
diagram.png Update Diagram Aug 23, 2019
tunnel.conf Add comment for server_name Aug 8, 2019


This container lets you access an app running on localhost from a remote URL with SSL termination. This is helpful for testing integrations that require SSL, such as PWAs, Alexa Skills, Github WebHooks, etc. If you've ever used ngrok or serveo, this is just like that but with a little more control.



0. Launch a Host Instance

Launch an Ubuntu 18.04 Virtual Private Server using any provider and open port 80. On the server, install docker. Configure DNS to point your domain to your host server's IP.

1. Build the container image

git clone
cd nginx-local-tunnel

docker build -t {DOCKERUSER}/dev-proxy . --build-arg ROOTPW={PASSWORD}

# launch the container
docker run -d -P 80:80 -p 2222:22 {DOCKERUSER}/dev-proxy

2. On your dev machine, create a reverse tunnel with SSH

# Ports explained:
# 3000 refers to the port that your app is running on localhost.
# 2222 is the forwarded port on the host that we use to directly SSH into the container.
# 80 is the default HTTP port, forwarded from the host
ssh -R :80:localhost:3000 -p 2222 root@YOURDOMAIN.tld

3. Start the sample app on localhost

cd node-hello && npm i
nodemon main.js

Now you should be able to access your app from either http://localhost:3000 or


On the server, launch nginx-proxy and docker-letsencrypt-nginx-proxy-companion, then launch your container, specifying the subdomain.

docker run --detach \
    --name nginx-proxy \
    --publish 80:80 \
    --publish 443:443 \
    --volume /etc/nginx/certs \
    --volume /etc/nginx/vhost.d \
    --volume /usr/share/nginx/html \
    --volume /var/run/docker.sock:/tmp/docker.sock:ro \

docker run --detach \
    --name nginx-proxy-letsencrypt \
    --volumes-from nginx-proxy \
    --volume /var/run/docker.sock:/var/run/docker.sock:ro \

docker run --detach \
    --name dev-proxy \
    --publish 2222:22 \
    --env "VIRTUAL_HOST=dev.YOURDOMAIN.tld" \

On your local dev machine:

ssh -NR :80:localhost:3000 -p 2222 root@YOURDOMAIN.tld
# run something on localhost:3000

As long as you keep this SSH connection open, you'll able to access your app from either http://localhost:3000 or https://dev.YOURDOMAIN.tld. For additional security, you'll want to limit access to only a select set of IP addresses and origins.

You can’t perform that action at this time.