[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

HOWTO reverse proxy through an internal-server-initiated ssh tunnel?

I would like to expose a web server running on a personal laptop
elegantly and securely. This laptop is not always connected at the
same point, so a static IP will not do. I am also familiar with
dynamic dns however my laptop will sometimes be behind firewalls over
which I have no control.

A solution which I believe is quite elegant involves ssh'ing from the
laptop to my external, statically IP'd host. I would then need to
notify the externally running httpd that a tunnel is now available,
and then use something like the ProxyPass directive to seemlessly
forward client requests to the laptop.

So far I have been unsuccessful in getting this to work - using wget
on the external server I get a connection refused. I have found a
variety of web sites on mod_proxy, ssh tunneling. I have even found
some sites that describe (sort of) how to proxy over a tunnel
initiated by the external host.

It would be handy to know how to do some low-level network
troubleshooting. I am familiar with netstat but I'm not sure what I'm
looking for. The external host should have local port 8080 open.
Somehow, sshd causes this to happen when ssh connects with certain
command line parms. I'm not sure how to check this apart from
connecting and running wget http://localhost:8080 and hoping it hits
my laptop.

If this works, I think the method would be very useful for many debian
users wanting to expose their own services behind an inexpensive web
hosting provider. The benefits over DDNS are several.

Kind regards,

"It seemed to them that they did little but eat and drink and rest,
and walk among the trees; and it was enough."
- J.R.R. Tolkien, The Lord of the Rings, "The Mirror of Galadriel"

Reply to: