Accessing Your Server Application with SSH Port Forwarding
Port forwarding via SSH (SSH tunneling) creates a secure connection between a local computer and a remote machine through which services can be relayed. Port forwarding with SSH to the rescue!
Have a look at our desktop app RONIN LINK that makes this and other long terminal commands easy.
We've already discussed connecting to your server via SSH which is great for accessing your server's terminal. But how will you, for example, connect to your web application via a browser?
This is best explained with an example. Say we have built an apache web server on Ubuntu in RONIN, and the machine address is webserver.ronin.cloud
One way is to create a Windows machine in RONIN, connect to it via RDP, open a web browser and navigate to your server's address (e.g. webserver.ronin.cloud)
This will only work with machines within your project however, as all machines are contained by a project subnet.
Perhaps you want to connect to it via your local PC instead? You won't be able to access it quite the same way, as your PC is not a part of the projects subnet, and only port 22 is open on the webserver. So, how will we connect?
Port forwarding with SSH to the rescue!
Quick Start - for those wearing knitted cardigans.
Local Port Forward
ssh -i ".ssh/your-key.pem" -L 80:localhost:80 ubuntu@webserver.ronin.cloudPort forwarding without shell, add -f flag
X11 Port Forwarding - add -X flag
Detailed Guide - for normal humans
What is SSH Port Forwarding (or Tunnelling)
Port forwarding via SSH (SSH tunneling) creates a secure connection between a local computer and a remote machine through which services can be relayed. Because the connection is encrypted, SSH tunneling is useful for transmitting information that uses an unencrypted protocol, such as a service using an unencrypted protocol (e.g a webserver using the HTTP protocol on port 80)
We won't discuss other types of port forwarding in this article other than local port forwarding. More information on what else SSH can do, type man ssh into a terminalHere's a diagram to explain it better.
Local Port Forwarding
Lets break it down.
We start with your PC
requesting your web server at port 80 (as an example, can be any port number you choose)
Your SSH Command
will forward any requests of port 80 through the SSH tunnel. This is changed to an SSH request, port 22. It will assign your key to the encryption for security.
As the firewall
is open on port 22, it will let the request through (provided you gave the right key) to the RONIN server.
At the end of the tunnel is your RONIN server
and the request will be changed to what the application is expecting. In this case, a web server
receives requests on port 80, but this could be a database, a web service, etc.
...and you're securely connected!
What's the point of all this?
With this example, there was no point in time where the request was unencrypted while being transmitted over the internet. This means a secure handshake between the two computers, invisible to any third party, secured by your private key.
It also means that there's only one way which a machine can be accessed by. Requests that don't go through SSH are blocked by a firewall before it can reach a server. When it comes to security, the less ways in, the more secure it is.
Got your shovel handy? Lets get to tunnelling!
Lets get started
This is the command we'll use to create a secure tunnel
ssh -i ".ssh/your-key.pem" -L 80:localhost:80 ubuntu@webserver.ronin.cloudAgain, another diagram for a clearer explanation
Lets break down the command
ssh - The protocol we're using.
-i "your-key.pem" - The key you use to secure the tunnel.
-L - The flag which makes it a local port forward.
80 - The port you want to forward from your local machine. This can be any number you want within the range 1-65535, however its recommended you use one within the range of 1024-49151 so as not to conflict with regularly used ports.
localhost:80 - In this example, webserver.ronin.cloud has an apache server installed which responds at localhost, and the port for HTTP is port 80
ubuntu@webserver.ronin.cloud - Our example webserver
After running this command, I can now go to http://localhost in a web browser and I will see a welcome screen for apache in this example
Whew. That's a tricky concept!
If you are still having difficulty, or need something explained further, let us know in the comments below!