Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for SSH remote port forwarding #120

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

juergenhoetzel
Copy link
Contributor

Use cases:

  • Deploy from local repository server (without public URL)
  • Use local HTTP-Proxy server if remote doesn't have Internet access

Still the error reporting (related to tunnel setup: bind error, connection-refused, ...) is not satisfactory. I would prefer to mix it with
remotes stderr but I don't see how this can be done.

Copy link
Collaborator

@VojtechVitek VojtechVitek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, I don't understand the use cases very well.

We have bastion functionality for accessing SSH servers via a middle-man SSH server.

Is this solving any other use case?

@juergenhoetzel
Copy link
Contributor Author

We have bastion functionality for accessing SSH servers via a middle-man SSH server.

Is this solving any other use case?

Yes, bastion hosts allow to access ssh hosts which are not accessible via a direct network connection. In OpenSSH config:


Host remote
  ProxyCommand ssh user@bastion -W %h:%p

Whereas remote port tunneling/forwarding allows access to tcp-services on the ssh-client side by listening on a tcp port on the remote side . In OpenSSH config:

RemoteForward 127.0.0.1:8080 my-proxy-server.local:8080`

You can then use this environment variable on the remote site to access the local proxy:

export http_proxy=http://localhost:8080/

In your Supfile you get the same feature with this pull request:

env:
  http_proxy: http://localhost:8080

networks:
  testnet:
    tunnels:
      - listen: 8080
        host: my-proxy-server.local
        port: 8080
    hosts:
      - remote1
commands:
    proxy-test:
      run: >
           curl -v  http://my-host.local

@VojtechVitek
Copy link
Collaborator

@juergenhoetzel I see, thanks. I'm still missing the point, though.

  1. How is this useful again? Can you give us some real life use cases / examples?

  2. How is this supposed to work with multiple remote hosts, since you're binding a remote port to a single localhost port?

@juergenhoetzel
Copy link
Contributor Author

@juergenhoetzel I see, thanks. I'm still missing the point, though.

How is this useful again? Can you give us some real life use cases / examples?

  1. I publish my non-public NPM modules to a Sonatype repository server (not accessible via public IP): http://blog.sonatype.com/using-nexus-3-as-your-repository-part-2-npm-packages
    I can install this modules from a remote server when forwarding port 8081using:
npm --registry http://localhost:8081/repository/npm-group/ install -g my-pac
  1. Some of my hosts don't have internet access. I forward the remote port to a local proxy and configure Centos yum to use this proxy via port forwarding: https://www.centos.org/docs/5/html/yum/sn-yum-proxy-server.html

How is this supposed to work with multiple remote hosts, since you're binding a remote port to a single localhost port?

This would be the case if you do local Port forwarding (I didn't find a use-case for this).
But I implemented only remote Port forwarding: Thus the binding/listening is done on the remote site.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants