Hi, I am at home behind a firewall that allows NO incoming connections. all my machines use ssh keys and SSL.
note: my-public-host is not my real public server's name, of course.
I can "ssh" into my machines at home from my-public-host (allows port 22) by using a ssh reverse tunnel:
home/client:
ssh -R 2222:localhost:22 my-public-host
my-public-host:
ssh -p 2222 localhost > I get to my home/client shell with no problems
BUT when i try to access my home/client website (uses port 8080) by pointing by browser (from anywhere) to http(s)://my-public-host:8080, i have no luck connecting. I have been trying this for hours and watching it in debug mode via:
ssh -vvv -R *:8080:localhost:8080 my-public-host
what am i doing wrong, please ? how can i get to my home webserver from a 3rd party client via a browser ?
However, if i issue curl localhost:8080 on my-public-host then I get traffic from home/client but NOT when i point my browser to it (?). my-public-host is a forum, btw.
[SOLVED] 'ssh reverse tunneling to apache boxes behind restrictive firewalls' not working as expected using SSL
[SOLVED] 'ssh reverse tunneling to apache boxes behind restrictive firewalls' not working as expected using SSL
Last edited by aegersz on 2017/08/18 22:27:37, edited 6 times in total.
Re: 'ssh reverse tunneling to httpd behind firewall' not working as expected
i worked it out. My .htaccess was forcing https traffic, see below.
so i had to use local port 443: (point my browser to my-public-host:8080)
ssh -R *:8080:localhost:443 my-public-host
Code: Select all
# redirect http to https
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://my-public-host/$1 [R=301,L]
ssh -R *:8080:localhost:443 my-public-host
Re: [SOLVED] 'ssh reverse tunneling to apache/httpd machines behind restrictive firewalls' not working as expected using
some more variations as i tunnel into and around my intranet (uncomment what you want):
it's also important to use simple .htaccess like this to avoid weird issues:
Code: Select all
# ssh back into the Linux router box
# > ssh -p 2210 localhost
#ssh -R 2210:localhost:22 my-public-host
# ssh back into the Linux dev box
# > ssh -p 2210 localhost
#ssh -R 2210:192.168.137.2:22 my-public-host
# https back into the Linux router box (before the REAL Netgear router)
# > my-public-host:8080
#ssh -R *:8080:localhost:443 my-public-host
# http back to the Linux dev box BUT this requires 8080 -> 80 port forwarding done by the REAL Netgear router (sits after it)
# > my-public-host:8080/smfnew
#ssh -R *:8080:192.168.137.2:80 my-public-host
# tunnel back into The linux router's Webmin
# > my-public-host:10001
#ssh -R *:10001:localhost:10000 my-public-host
Code: Select all
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://an-intranet-host/$1 [R=301,L]