Expose services via an ssh tunnel
Ever since I remember, I have this inability to learn the most basic things, until I actually write down a couple notes or instructions somewhere. This is one of these
notes blog posts — so in case it's too basic, just skip over it. Or bear with me.
ssh tunnels — useful and powerful. They can help me with all kinds of trickery — e.g. usually for remoting through a tight firewall setup to access remote resources. So point taken there are a lot of GUIs for this, but if you spend a couple minutes with the ssh man page, you will realize how amazingly simple they are.
My example for an ssh tunnel put to good use is our production gearman setup: The gearmands runs isolated on EC2. On the upside: pretty secure, but the downside is that the service is unavailable when you need to a little live data for some local tests. When we added an interface to get more visibility into the processes we push through gearman, of course we couldn't access it.
A tunnel to the rescue!
[email protected]$ screen -S gearman-ssh-tunnel [email protected]$ ssh -L 2222:127.0.0.1:4730 production-gearmand Linux Ubuntu SMP AMD64 Last login: Sat May 5 16:22:47 2012 from YYY.YYY.YYY.YYY [email protected]duction-gearmand:~$
("ctrl + a + d", to detach from screen.)
So what does that do?
First off, we are starting a session in screen: it's called "gearman-ssh-tunnel". You could use tmux as well, but screen works just as nice.
The consecutive command maps port
2222 on my (local) macbook to a service running on the server
production-gearmand (this is via
.ssh/config) but only listens on
.ssh/config could look like this:
Host production-gearmand HostName ec2-XXX-XXX-XXX-XXX.compute-1.amazonaws.com User till IdentityFile ~/.ssh/gearman.pem
If I wanted to connect to this server in a PHP-script on my macbook, I would use the following configuration:
<?php $client = new GearmanClient; $client->addServer('127.0.0.1', 2222); var_dump($client->echo('ehlo')); ?>
Run it from the terminal:
[email protected]$ php gearman-ping.php bool(true)
Need to stop the tunnel?
The following command lets you resume your session with screen:
[email protected]$ screen -r gearman-ssh-tunnel ...
exit twice, or hit "ctrl + d" to log off the server and "ctrl + d" again to kill the screen. Done.
Bonus points if you use this from your VM in vagrant. But otherwise, that's all for today.
The author does not allow comments to this entry