Access a local webserver through firewalls with SSH tunnelling.

Sometimes, it is very useful to have a local website viewable globally, for instance if you are developing a new web app for a client, or would like to temporarily show your work to your friends. I have even used this technique to run large web-based events for more than 300 people, obviously dependent on your upstream network connection. You also have to be very careful not to put the lid of your laptop down!

Here is how to forward your local webserver to a server which you have SSH access to online.

ssh -R 5667:localhost:80 [email protected] -N

Here, 5667 specifies the remote port on the publicly available server which you would like your webserver to be on (note that low ports such as 80 are reserved and require sudo privellages to open on the external host)

Port 80 is assumed to be the address of the webserver on the local machine. This doesn't necessarily have to be a webserver, and could actually be SSH or PPTP VPN or anything.

[email protected] specifies your remote username and the server you would like to connect to.

-N signifies that you do not wish to run any commands in the SSH session, and it should only maintain a connection for the tunnel.

Your service should now be available on remotehost:5667, so if it's a web service you should be able to access it at http://remotehost.fqdn:5667/

If you would like it to appear on a subdomain, for instance http://websrv01.joshcurry.co.uk/, you can configure a webserver such as Apache or Lighttpd to forward requests to the subdomain to the port specified above.

First, you will need to setup the subdomain to point at your server using your hosting provider's DNS setup.

Then, use the proxy functionality of your webserver to forward requests to the port which your SSH tunnel has opened.

For instance, in Lighttpd:

Setup our proxy forwarder

nano /etc/lighttpd/conf-enabled/websrv01.conf
$HTTP["host"] == "websrv01.joshcurry.co.uk" {   
   proxy.server = (
"" => (
        "host" => (               
                "host" => "127.0.0.1",
                "port" => 5667
    )
   )                          
  ),
 } 

Enable mod_proxy for the webserver

nano /etc/lighttpd/lighttpd.conf
Append "mod_rewrite", to the server.modules = () directive.

And with a quick sudo service lighttpd restart, you should have your SSH tunnel available on the subdomain.

Published 2016-09-04