Accessing your internal web interfaces - AtlasOfLivingAustralia/documentation GitHub Wiki
Introduction
Many times you have to access to some web interface of a internal server in your portal, to a port that is nor public for security reasons, like the solr admin interface.
You can use ssh port redirection but if you have to access to many other ports or to many other software (jenkins, spark, hadoop) is better to use other approach (like add some auth proxy vhost in your frontend to access to these interfaces). In this page we'll show you how to use a socks proxy in a GNU/Linux environment or similar free sophisticated tanks, but you can do something equivalent in Windows or Mac.
Step 1: Socks proxy
ssh
Using Let's say that ssh ubuntu@your-portal-gateway
is how you access to your portal gateway or to some of your portal servers. If you exec:
ssh -D 8765 ubuntu@your-portal-gateway
This configure a socks
ssh proxy in your local port 8765
. Using this proxy in a browser will redirect all your web petitions as they were accessing from your-portal-gateway
. autossh
maintains that socks proxy open.
autossh
Or better do the same using For this, install autossh
:
apt install autossh
Create some script
nano autossh-la-portal.sh
does contains something like:
#!/bin/bash
autossh -f -M 0 -o "ServerAliveInterval 10" -o "ServerAliveCountMax 3" -D localhost:8765 -N ubuntu@your-portal-gateway
give execution permissions:
chmod +x autossh-la-portal.sh
and execute it.
./autossh-la-portal.sh
This does the same that ssh
but tries to maintain open that proxy until you reboot your computer.
Now let's use that proxy (that is like a secure pipe or VPN between you and your portal).
Other option: using Windows and putty
Follow: https://www.forwardproxy.com/2018/12/using-putty-to-setup-a-quick-socks-proxy/
Step 2: Install a proxy extension in your browser
You can configure your proxy in your computer to use that 8765
but it's better to only use it for some subdomains and use direct Internet connection to the rest. For that we recommend the chrome extension Proxy SwitchyOmega.
Step 3: Configure your portal gateway /etc/hosts
Imagine that you want to access to solr or a la-toolkit you installed in your portal. In this case, you have to add the internal IPs and names of this VMs to the /etc/hosts
of your ssh portal gateway. For instance:
10.0.0.123 gbif-es-solrcloud-2022-1
10.0.0.143 gbif-es-la-toolkit
In the next step we'll use these names to access to these internal IPs but through the ssh socks tunnel.
Step 4: Configure the proxy extension
Now we'll configure the extension to automatic use the socks ssh proxy for some of our internal servers (if this example, those starting with gbif-es-*
names in the /etc/hosts
of our portal gateway).
With this you can access to these internal interfaces using your proxy and not for the rest of webs.