Accessing your internal web interfaces - AtlasOfLivingAustralia/documentation GitHub Wiki

Introduction

Many times you have to access to some web interface of a internal server in your portal, to a port that is nor public for security reasons, like the solr admin interface.

You can use ssh port redirection but if you have to access to many other ports or to many other software (jenkins, spark, hadoop) is better to use other approach (like add some auth proxy vhost in your frontend to access to these interfaces). In this page we'll show you how to use a socks proxy in a GNU/Linux environment or similar free sophisticated tanks, but you can do something equivalent in Windows or Mac.

Step 1: Socks proxy

Using ssh

Let's say that ssh ubuntu@your-portal-gateway is how you access to your portal gateway or to some of your portal servers. If you exec:

ssh -D 8765 ubuntu@your-portal-gateway

This configure a socks ssh proxy in your local port 8765. Using this proxy in a browser will redirect all your web petitions as they were accessing from your-portal-gateway. autossh maintains that socks proxy open.

Or better do the same using autossh

For this, install autossh:

apt install autossh

Create some script

nano autossh-la-portal.sh

does contains something like:

#!/bin/bash
autossh -f -M 0 -o "ServerAliveInterval 10" -o "ServerAliveCountMax 3" -D localhost:8765 -N ubuntu@your-portal-gateway

give execution permissions:

chmod +x autossh-la-portal.sh

and execute it.

./autossh-la-portal.sh

This does the same that ssh but tries to maintain open that proxy until you reboot your computer.

Now let's use that proxy (that is like a secure pipe or VPN between you and your portal).

Other option: using Windows and putty

Follow: https://www.forwardproxy.com/2018/12/using-putty-to-setup-a-quick-socks-proxy/

Step 2: Install a proxy extension in your browser

You can configure your proxy in your computer to use that 8765 but it's better to only use it for some subdomains and use direct Internet connection to the rest. For that we recommend the chrome extension Proxy SwitchyOmega.

Step 3: Configure your portal gateway /etc/hosts

Imagine that you want to access to solr or a la-toolkit you installed in your portal. In this case, you have to add the internal IPs and names of this VMs to the /etc/hosts of your ssh portal gateway. For instance:

10.0.0.123 gbif-es-solrcloud-2022-1
10.0.0.143 gbif-es-la-toolkit

In the next step we'll use these names to access to these internal IPs but through the ssh socks tunnel.

Step 4: Configure the proxy extension

Now we'll configure the extension to automatic use the socks ssh proxy for some of our internal servers (if this example, those starting with gbif-es-* names in the /etc/hosts of our portal gateway).

With this you can access to these internal interfaces using your proxy and not for the rest of webs.