Introduction
As a developer working with clients and collogues on applications, wouldn't it be cool to enable these individuals to access your local application through their browser without the hassle of creating a live environment that would probably require web server, database, application dependencies and a deployment pipeline?
With a simple server and a few configurations you will be able to share your local application with anyone in the world, show real time progress, and enable your team to test the application on various devices (desktop, tablet, mobile devices), possible using SSH reverse tunneling.
SSH reverse tunneling is a technique that allows the exposure of a service running on your local machine to a remote server, making it accessible from external networks.
How SSH Reverse Tunneling Works
Initiation from the Client
The client (local machine) initiates an SSH connection to a remote server (which has a public IP address). In this connection, a request is made to the remote server to listen on a specific port.
Creating the Reverse Tunnel
The SSH client is instructed to set up a tunnel that forwards any connection to the remote port on the remote server back to local port on your local machine.
Accessing the Local Service
When someone connects to the remote port on the remote server, the SSH tunnel forwards that traffic back to the local machine, where the service is running on local port. This effectively makes the local service available to external clients.
Reverse Tunneling Use Case and Setup
In terms of app development, reverse tunneling would allow team members to view the locally developed application on the web using various devices to test and review the application. Additionally stakeholders can view development progress in real time, enabling simultaneous development and review.
The following requirements must be completed before attempting reverse tunneling:
- Local applications must be running and must be accessible on localhost:port.
- Remote server public IP and designated forwarding port must be accessible to the user.
- GatewayPorts must be enabled inside sshd_config to allow non-local connections to the forwarded port (For ubuntu server).
GatewayPorts directive can be found inside /etc/ssh/sshd_config on Ubuntu servers:
sudo nano /etc/ssh/sshd_config
Then uncomment GatewayPorts and set it to yes:
GatewayPorts yes
SSH Reverse Tunneling Connection
With the above points completed, run the following on the local machine containing the running application to make it accessable through the remote server:
ssh -R 8000:localhost:8069 user@remote-server-ip
In the above example, any traffic to remote-server:8000 will be forwarded to port 8069 on the local machine, allowing users to connect to the remote server to access the locally hosted service.
Users will be able to access the local application by visiting:
remote-server-ip:8000
To make the connection more persistent add the following flags:
ssh -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -R 8000:localhost:8069 user@remote-server-ip
With these flags I was able to maintain the connection for multiple days without it breaking.