Expose services via an ssh tunnel
Ever since I remember, I have this inability to learn the most basic things, until I actually write down a couple notes or instructions somewhere. This is one of these notes blog posts - so in case it's too basic, just skip over it. Or bear with me.
ssh tunnels - useful and powerful. They can help me with all kinds of trickery - e.g. usually for remoting through a tight firewall setup to access remote resources. So point taken there are a lot of GUIs for this, but if you spend a couple minutes with the ssh man page, you will realize how amazingly simple they are.
My example for an ssh tunnel put to good use is our production gearman setup: The gearmands runs isolated on EC2. On the upside: pretty secure, but the downside is that the service is unavailable when you need to a little live data for some local tests. When we added an interface to get more visibility into the processes we push through gearman, of course we couldn't access it.
A tunnel to the rescue!
Consider this:till@macbook$ screen -S gearman-ssh-tunnel till@macbook$ ssh -L 2222:127.0.0.1:4730 production-gearmand Linux Ubuntu SMP AMD64 Last login: Sat May 5 16:22:47 2012 from YYY.YYY.YYY.YYY till@production-gearmand:~$
("ctrl + a + d", to detach from screen.)
So what does that do?
First off, we are starting a session in screen: it's called "gearman-ssh-tunnel". You could use tmux as well, but screen works just as nice.
The consecutive command maps port 2222 on my (local) macbook to a service running on the server production-gearmand (this is via .ssh/config) but only listens on 127.0.0.1:4730.
Your .ssh/config could look like this:Host production-gearmand HostName ec2-XXX-XXX-XXX-XXX.compute-1.amazonaws.com User till IdentityFile ~/.ssh/gearman.pem
If I wanted to connect to this server in a PHP-script on my macbook, I would use the following configuration:addServer('127.0.0.1', 2222); var_dump($client-echo('ehlo')); ?
Run it from the terminal:till@macbook$ php gearman-ping.php bool(true)
Need to stop the tunnel?
The following command lets you resume your session with screen:till@macbook$ screen -r gearman-ssh-tunnel ...
Type exit twice, or hit "ctrl + d" to log off the server and "ctrl + d" again to kill the screen. Done.
Bonus points if you use this from your VM in vagrant. But otherwise, that's all for today.