PhpRiot
News Archive
PhpRiot Newsletter
Your Email Address:

More information

Expose services via an ssh tunnel

Note: This article was originally published at Planet PHP on 21 April 4520.
Planet PHP

Ever since I remember, I have this inability to learn the most basic things, until I actually write down a couple notes or instructions somewhere. This is one of these notes blog posts - so in case it's too basic, just skip over it. Or bear with me.

ssh tunnels - useful and powerful. They can help me with all kinds of trickery - e.g. usually for remoting through a tight firewall setup to access remote resources. So point taken there are a lot of GUIs for this, but if you spend a couple minutes with the ssh man page, you will realize how amazingly simple they are.

My example for an ssh tunnel put to good use is our production gearman setup: The gearmands runs isolated on EC2. On the upside: pretty secure, but the downside is that the service is unavailable when you need to a little live data for some local tests. When we added an interface to get more visibility into the processes we push through gearman, of course we couldn't access it.

A tunnel to the rescue!

Consider this:

till@macbook$ screen -S gearman-ssh-tunnel till@macbook$ ssh -L 2222:127.0.0.1:4730 production-gearmand Linux Ubuntu SMP AMD64 Last login: Sat May 5 16:22:47 2012 from YYY.YYY.YYY.YYY till@production-gearmand:~$

("ctrl + a + d", to detach from screen.)

So what does that do?

First off, we are starting a session in screen: it's called "gearman-ssh-tunnel". You could use tmux as well, but screen works just as nice.

The consecutive command maps port 2222 on my (local) macbook to a service running on the server production-gearmand (this is via .ssh/config) but only listens on 127.0.0.1:4730.

Your .ssh/config could look like this:

Host production-gearmand HostName ec2-XXX-XXX-XXX-XXX.compute-1.amazonaws.com User till IdentityFile ~/.ssh/gearman.pem

If I wanted to connect to this server in a PHP-script on my macbook, I would use the following configuration:

addServer('127.0.0.1', 2222); var_dump($client-echo('ehlo')); ?

Run it from the terminal:

till@macbook$ php gearman-ping.php bool(true)

Success!

Need to stop the tunnel?

The following command lets you resume your session with screen:

till@macbook$ screen -r gearman-ssh-tunnel ...

Type exit twice, or hit "ctrl + d" to log off the server and "ctrl + d" again to kill the screen. Done.

Fin

Bonus points if you use this from your VM in vagrant. But otherwise, that's all for today.