Skip to content

Instantly share code, notes, and snippets.

@bobbae

bobbae/ngrok_tunnel_two_commands.md

Created January 27, 2024 02:36
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save bobbae/fe969b0314aabca1ea9327e6ee0b85d5 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save bobbae/fe969b0314aabca1ea9327e6ee0b85d5 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. bobbae created this gist Jan 27, 2024.
    66 changes: 66 additions & 0 deletions ngrok_tunnel_two_commands.md
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,66 @@
    If you have a web service on your laptop that you want to expose
    to the internet but you are located behind a firewall, you can
    use the following two commands to overcome the limitations.

    This is not exactly equivalent but similar to ngrok.

    https://ngrok.com/

    You need a machine on Internet that has publicly accessible IP address.
    You can use a Google Cloud free tier virtual machine.

    https://cloud.google.com/free/docs/free-cloud-features#compute

    Enable port 443 for https access on the virtual machine.
    Write down your virtual machine external IP address.
    We will refer to it as A.A.A.A

    In reality A.A.A.A would be something like 123.45.67.89

    Install caddy on the virtual machine.
    https://caddyserver.com/docs/install

    SSH into the virtual machine and run step 1.

    ```
    caddy reverse-proxy --from A.A.A.A.sslip.io -to localhost:BBBB
    ```

    BBBB would a port number, like 9999 or 8888. You can use any number
    above 1000 that is not being used. This is the port where you will
    be running a remote ssh tunnel port on the virtual machine.

    Appending sslip.io to the IP address like A.A.A.A (for example,
    123.45.67.89.sslip.io) allows you to use an IP address as
    a domain address. sslip.io resolves IP address to itself.

    https://sslip.io/

    Now, to expose your local web server running on a laptop for example.

    Step 2:

    ```
    ssh -f -N -t -R BBBB:localhost:CCCC A.A.A.A.sslip.io
    ```

    BBBB is the port you used with the caddy command in step 1.
    That is the port on remote machine, the virtual machine in the cloud,
    that will be forwarded to the local machine port CCCC.

    When a user who is located somewhere in Internet uses a browser to
    connect to https://A.A.A.A.slip.io, the caddy server will obtain
    TLS certificate from LetsEncrypt automatically and terminate TLS
    and forward the request to port BBBB on the virtual machine, which
    will be tunnelled to the port CCCC on the laptop via reverse
    ssh tunnel.

    All of this is done securely. Even if your local web service
    is not using TLS, the ssh is secure, and caddy will terminate TLS,
    effectively making your local server https server.
    This allows you to expose your local http server to the internet
    with minimum fuss.


    @bobbae
    Comment