SSH Reverse Proxy / Tunneling
Let’s say you own the domain example.com and the port
22 works as an SSH port for some VM/Server. This means that you can SSH into it like so:
But SSH can do much more. One of the features is a reverse TCP proxy, which can expose a port on your local device with one command.
ssh -R \*:80:localhost:8080 -N email@example.com
-N flag isn’t required, it’s to saying that after SSHing we don’t need to execute any commands.
This will work for anything that uses TCP, such as a web server, SSH port, or even your Minecraft server.
This will bind
example.com:80 to your
localhost:8080. Keep in mind, that in order to bind to low ports (like 80 or 443) you’ll need to ssh as root.
Enable root login with password
If you also want to enable ssh root login with a password:
echo "PermitRootLogin yes" | sudo tee -a /etc/ssh/sshd_config sudo systemctl restart sshd
Binding to all addresses
If you want to make it accessible on addresses other than
localhost (such as
0.0.0.0 to make it available publically):
echo "GatewayPorts=clientspecified" | sudo tee -a /etc/ssh/sshd_config sudo systemctl restart sshd
Starting simple http server
If you start a HTTP server on port
8080 locally, it will also be available on
python -m http.server 8080