[HN Gopher] Roll your own Ngrok with Nginx, Letsencrypt, and SSH... ___________________________________________________________________ Roll your own Ngrok with Nginx, Letsencrypt, and SSH reverse tunnelling Author : lioeters Score : 52 points Date : 2022-04-02 20:41 UTC (2 hours ago) (HTM) web link (jerrington.me) (TXT) w3m dump (jerrington.me) | ugjka wrote: | for tunnelling better use autossh | smw wrote: | tailscale! | dspillett wrote: | Or a VPN such as wireshark or OpenVPN, though that is a little | extra setup usually. | | (or one of the many public VPNs - though I'm wary of those, if | I want a VPN I want to set it up myself and not have my traffic | pass through someone else's control) | paskozdilar wrote: | > Roll your own Ngrok with Nginx, Letsencrypt, and SSH reverse | tunnelling | | And "a server in the public cloud". | priyadarshy wrote: | I've used ngrok every single day for ~8 years for work and didn't | have the slightest clue how it worked. I'll still be paying for | it but I learned a lot reading this. | dashesyan wrote: | This doesn't duplicate one of the best features of Ngrok: the | local web server that lets you inspect _and replay_ recent | requests. This feature makes writing webhook code so much easier, | because if your code doesn't work right, you can inspect the | request, fix your code, and have Ngrok replay the request until | it's all working properly. That's even in the free version! And | the paid version is also pretty cheap, and you don't have to | maintain, nor pay for, a cloud instance | wussboy wrote: | Sometimes I feel like most of my headache is in just getting | that first request to hit ngrok. Then I'll replay it dozens of | times as I figure out the functionally. | grishka wrote: | The coolest thing about ngrok is that it has a request log in its | web UI. And, it allows replaying requests! This is extremely | handy for debugging webhooks without having to trigger them at | the source every time you change something. | mbreese wrote: | You can also do this with ssh and Unix sockets if you'd like to | not leave ports open and accessible from the proxy server. It's a | little more work, but both openssh and nginx support this. I'm | doing that on a remote server to run code server (vscode w/o the | MS specific code) on a multi user system. I'd rather not have my | code editor available for anyone else on the system. So, node is | getting served on a socket, and that is the forwarded to a web | reverse proxy. | | There is extra authentication/authorization as part of the web | server itself, but it is nice that I don't have open IP ports on | the shared server. | | That said, for the use case from the article, if you have a more | permanent setup, using something like wireguard would be more | robust than an ssh reverse tunnel. But the ssh tunnel is great | for more ephemeral connections. ___________________________________________________________________ (page generated 2022-04-02 23:00 UTC)