Working in the tech world, especially for government, there are tons of restrictions on what we can / can’t do, particulary when it comes to network access.
Recently our company had a summit, and they talked about Ngrok. It’s pretty awesome looking, but sadly has gone closed source in pursuit of the almighty dollar.
Still could be quite useful, but was wondering if any of you have heard of it, and if so, are there any open source options to it?
BTW, for those who work in networking and securing network access this appears to be a solid work around (Texas Tech - cough), so might be worthwhile to investigate it up front. Here’s the link:
https://ngrok.com/
Found a really nice alternative. I"ll go through it tonight at the March 2019 meeting.
It’s called go-http-tunnel. Really nice.
My use case is that I’ve been working on a project for work at Tyler, and needed a way to get geoCoordinates from my iPad or phone. Well, the GeoCoordinates / GeoLocation API changed since last I used it a few years ago, and now reequires a secure (SSL) connection. This gave me just what I needed to have the SSL connection and be able to get back to my home machine from out and about in town as I tested the GeoLocation. Very cool.
Hey there! I have not logged into the discourse for a while. Sorry for a late response. I guess it depends on what functionality you really need.
I did not look too long at what ngrok offered, but from what I could see you could fairly easily do this as long as you have a publicly accessible server you could just use SSH or any other encrypted tunneling tool, such as stunnel. Those would require some initial manual setup, but once the initial setup is done you could automate the process and write scripts to handle the details.
Essentially you would host your server on your local device then you can use ssh to forward that service on it’s normal port up to the public server using whatever port you want to access it on.
Here is an example using SSH:
ssh -R <REMOTE PORT>:<LOCAL ADDRESS>:<LOCAL PORT> USER@SERVER
ssh -R 8080:localhost:80 root@digitalocean.example.com
This would create a tunnel that pushes your local port 80 web server to the digitalocean.example.com server. You could then have someone connect to http://digitalocean.example.com:8080 and it would forward all traffic to your local machine port 80.
The only negatives to this is bandwidth limitations of SSH. You’ll max out around 2MBps. If you need a faster method you can use stunnel it uses regular SSL, it is essentially the same thing that your normal web page uses. So it can go full speed.
More on SSH tunnels:
https://blog.trackets.com/2014/05/17/ssh-tunnel-local-and-remote-port-forwarding-explained-with-examples.html
More on stunnel:
https://www.stunnel.org/docs.html
1 Like
@Quantafac Is what you’re suggesting potentially similar, or the same as this service?
https://serveo.net/
@bmcgonag,
Looks essentially the same. Though it seems to have the added feature of using some kind of load balancer / proxy since you can use a subdomain to reach a random port. That is a neat feature. It could be done with some scripting on the back end if you wanted to do it yourself, but that would be fairly involved. You would need to dynamically update the web proxy and DNS information on the fly using the ssh connection as a template.
Only caveat to using services like that is of course you only have so much control and since the SSH instance is terminated on their remote server all traffic is visible to them. This would also be the case in a DigitalOcean instance.
Only way to change that would be to run SSL/TSL/HTTPS on the web server. That would encrypt information between the client and the web server which would run inside the SSH tunnel. While the encrypted traffic would be visible to the service they should not be able to read anything.