Affordable Remote Access with reverse tunneling

When an application is running in a local machine, it cannot be accessed with the internet, it can only be accessed with intranet. In order to make the machine accessible from the internet, there are several methods to achieve this and reverse tunneling is one of them

  1. Setup Dynamic DNS and Do the Port Forwarding in the router. 
    1. This might be too troublesome and it is highly dependent on the router model and router firmware feasibility to set the DDNS. 
    2. The DDNS hostname needs to be purchased. Or you might use the NOIP free hostname, but it needs to be updated every month. 
  2. Tunnelling Service available below. Even though some of them are free to use and easy to get started. But in the long run, they might have several issues. 
  3. Why not to use the current Tunnelling Service Available.
    1. Since there is no free lunch in this world, the free tunneling server might not have people to maintain it. 
    2. Free version, the url cannot be fixed, it is randomly generated. For some use cases, this is a problem. 
    3. Free version, you might need to share the server with the other users. 
    4. For the paid service, you might not be able to afford it when you have a fleet of machines to access.

Reverse tunneling can actually be done by your own in three steps:

  1. On a server, create a virtual host like with a reverse proxy to some unused port (say, 8000).
  2. On the local machine that you want to access, run the web application at the port you want, let’s say 3000. Then do ssh from the machine to the virtual host on port 8000
  3. Then create a tunnel so whatever comes at port 8000 on the server is tunneled to your local machine’s port 3000

Note: Make sure’s DNS points to your server. If it doesn’t, create an A Record with name:forward and content : ip address of your server.

Creating a Virtual Host on Your Server

I am using Apache, but you can use nginx or any other web-server software.

First, you need to enable proxy and proxy_http mods for Apache. You can do that by running:

sudo a2enmod proxy
sudo a2enmod proxy_http

Here’s a sample virtual-host file for Apache, which created a proxy for anything coming with the host name to the local 5000 port.

If you want to support HTTPS, you can use Certbot. Simply follow their instructions. HTTPS is also enabled.

We have set up the server for our requirements. Now we need to create a tunnel so anything on port 5000 on the server comes to our local machine’s port 3000.

ssh image
credit to Eny Setiyowati/

SSH Port Forwarding to the virtual host

This is the simpler part. SSH already supports port forwarding. All you have to do is simply ssh with this command:

ssh -R 8000:localhost:3000

Note: -R is for remote port forwarding

We have mapped the server’s port 8000 to localhost:3000.

And hurray! When you open (if HTTPS is enabled — otherwise use HTTP), it opens whatever’s running on your local machine and anyone on the internet can access it.

Read about our article on edge computing and using the technique you just learnt to achieve it.

Leave a Reply

Your email address will not be published. Required fields are marked *