0

So hello, i am hosting in my home home server web server, and i would like to acces it globaly so my idea was to setup ssh tunnel the setup is as follows my home server has web server on port :8080 and on my remote server that is a accese globaly is stream.domain.dn its a wildcard domain i would like to host it there, or forward it there my apache server is setup as follow

<VirtualHost *:80>
        ServerName stream.domain.dn
        ServerAlias www.stream.domain.dn
        DocumentRoot /www/test1
        RewriteEngine on
        RewriteCond %{SERVER_NAME} =www.stream.domain.dn [OR]
        RewriteCond %{SERVER_NAME} =stream.domain.dn
        RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

so far its hosting .html website for stesting ssl cert and it works fine, how do i setup apache to get it to host my ssh tunnel here? i tried ssh -L 80:localhost:8080 -N picaica@the-ip-of-mu-server but i always get error

bind [127.0.0.1]:80: Permission denied
channel_setup_fwd_listener_tcpip: cannot listen to port: 80

so i am not sure what to do, and yes i am using bind as name resolution what is the best way to use ssh tunel?

Picarica
  • 67
  • 2
  • 8
  • (1) There is `81` in the config, but then with `ssh` you're not using `81` anywhere. (2) It's not entirely clear where you run the `ssh` command. `-L` listens locally (where ssh runs), it's possible you want `-R`. (3) Does this answer your question? [*Accessing localhost web server via reverse SSH tunnel and URL*](https://superuser.com/q/1566894/432690). – Kamil Maciorowski Jan 31 '23 at 13:35
  • i am running ssh from my local machine where web server is running on port 8080, and via ssh connecting to my remote machien that has public ip and domain name all set up, and want to tunel my local web server to that remote with domain name – Picarica Feb 01 '23 at 06:44
  • OK. I do think you need `-R` for the local `ssh`, not `-L`. Does the link from my previous comment help? If not, what obstacles or errors are you encountering? – Kamil Maciorowski Feb 01 '23 at 06:51
  • something llike this ? ssh [email protected] -R 1234:localhost:8080, where 8080 is where i can acces it via localhost:8080 fro my computer – Picarica Feb 01 '23 at 08:41
  • what i am trying to acomplish something like localhost.run does, basically sshtunel my webpage to my publicly avalabile server – Picarica Feb 01 '23 at 09:30

1 Answers1

0

It seems you've mixed the order of things in the forwarding option. The error message was caused by the attempt of the SSH client to listen on port 80. Since this is privileged port (<1024), and you probably didn't run ssh client as root and don't have CAP_NET_BIND_SERVICE capability, you are not allowed to listen on this port.

The format of forwarding option for TCP case is:

-L [<local IP>:]<local port>:<remote IP or host name>:<remote port>

SSH client will listen locally on local port, and SSH server will connect to the remote IP:remote port.

To forward local port 8080 as if it was the remote 80, you need to use the command

ssh user@remote -L 1234:localhost:80

Then, connecting to the local port 8080 (e.g. run browser where you are running the SSH client and point it to http://localhost:1234) will end up talking with the port 80 on remote, where your real web server is running.

Or, you can use reverse forwarding. Use it in the following way:

-R [<remote IP>:]<remote port>:<local IP>:<local port>

In this case, SSH server will listen on remote IP:remote port and the SSH client will connect to local IP:local port. (To listen on non-localhost IP on remote, you need to enable non-local bind in SSH server configuration.)

E.g. from the web server you connect:

ssh user@remote -R 1324:localhost:80

Then on the remote you run the browser and point it to http://localhost:1234, it will end up connecting to the local port 80, where web server is listening.

Nikita Kipriyanov
  • 2,564
  • 11
  • 28
  • it still doesnt seem to work for me, i tried ssh [email protected] -L 1234:localhost:80 where i am sshing from i am hosting web server on port 80, and it works without error, but when i go to myremoteserve.sk:1234, it just keeeps on loading, no result, i wonder does apache needs to be turned of or on ? what are the requrements to make it work, because all connections time out i also have in sshd_config GatewayPorts yes, and AllowTcpForwarding no is that okay? – Picarica Feb 01 '23 at 07:35
  • Re-read the answer please, if you want to ssh *from* the web server, you need to use *reverse forwarding*, as I explained in the second part of an answer. – Nikita Kipriyanov Feb 01 '23 at 12:42
  • i would like to try that, but i cannot connect from that remote server to my local machine, if i could i would just open ports from my home and have it accesible right on, but my isp blocks that somehow so i cant connect to my local machine from remote server, via public ip of my home its blocked from isp – Picarica Feb 01 '23 at 13:34