December 12, 2019
if you:
you can create your own
setup your traefik 1.x frontends/backends. in my case, I wanted t-1.my.domain and t-2.my.domain. two always available endpoints for whatever machine to connect to, which will be routed to a service running on my laptop.
of course you could extend this config to as many tunnels as you like
# traefik.toml
[file]
[backends]
[backends.t-1]
[backends.t-1.servers.t-1]
url = "http://localhost:51401"
[backends.t-2]
[backends.t-2.servers.t-2]
url = "http://localhost:51402"
[frontends]
[frontends.t-1]
backend = "t-1"
passHostHeader = true
[frontends.t-1.routes.t-1]
rule = "Host:t-1.my.domain
[frontends.t-2]
backend = "t-2"
passHostHeader = true
[frontends.t-2.routes.t-2]
rule = "Host:t-2.my.domain"
passHostHeader = true for each backend, so that the request headers for the local proxied-to services have the public frontend hosts instead of localhostt-*.my.domain possible for my home server, I’ve got DNS similar to:
A my.domain <home_ip>
CNAME *.my.domain my.domain
and a DDNS client updating the A record, and 80/443 forwarded
acme should be configured, giving you TLS for a proper ngrok alternativeit’s as simple as
ssh -N -R '<traefik_backend_port>:localhost:<local_service_port>' <your_box>
for every tunnel you want to create. no need for any extra binaries like with ngrok
-N means don’t run any remote commands, so you won’t get a shell on box. ssh will just keep the tunnel open without printing until you kill it-R is key. connections to the given port on the remote host (<traefik_backend_port>) are to be forwarded to the local side (localhost:<local_service_port>so in my case, if I want to show a friend a web server I have running at http://localhost:5454 by the more friendly and secure address https://t-1.my.domain, it would be:
ssh -N -R '51401:localhost:5454' my-box
where 51401 matches the frontend in the traefik.toml
much better :)