December 12, 2019
if you:
you can create your own
setup your traefik 1.x frontends
/backends
. in my case, I wanted t-1.my.domain
and t-2.my.domain
. two always available endpoints for whatever machine to connect to, which will be routed to a service running on my laptop.
of course you could extend this config to as many tunnels as you like
# traefik.toml
[file]
[backends]
[backends.t-1]
[backends.t-1.servers.t-1]
url = "http://localhost:51401"
[backends.t-2]
[backends.t-2.servers.t-2]
url = "http://localhost:51402"
[frontends]
[frontends.t-1]
backend = "t-1"
passHostHeader = true
[frontends.t-1.routes.t-1]
rule = "Host:t-1.my.domain
[frontends.t-2]
backend = "t-2"
passHostHeader = true
[frontends.t-2.routes.t-2]
rule = "Host:t-2.my.domain"
passHostHeader = true
for each backend, so that the request headers for the local proxied-to services have the public frontend hosts instead of localhost
t-*.my.domain
possible for my home server, I’ve got DNS similar to:
A my.domain <home_ip>
CNAME *.my.domain my.domain
and a DDNS client updating the A
record, and 80
/443
forwarded
acme
should be configured, giving you TLS for a proper ngrok alternativeit’s as simple as
ssh -N -R '<traefik_backend_port>:localhost:<local_service_port>' <your_box>
for every tunnel you want to create. no need for any extra binaries like with ngrok
-N
means don’t run any remote commands, so you won’t get a shell on box. ssh will just keep the tunnel open without printing until you kill it-R
is key. connections to the given port on the remote host (<traefik_backend_port>
) are to be forwarded to the local side (localhost:<local_service_port>
so in my case, if I want to show a friend a web server I have running at http://localhost:5454
by the more friendly and secure address https://t-1.my.domain
, it would be:
ssh -N -R '51401:localhost:5454' my-box
where 51401
matches the frontend in the traefik.toml
much better :)