Access a Web Service on a Ubuntu Server from Windows with Port forwarding. Using a standard port (needs root), but still use the users ssh configuration (needs the user, not root).

Server Setup

  • Docker container is binded to 127.0.0.1:4200->4200/tcp
  • nginx as a reverse proxy: redirect traffic from :80 -> to :4200
  • /etc/hosts contains: 127.0.0.1 my-domain.local to access webservice using this domain
    • we need to access all request using this domain, because the web app, uses the same domain for the rest API

Extension to access the same from another host

  • C:\Windows\System32\drivers\etc\hosts: add 127.0.0.1 my-domain.local
    • to have the same domain name locally available
  • Because we would like to use a non-root port for ssh -> so that we can use the users .ssh/config (and keys) we add a simple local redirect using socat (which runs as root)
    • setup a simple redirect as systemd service 
      sudo apt install socat
cat /etc/systemd/system/domain-local-80.service
  
[Unit]
Description=Expose domain.local:80 inside WSL
After=network.target
    
[Service]
ExecStart=/usr/bin/socat TCP-LISTEN:80,bind=127.0.0.1,fork,reuseaddr TCP:127.0.0.1:4200
Restart=always
AmbientCapabilities=CAP_NET_BIND_SERVICE
    
[Install]
WantedBy=multi-user.target
    • manage service 
      sudo systemctl daemon-reload
sudo systemctl enable --now domain-local-80.service
# verify
sudo systemctl status domain-local-80.service
  • SSH Tunnel: finally we can redirect socats output to the remote server 
    # params
#   -N: No remote command -> no shell start up, no command injection TTY
#   -f: **f**ork -> Background
#   ServerAliveInterval=60: Prevents timeout (resend every 60s)
ssh -L 4200:my-domain.local:80 -N -f -o ServerAliveInterval=60 ssh-config-entry

# to exit the background process
## simple classic way
ps aux | grep "ssh"
kill x

## simple easy way
pgrep -f "ssh -L"
pkill -f "ssh -L"
  
## or other ways
ss -ltnp | grep ":4200"
sudo lsof -iTCP:4200 -sTCP:LISTEN

Whole setup overview

eyJ2ZXJzaW9uIjoiMSIsImVuY29kaW5nIjoiYnN0cmluZyIsImNvbXByZXNzZWQiOnRydWUsImVuY29kZWQiOiJ4nO1cXNly2khcdTAwMTR9z1dQnteg6X3xw1R535PYOCb2ZMqlgDAyWMJIeJvKv89tbKslJDFgSMxcdTAwMDNQ5ULdWno599xzu6/874dKZSV+7Hkrq5VcdTAwMTXvoeF2/WbfvV/5aMrvvH7kh1x1MDAwMVSR4XFcdTAwMTRcdTAwMGX6jeGZ7TjuRat//mmvcFx1MDAxYeHN81Ve17vxgjiC8/6G40rl3+FfqPGb5lq3vlx1MDAxMbZcdTAwMDbnlPe2xPHaQ/P82zq5XHUwMDFlXjo86bUxfa9cdTAwMTG7wVXXs1VcdTAwMGZQrrlIjlx1MDAxZuG4ijlKXG7u/WbchkKmZFLW9vyrdlxmhVSTpPD5xqtcdTAwMTV7aVx1MDAxNPfDjrdcdTAwMTF2w755+lx1MDAxZtgzX/vsXHUwMDFmbqNz1Vx1MDAwZlx1MDAwN0EzOSfuu0HUc/vQWXtey+92a/Hj8O4wYDA4KyPPqL80koyUl11cdTAwMDVcdTAwMGa9alx1MDAwN15kXHUwMDA2XHUwMDE0J6Vhz234sVx1MDAxOVx1MDAwMYxsL0xcdTAwMGJ7e83h2P9j29R3b7w9M/jBoNtNiv2g6T1cZmdcdTAwMDRlnlx1MDAxNjRfnvY6cXZW6EvJT9t2zzM3lkgxyjilSYVcdTAwMDWP1qOFn8JgiCOspaBcXGmhbKOiTVx1MDAwMFA8vGnL7UaenVx1MDAwMdOyrVx1MDAxNLhsXHUwMDA3XHUwMDA3vab7fFx0loJoyoXAWNu2dP2gM9r7btjo2Kd8SPVqXHUwMDA0r/vVXd3aXHUwMDBma7W2bPPOp8+HZ4Mrnsdr7D3EI1CVo1BlJFx1MDAwN1UuXHUwMDFjhLmWXFxzgpliLFx1MDAwZlxcxpe4LcYtLsZt5uxcdTAwMTeAKikl4oJcdTAwMTfhU5bhU1OlkFx1MDAxNOjd4WnRZlBcdTAwMDZdr/tBau7CIK75T0NcdTAwMDNcdTAwMTWZ0m33xu+aweaZO6x1/SvT85Wu10phXHUwMDAwelx1MDAxZvtA6El1XHUwMDFj9mxtXHUwMDAz7uf6gdfPz0jY96/8wO2eXHUwMDE2tc5cdTAwMWTE4YlcdTAwMTc9ty/uXHUwMDBmvHS/vd1XlGOH8DFWePTYY1/D2mVN19Su/+XTw3pUPZ7IXG617fuzXHUwMDE15v1cdTAwMDWh1Fx1MDAxMYJKXCJcdTAwMTRcdTAwMTKCIWExbq3QXra0woxcdTAwMTWSya1cdTAwMTBcdTAwMTPNsVA0Z3GmTpHR0sRPXHUwMDAwN1LwXHUwMDE02J6xKIbYXHUwMDBlozha/Vx1MDAxZZhCTKSD4IvNwc1jtVx1MDAxOd6AwThwXHUwMDA3t1torXghrHX6LszHpFx1MDAwZntB5/BcXIVnnVx1MDAxZNw6v3O32pvNy8mFoLZwNmPG7DQmMpDYgUzsXHUwMDE4p7zy0pAzhkxnloFYaFx1MDAwMeKb81wiXHUwMDAzJyk/OmrgTCNFsE7JnylcZjxpn21pXHUwMDAyMv+geVx1MDAxMLmb33bE3vlBfPE1+rJ3d5P0M1x1MDAwMzS331x1MDAwZu9XkpqfXHUwMDFmx913m7j3XHUwMDAztlW/3lONVn9wd3pLou5k93359ZvkKz76dnLZa7b93U+6drt3eHzXvlWTOE5cdTAwMDBUVr9cdTAwMTZcdTAwMDRaVIN6XHUwMDA1XHUwMDBmq5hcdTAwMTZIU1lgb2SpXkvMjU3jN1x1MDAxMeGqOLxS5VbFXHUwMDExoVxiS754brNeOyz0iFx1MDAwNGVK30u/pls3XHUwMDFmZ9dsXHUwMDFk67B+17mM7+snV18vfpw1j3uTmSGxpGiGXCKlZ1x1MDAxM/2qpcO1lpowhZhQRXaYXHUwMDA27NJcdTAwMTAzhsinMERMIVAnVFx1MDAxNllcIsF4tDQxRYK5XHUwMDAwcUXeXHUwMDE0Sv5cIkc01sHdd4KLp+rWxcblQT368rmqP/tcdTAwMTdcdTAwMTfv5uByXHUwMDA0XHUwMDEygVwijSurXG5VqtW/KquMIPQ9MN8oaleq21x1MDAxNVOwXG5cdTAwMDI28vowXHUwMDE1z1x1MDAwMlx1MDAxNs5eYNKZuUfzIarHo6fdi+2t29tcdTAwMWGqqa+bp4+H7KKZJ6pcdTAwMTJVrrBcdTAwMDW4XHUwMDE5QoryokFcbjvzlp74kp5K6EnMLstcdTAwMTlcdTAwMDKBRpkuYi1G0WjpK2tRisGdMDlv/cA1oqk1gJn0rfvIvPr+XHUwMDE1bsVcdTAwMWXa3mqu1dZqT1x1MDAwNdtcdHnHqih1tCbIaCuqQV6NXHUwMDAwlzt5R6uUQyTWXFxSLVx1MDAxOSje5WrtXHUwMDE0OJbT6F1cImB8Sc6fmpmR5etEXGamhlOp3lx1MDAxNEaOXHUwMDAzrCCK4ylcdTAwMDCb81eHfjB4WOAl25H2zWnRlu/SXHUwMDFk3jjmtXb1/Mtm7TjqNfzJbNPO8dBcdTAwMWGFZYsk9lTUUVgrwlxiLlS8y8izzFx1MDAxMtVcdTAwMTSWaJiacIB/kSmyUtdcdTAwMDEuh0pcdTAwMDHhyNxcdTAwMDXvXtXdOursxqdVfnZ78Fx1MDAxOPNcdTAwMTa6ri664OWMXHQxk+BcdTAwMWTqPbNUO1SIf1VcdTAwMDIw31x1MDAwN/PDVlx1MDAxOIW4wFx1MDAwMnfqXHUwMDFlzIeEbtYv72+qrn96Xr9aI1tPP261jydcdTAwMTa0mDC7fT2kolRcdTAwMDJCQkWkQNGmnNCSfjL0o2dcdTAwMTa0XGYsXG5zrnKZXHUwMDA1w7ryXHUwMDA1MU1cdTAwMTiWdO7rYVx1MDAxY+L61NbyTHr2on65vdY5uvRCcnZcXO3sd4VXp5P4TExJdkeEqjxSzU6npiB7XHUwMDA1ZmVcbnZcdTAwMTmJlVx1MDAwMXdtcr9JIHBcdTAwMDLfWVxm0XRUnFuzXHUwMDE1mlPNUme8v9+c0L+xKSwg5982TXW/svHqT75cdTAwMDfJXuTQLVReXHUwMDE3RVx1MDAxNtjDvaFcdTAwMGbz8XHj53ZkXkf8XHUwMDFitFBhKkGqXHUwMDEx4EeUXWymXG47imsphVx1MDAwNExcbm5rk5BcdTAwMTg7WFx0wrGWXG5J+JMnXHUwMDE0ylx1MDAxZCSwVFx1MDAxMiMshFx1MDAxNtY6l/yS4Zf1SVx1MDAxZCMpc4ySXCLGlCxcXJ6WojTRXHRzhlx1MDAxNFx1MDAwMZFvPca8PCNcdTAwMDRcdTAwMGZv4oVe6I+Smv1VsYhcdTAwMTlcdTAwMWUkv//5WHh2KUjNJ1x1MDAwN097t1x1MDAxY/F13SjeXGJvbvxcdTAwMTi6+cU0Mcf/sduP12FO/eAqO3cvibF7XHUwMDEzhMZDXHUwMDFha1xmTPeryFFacYyJgplcdTAwMTVI2NxWXHUwMDAzNLdnXHUwMDA2XHUwMDFiO1x1MDAxYbw6oVxuUSxcdTAwMDFcdTAwMDFcIodcdTAwMGYvaP5/o8Zrj2yjOINWXHUwMDAx51x1MDAwYqaZXHUwMDE2Slx1MDAxNTfKflx1MDAwMJN50JqxWjOk1PbcnF1Ak9N1o+zldX+E91x1MDAxM0mq+Egq/ONhcOI/xuqgXHUwMDE1+Of7tc7kXHUwMDExXHUwMDAwxtZunjPIUovcibBSXHUwMDA1IYBcXCqpXHUwMDEyptuYQ6pcdNdaMFxcuCdOcHlcZoBMoi3Db1sjXHUwMDFjJ7DitTX/4HxcdTAwMTA2j5921JbfqW2Tq6O57pjNKcQ4eDq9fqyenp2pbeSd+NfknK/riUJcZkzxiCkgnTdcdTAwMDVcIlx1MDAxY6SBXHUwMDFkKMRooihcdTAwMDdrXHUwMDE5YZTZxeZcdTAwMTQrc0rDfFx1MDAxMJ1PX1x1MDAxZVx1MDAxYcCYlTnKXHUwMDEwXHUwMDA2P/KmXGJjnlx1MDAxMM3FXHUwMDAw62BcdTAwMTWRkc2mdCT78O9Vhf5ZYO0/Rdvno/nH081YzY91dk2rWpA8aVx1MDAwMW63tpbCvcRst2ZcdTAwMTbu2pAlT9NpKjM6lbKa82bKJKSwuVx1MDAwYnchiHibMc9VuOP02ey3KPPxajElgpHDXGJTRHBcYqFcdTAwMTmTWthpSkQwXHUwMDFmL8Tz7fv1anh8Rux43kBZ3sB5549cdTAwMGLi/6W3L6GN7ZlpXHUwMDAzXHUwMDAyVqqxsdhcIt5IZVx1MDAwZY7yXHUwMDA2XFyDILAh81x1MDAxN1x1MDAwMVx1MDAwYsFcdTAwMWJVrErO/3XEMf59hlx1MDAxNHGAY5fZb443XGJbPOJcdTAwMTifaTiWOFBqQcrYXHUwMDBlyVx1MDAwN9CYOFpJQlx1MDAxNGJaa4J50c6EvcuSSTJMsjM7k3DwY1xuS1SUc1x1MDAwMyFdXHUwMDE5k0hcbp6PXHT8S1x1MDAwNIi96btcdJBSWJpcdTAwMGan9vpcdTAwMDUgllTXXlx1MDAxN+H+R4CUPXJ8unols1x1MDAxMshcdTAwMThcdTAwMTZcXFx1MDAwMVx1MDAwNChggYm8XGLCeTL7TZR1u9Nv7J9vn4nwhFTvr93rVnPn64RaR1GHc6ZB3lGKXHUwMDEwy75cdTAwMGKDiXBMXHUwMDE2IGOcK0HSq39JmqvMXl/wTilVICFcdTAwMDUyu2cweFx1MDAxMrNlykBcdL/tzsxvoNOxYIVcdTAwMTmF6XFcdTAwMWZhN6KYVEi8bTf2l6yVzFcmlYLUfPLwnCfbjVr8+4qb8dlfY5mCXCLlmNffhEJaKsGyqYtcdTAwMDRJXHUwMDA3vFx1MDAwN1xidUG4lkLk/1x1MDAwN4TZZEVcZkmGQJJTgVxuX99h3JFYK0qBY1x1MDAxMcyWVVBLqshQxd7MVMFcdTAwMTjVXHUwMDFhxEdRyiPn5TtcdTAwMGLUbJCbN9XnT1x1MDAxNlxmvb9cdTAwMTSqluPUfPJcYv1cdTAwMWTaaHKhXHUwMDAybTdzKqV5Q04oVVx1MDAxMHWB2EubKtc4XHUwMDA3kYnU0zSbu5LCYyS0TFNmUn/eRz19eJmcXHUwMDE1t9erxVx1MDAwML+kdyt3vne/nieMP1rDj9nEXHUwMDFhNsyQhTc0tJ9cdTAwMWZ+/lx1MDAwN/8sWp0ifQ==Winhosts: 127.0.0.1 my-domain.localWSLsocat :80 --> :4200ssh -F 4200:my-server.local:80Linuxlocalhost:80 -> nginx -> localhost:4200Docker Container127.0.0.1:4200 -> :4200Browser my-domain.local[:80]