Server for exposing local web server to the public using a SSH client.
Is it like ngrok or localtunnel?
Yes, but not exactly.
SSH Connect is not a SaaS for everyone to use. SSH Connect is a server you should deploy on your infrastructure.
Another noticeable difference is that SSH Connect does not require some special client to connect. You just use any SSH client with a support of a remote port forwarding and it works.
It is as simple as
ssh -R 0:localhost:3000 [email protected]
and you have your web server on the port 3000 reachable at h4k3r.connect.example.com
.
SSH Connect is distributed as a docker image.
docker pull ghcr.io/aspirity-ru/ssh-connect:edge
See deploy documentation for more information.
Location where to store generated configurations. This directory should be available for traefik to listen for files changes.
Path: /app/traefik-configs
Server requires one or more private keys in order to handle connections.
Path: /app/keys
Provided private keys may be passphrase protected. Passphrase file will be matched by key filename. If passphrase file is missing server tries to process key as it does not have passphrase.
Path: /app/passphrases
Base hostname for exposed connection. Note that you should have
DNS records for both <PUBLIC_HOST>
and *.<PUBLIC_HOST>
Warning: IP addresses are not supported, because connections are exposed as an extra-level domain which is not possible in case of IP address as a hostname.
Examples:
connect.example.com
connect.example.com:33333
(can be with port if needed)
This hostname is used to resolve connection from webserver (traefik) to SSH Connect server.
Examples:
ssh-connect
(as service name in docker compose)host.docker.internal
(mostly for local development)172.12.0.122
(supported too if you know what you are doing)
Password for SSH connection.
Warning: If not provided anonymous access provided.
For security reasons you may not want to provide CONNECTION_PASSWORD
as a variable.
You can use secrets and provide path to the file in CONNECTION_PASSWORD_FILE
.
Examples:
/run/secrets/ssh-password
By default generated routers listen on every Traefik's EntryPoint.
Use TRAEFIK_ENTRY_POINTS
to limit what EntryPoints to use.
More details in Router's EntryPoints configuration.
Examples:
web443
http,https
(support for multiple values, comma separated)