inactive
369
edits
Self-hosted SSH Proxy: Difference between revisions
→SSH Port Forwarding
(Created page with "=== SSH Port Forwarding === The Allegro Network Multimeter can be configured to to use SSH Port Forwarding to allow remote access to the device behind a NAT. The multimeter...") |
|||
| Line 2: | Line 2: | ||
The Allegro Network Multimeter can be configured to to use SSH Port Forwarding to allow remote access to the device behind a NAT. | The Allegro Network Multimeter can be configured to to use SSH Port Forwarding to allow remote access to the device behind a NAT. | ||
The | The Multimeter will create a tunnel to an SSH endpoint and will open a listening port on this SSH server. | ||
This port can now be used to send HTTPS requests to the | This port can now be used to send HTTPS requests to the Multimeter. | ||
==== Preparing the SSH server ==== | ==== Preparing the SSH server ==== | ||
| Line 22: | Line 22: | ||
Paste the line into the file and save/close the file. | Paste the line into the file and save/close the file. | ||
There are two options to access the | There are two options to access the Multimeter: | ||
'''Option 1: No proxy''' | '''Option 1: No proxy''' | ||
Advantage: | Advantage: | ||
* no additional software required | * no additional software required. | ||
Disadvantage: | Disadvantage: | ||
* no port < 1024 (as non-root user) | * no port < 1024 (as non-root user). | ||
* Default HTTPS port 443 is not possible | * Default HTTPS port 443 is not possible. | ||
The SSH server | The SSH server can be configured to allow only local listening ports. This has to be changed to allow listening on any subnet. | ||
Edit the SSH configuration file '''/etc/ssh/sshd_config''' and activate the following line: | Edit the SSH configuration file '''/etc/ssh/sshd_config''' and activate the following line: | ||
| Line 44: | Line 44: | ||
Advantage: | Advantage: | ||
* | * uses default HTTPS port 443. | ||
* | * uses several filter mechanisms provided by the proxy software. | ||
* | * uses the same SSH server as proxy for several multimeters through SNI routing. | ||
* additional configuration required | |||
Disadvantage: | |||
* additional configuration required. | |||
The following block shows a sample configuration for the '''nginx''' proxy server: | The following block shows a sample configuration for the '''nginx''' proxy server: | ||
| Line 74: | Line 76: | ||
} | } | ||
Forwarding to the Allegro Network Multimeter uses the configured server name. In this example, requests to '''allegro-mm-1234.mm-remote.company.com''' will be forwarded to the Multimeter. | |||
This requires that the hostname is resolved by the DNS server. This can be solved by a wildcard DNS CNAME entry to point at the SSH server. | |||
'''Configuration of the | '''Configuration of the Multimeter''' | ||
In the configuration | In the configuration dialogue, insert the parameters to access the SSH server. For example: | ||
* SSH Host: '''mm-remote.company.com''' | * SSH Host: '''mm-remote.company.com''' | ||
| Line 86: | Line 88: | ||
* Listening HTTPS Port on SSH Host: '''55443''' | * Listening HTTPS Port on SSH Host: '''55443''' | ||
The settings have to match the configuration | The settings have to match the above configuration. '''Every Multimeter requires a separate HTTPS listening port..''' | ||
If the '''SSH user''' is not '''root, no port below 1024''' is possible. Otherwise, an error message will appear when trying to connect. | If the '''SSH user''' is not '''root, no port below 1024''' is possible. Otherwise, an error message will appear when trying to connect. | ||