About

You’re visiting the personal website of Joost Schuttelaar.

Take a look

Contact

You can e-mail me at jelephants @ jstsch.com (anti-spam: please remove the mammal with the big snout).

Twitter feed @jstsch

Sorry, feed is gone. API has been killed by Twitter.

Recent posts

Using Apache to serve a SSH-tunneled website

Sunday January 22 2012

At the office we’re using an internal development server, which also hosts all our git repositories. We’re using the small and awesome ViewGit repository browser to get an insight in the latest commits.

However, our development server is only accessible at the office, not at home over the web, unless you set up an SSH tunnel. This is a little bit cumbersome to do every time you just want a quick peek, so we used a simple solution to make ViewGit accessible over the web. Behind some HTTP Basic authentication of course.

First, login to your public webserver and set up a tunnel to your development webserver using SSH. I recommend setting up key-based authentication, so you don’t have to enter a password and you can easily daemonize it – the tunnel will disconnect every once in a while.

ssh -fNL 8666:sitename.example.local:80 username@dev.example.com

Replace sitename.example.local with your local web site hostname. Replace username@dev.example.com with the SSH login you would normally use.

The second step is to create a new vhost in Apache on your public webserver and set that hostname up as a tunnel. Let’s call it git.dev.example.com. Do this in the same way as you would add a regular domain to your web server. Then add a few extra lines to the vhost. In DirectAdmin you can easily add this in the admin panel under Custom HTTPD Configurations:

ProxyPass / http://localhost:8666/
RequestHeader set Host "sitename.example.local"
ProxyPreserveHost on
<Location />
	AuthUserFile /home/example/domains/git.dev.example.com/public_html/.htpasswd
	AuthName "ViewGit"
	AuthType Basic
	Require valid-user
</Location>

The first three lines set up the reverse proxy and direct the web requests to the right vhost on the tunneled development web server. The last six lines set up HTTP authentication. Using a .htaccess in your document root will not work, because of the ProxyPassReverse directive.

Enjoy your publicly accessible development site! :)

Comments


(never shown, not required)
(not required)