rtyler
/
brokenco.de
1
0
Fork 0
Code Pull Requests Releases Activity

Add aci-tunnel explanation

This commit is contained in:
R Tyler Croy 2019-03-26 09:23:40 -07:00
parent 12a60a2699
commit ba6a589133
No known key found for this signature in database
GPG Key ID: E5C92681BEF6CEA2
1 changed files with 62 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
_posts/2019-03-26-local-tunnel-with-azure-containers.md Normal file
View File

@ -0,0 +1,62 @@
---
layout: post
title: "Making a local service public, with Azure Container Instances"
tags:
- opensource
- azure
---
Whether I'm sharing a locally developed service with a member of our globally
distributed team, or I need to integrate some cloud-based service with local
development, I frequently find the need to expose a local TCP service to the
public internet. In the past I have tried to use tools such as
[localtunnel](https://localtunnel.github.io/www/) or
[smee.io](https://smee.io), and in both cases I found them lacking; I simply
want _this_ TCP port open to the world! Yesterday afternoon I spent some time
hacking on the first version of my own little solution:
[aci-tunnel](https://github.com/rtyler/aci-tunnel).
aci-tunnel relies on the [Azure
CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest)
and will provision an ephemeral [Azure Container
Instance](https://docs.microsoft.com/en-us/azure/container-instances/), to
which an SSH reverse port forwarding tunnel is opened. The screencast below
shows an example of using `aci-tunnel` to expose a locally running Jenkins
environment:
<center>
<script id="asciicast-236487" src="https://asciinema.org/a/236487.js"
async></script>
</center>
## The Details
There are two components to `aci-tunnel`, the first is the [custom
container](https://hub.docker.com/r/rtyler/aci-tunnel) which is deployed into
Azure. The container is a fairly simple derivative of [Alpine
Linux](https://alpinelinux.org/) with the `openssh-server` package installed.
The daemon is also configured with `GatewayPorts yes` to enable binding a
reverse port forward onto `0.0.0.0` in the container. For added security
whenever `aci-tunnel` launches, it passes along the user's `~/.ssh/id_rsa.pub`
along to the instance which is dropped into the container as an
`authorized_keys` file. This ensures that only the user that launches
`aci-tunnel` can access the container.
The container is launched with the ports 22, and whatever the user specifies,
open to the public into Azure Container Instances.
On the local side, the `aci-tunnel` script creates the SSH tunnel with the
right arguments to construct the reverse port forwarding enabled.
Once the highly sophisticated tunnel keep-alive command has been interrupted,
terminating the SSH tunnel, `aci-tunnel` then destroys the container in Azure.
---
Wholly controlling my own tunnel infrastructure works quite well. In my early
experimentation I was able to share a local service while sitting on public
transit wifi, which was a bit slow but still allowed the HTTP and other TCP
requests to transit the link properly.