How do I tunnel and browse the server webpage on my laptop?

ssh remote tunnel

162,454

There are two ways you can do this with SSH.

Tunnel Everything with a SOCKS proxy

ssh -D 8080 remote-host

Now go to your browser's proxy settings, and configure it to use a SOCKS proxy with host name 127.0.0.1 and port 8080 (or whatever port you passed to the -D option). Now all pages you load in your web browser will be tunnelled through the SSH connection. You should now be able to access the private web page in the same way you would from the remote host.

Once you are done, set your browser's proxy settings back to normal.

One down side of this method is that all other traffic in the web browser will also be going through the SSH connection. On the upside, you can access the remote servers with their real host names, and can easily access multiple private sites.

Tunnel a single port.

The alternative method is to use SSH to forward a single port:

ssh -L 8080:server-hostname:80 remote-host

Now if you point your web browser at http://localhost:8080/, you should see the contents of http://server-hostname/ as it would appear from the remote host.

The benefit of this method is that it leaves the rest of the browser traffic alone. The downside is that some links might not work if the remote site uses absolute URL references. If the site mostly uses relative URL references, then this method should be sufficient.

For both of these solutions, there is nothing special about the port 8080. You can use any free local port number you want, as long as you remember to use the same one in the ssh invocation and in the web browser.

162,454

CppLearner

Updated on September 18, 2022

Comments

CppLearner over 1 year
I run a web app in one of my lab servers, and I have already setup X11 Forwarding on those machines. Other lab members can tunnel through SSH, and browse that web app on their local browser at home.

I can't. Last time I checked with them, there is almost nothing I need to do.

When I type 192.168.1.113/webapp I get nothing.

Any tips?

THanks.

I ended up using the second method :)
```
ssh -L 8080:<server-ip-address>:80 <username>@<remote-addr> -N
```
- jrg about 12 years
  
  @BlueXrider general, yes, on-topic, yes. For something like this, the versions of Ubuntu don't really matter, its about as on-topic as What is a torrent and how do I use it which is considered on-topic. :)
CppLearner about 12 years

Thanks. It was very helpful! I managed to do it this way: ssh -L 8080:<server-ip-address>:80 <username>@<remote-addr> -N something like this (the second method).
Maxim Brazhnikov almost 12 years

Is it correct that I must configure only a socks proxy in the first method (see: spareclockcycles.files.wordpress.com/2009/04/…). I.e. it would not work, if I point the http proxy to 127.0.0.1:8080? If this is correct, perhaps you could point out in your great answer, that one has to set up only the socks proxy.
panticz over 8 years

If you use Chrome (second browser?) you can pass proxy parameter for SOCKS5 directly on start: chromium-browser --proxy-server="socks5://localhost:8080"
Seymour over 4 years

why are you not using any .ppk or .pem to connect the instance? How should I change your code if I need to use one?
kdb about 4 years

Note that this method fails for secured websites; A company website, I need access too, will say "we don't know the URL you used to access our website, so we don't allow you in", and Google will say "page not found", when trying to forward the HTTPS port.
James Henstridge almost 4 years

@kdb: that is a limitation of the second method. The SOCKS proxy method should work for anything that relies on domain names (name based virtual hosts, TLS certificates, etc).
Admin almost 2 years

I like the first approach the most. To avoid having to log into the remote server, you can pass the -N flag: ssh -D 8080 -N remote-host