How to forward port 8080 from a distant server to the client from the client using a tunnel ssh?

vinzee

11/9/22, 3:00 PM

I have installed GitLab in docker on a distant machine. I would now like to forward the port 8080 from this distant machine to my local port 8080.

On the distant machine:

sudo docker run --detach --hostname gitlab.example.com --publish 443:443 --publish 8080:80 --publish 2222:22 --name gitlab --restart always --volume $GITLAB_HOME/config:/etc/gitlab --volume $GITLAB_HOME/logs:/var/log/gitlab --volume $GITLAB_HOME/data:/var/opt/gitlab gitlab/gitlab-ce:latest

On my local machine:

ssh -N -o "ExitOnForwardFailure yes" -R 8080:localhost:8080 someuser@the-distant-server -vvv

I get the following error:

debug1: pledge: network
debug3: receive packet: type 80
debug1: client_input_global_request: rtype [email protected] want_reply 0
debug3: receive packet: type 4
debug1: Remote: /home/someuser/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug3: receive packet: type 82
debug1: remote forward failure for: listen 8080, connect localhost:8080
Error: remote port forwarding failed for listen port 8080

And indeed, in the /var/log/auth.log, I get the following error:

Jul  9 16:51:42 distant-server sshd[2723782]: Accepted publickey for someuser from 192.168.200.182 port 44850 ssh2: RSA SHA256:
Jul  9 16:51:42 distant-server sshd[2723782]: pam_unix(sshd:session): session opened for user someuser by (uid=0)
Jul  9 16:51:42 distant-server systemd-logind[1083]: New session 116923 of user someuser.
Jul  9 16:51:42 distant-server systemd[2723795]: pam_unix(systemd-user:session): session opened for user someuser by (uid=0)
Jul  9 16:51:43 distant-server sshd[2723812]: error: bind [127.0.0.1]:8080: Address already in use
Jul  9 16:51:43 distant-server sshd[2723812]: error: channel_setup_fwd_listener_tcpip: cannot listen to port: 8080
Jul  9 16:51:43 distant-server sshd[2723782]: pam_unix(sshd:session): session closed for user someuser
Jul  9 16:51:43 distant-server systemd-logind[1083]: Session 116923 logged out. Waiting for processes to exit.
Jul  9 16:51:43 distant-server systemd-logind[1083]: Removed session 116923.

It tells me bind [127.0.0.1]:8080: Address already in use.

I don't understand how I can listen to port 8080 from the distant machine if no process can write to it. I think I have a misunderstanding of how ports/listening/writing/ssh work here.
How can I fix the ssh command to make this tunnel work and access the GitLab instance on my 127.0.0.1:8080?

291

1 + 0

ssh

port

port-forwarding

ssh-tunnel

docker

Score:1

Server

Martin

11/9/22, 3:53 PM

Short answer: use the ssh switch -L instead of -R.

Explanation: On the distant machine, you open a docker container which publishes the port 8080. This means in detail, that the docker host opens up a LISTEN socket and wait for incoming connections.

There are two types of port forwardings: -L and -R:

-L opens up a listen socket on your local machine and forwards this incoming connection through the ssh tunnel, and opens a connection on the remote host to the specified address (localhost:8080 in this case, which is exactly what you want)
-R works the other way around: it waits for incoming connections on the remote machine, and forwards it to the local host. This fails of course because you already have a listen socket sitting on this address (the docker container!)

You always have to think about who is initiating the connection. The Gitlab instance is probably accessible via a browser, which means that your local browser tries to open the connection, therefore you must have the listen socket available locally.

0 + 2

vinzee

11/9/22, 4:57 PM

It is the first time I read about `LISTEN` sockets when looking for explanations on ssh tunnels. It made everything much more clear.

Martin

11/9/22, 7:18 PM

you definitely should take a look at TCP networking basics. No wonder that you misunderstood the ssh tunnel options...

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How to forward port 8080 from a distant server to the client from the client using a tunnel ssh?

TH: จะส่งต่อพอร์ต 8080 จากเซิร์ฟเวอร์ที่ห่างไกลไปยังไคลเอนต์จากไคลเอ็นต์โดยใช้ tunnel ssh ได้อย่างไร

RO: Cum să redirecționați portul 8080 de la un server îndepărtat la client de la client folosind un tunel ssh?

RU: Как пробросить порт 8080 с удаленного сервера на клиент с клиента с помощью туннеля ssh?

VI: Làm cách nào để chuyển tiếp cổng 8080 từ máy chủ ở xa đến máy khách từ máy khách bằng ssh đường hầm?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.