I am attempting to adjust my deployment scripts to access a server behind a newly established gateway that I've configured. The gateway currently is accepting traffic from the internet correctly and the server behind the gateway currently is only accessible through the gateway.
I've configured https traffic to correctly flow through the gateway. But right now, ssh connections to the internal server are only accessible via the gateway.
This is my first time configuring a gateway and I'm trying to determine the best approach to configure my automated deployments to ssh into the internal server.
Based on my research it seems like I have three approaches available.
Either I can configure an ssh tunnel through the gateway via a different port on the gateway that routes to the ssh port on the internal server OR I can configure some sort of ProxyJump OR I can adjust my routing so that traffic in my virtual private cloud is enabled directly on the internal server.
Note: My deployment server currently gets spooled up brand new each time like a runner or actions server, connects to the required server and uses ssh to deploy code. I'm not sure what the best approach is here. Should I create an ssh tunnel and modify my deployment scripts to ssh into the server I need through the tunnel and deploy the code? Or is there a better(more secure) way of doing this?
Should I reconfigure my internal server to accept traffic from my virtual private cloud only and allow only public internet traffic to be funnel through the gateway?
The server comes preconfigured with two ethernet devices, one is the public internet, and I think the second is a route to the virtual private cloud.
A requirement to keep in mind:
I've configured this gateway for security reasons so that I can perform intrusion detection and preventions and centralize my logging of traffic.
All of these servers are linux based. Any helpful suggestions would be appreciated.
