The home assistant instance I use is hosted on a Raspberry Pi 4 and it's connected to internet via an ISP who does not provide public IP addresses for home usage. Therefore it's not straightforward to allow access to the home assistance instance from internet.
Therefore I decided to use reverse SSH tunnel between the home assistant (raspberry pi) and my seedbox which already has an nginx instance running.
you can gain SSH access to home assistant via Advanced SSH & Web Terminal add-on.
Below command has been executed on home assistant to create the reverse SSH tunnel with the seedbox,
ssh -fTNR 18123:localhost:8123 <user in seedbox>@<ip of the seedbox> -p <ssh port of the seedbox> -i <path to SSH private key to connect to seedbox>
-T to disable pseudo terminal allocation
-N to restrict remote command execution
-R [bind_address:]port:host:hostport. This specifies that the given port on the remote (server) host is to be forwarded to the given host and port on the local side. Please refer man page of SSH for more details.
Once the SSH command is executed, you should be able to see a server is running in the remote machine, (in this case port 18123 in my seedbox),
tcp 0 0 127.0.0.1:18123 0.0.0.0:* LISTEN -
tcp6 0 0 ::1:18123 :::* LISTEN -
Please note that the bind address is 127.0.0.1 by default. if you want to change this, you will have to set clientspecified as the value for GatewayPorts configuration in /etc/ssh/sshd_config file of the remote server and then restart sshd service. Instead of configuring that (due to security risk), you can still expose the service running on localhost to internet via nginx.
below snippet added to the default file in /etc/nginx/sites-enabled directory,
proxy_pass http://127.0.0.1:18123;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
ServerAliveInterval 15
ServerAliveCountMax 3
No comments:
Post a Comment