Using Google Chrome’s Socks5 Proxy With SSH Tunnels
At work we’re migrating our core infrastructure to Amazon’s AWS service. We have a pretty standard set-up with an infrastructure account hosting our bastion servers, allowing suppliers to connect to our different environments. Currently we have three Virtual Private Clouds (VPC) - production, pre-production and development.
On premise access to these environments is provided via a Direct Connect pipe provided by our WAN supplier.
|
+-------------+ +----------------------+
| | | | |
| +--v-----+ | | +--------+ +-------+ |
| | Bastion| | | |App | |DB | |
| | Server |------ >Server | |Server | |
| +--------+ | | | | | | |
| | | +--------+ +-------+ |
+-------------+ +----------------------+
INFRASTRUCTURE PRODUCTION
VPC VPC
Accessing the web interfaces of the applications running on our application servers is fine while working on premise. However, when I work from home I need to create an SSH tunnel through the bastion server and then use Chromes socks5 proxy to direct requests through the SSH tunnel.
Creating the SSH tunnel
SSH into your bastion server using the -D option to bind an addressing port from the local machine to the connection. I tend to use port 1080
ssh ec2-user@bastion -D1080
Launching Chrome to use the binding
Launch Chrome and pass in the --proxy-server option to use the socks5 proxy on your localhost. All traffic/requests will be directed to the port number you used in the SSH connection.
"/Applications/Google Chrome.app/Contents/MacOS/Google Chrome"
--user-data-dir="$HOMEproxy-profile"
--proxy-server="socks5://localhost:1080"
Using this Chrome session you should be able to connect to the web interfaces or applications running on servers within your VPC’s