Tuesday, June 15, 2010

Using an ssh tunnel to manage your production site

Update (2010-10-20): Script to shorten the command, use hostname instead of IP

Probably, your production servers run behind Apache or some other webserver stack. To manage these portals, ZMI access can be handy, but the Zope port is not exposed to the outside world. You could solve this with an Apache proxy or rewrite rule, but I find it easier to start an SSH tunnel.

Suppose your Zope runs on port 8080, on server myserver.mydomain.com on, where you have an account for username.

ssh -L 8765: myserver.mydomain.com -l username -N

This will make your Zope accessible locally on port 8765. Here you can add Plone instance, look into their custom skins folders, and do whatever else you need to do.

For detailed info on ssh -L, see the manual pages.

You can also use a hostname instead of the IP address.

And if you get tired of typing this long command, you might want to use this script:

# ssh-tunnel.sh
# Shortcut to set up an SSH tunnel with concise syntax.
# Usage: ssh-tunnel.sh username hostname portnumber
# This assumes you want set op a tunnel to a host that you know by its hostname.
# To keep it simple, the remote port number will also be used locally.

# TODO: test parameters present
# TODO: allow for optional LOCAL_PORT

# TODO: allow for optional LOCAL_PORT
# TODO: allow for any hostname, also if not defined in /etc/hosts

# Show what we're going to do
# Do it

1 comment:

Jukka Ojaniemi said...

Good tip!

If you want to follow DRY I suggest setting your settings in $HOME/.ssh/config to make your life even easier.

Basically you'll set hostname, username and portforwarding rules there once and after that you can access that host by just typing ssh hostname.

Below is example of the possible config.

host zmi-plone
User myusername
Hostname example.com
LocalForward 20000 localhost:8080
IdentityFile /home/myusername/.ssh/id_rsa