Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the '10.5: Set up OS X as an SSL-secured reverse proxy' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.5: Set up OS X as an SSL-secured reverse proxy
Authored by: amusingfool on Mar 11, '08 02:15:57PM
side note, the default port for HTTPS is 443 (check /etc/services when you can't remember this sort of thing).

Getting to the real point, though, I guess I'm not quite sure what the point is. Is it just to get it listening to https? If so, this is a nice summary of all the steps.

Is it to have some login-protected pages, with secure access? If so, you could do things a bit more simply (with a bit of added flexibility). Just set the web server to listen to a port that isn't available externally (assume, for the sake of argument, 8080). Then enable ssh access to the box. When you want to get to the site, do
ssh myname@external-address -L 9999:hostname:8080
(9999 is a local port number, hostname is a name that is recognized on the remote box, so it could be a local name, and 8080 is the port to which you want to tunnel)
Then point your browser at http://localhost:9999/ et voila.
A side benefit to this is that you can use a certificate for signing in (remembering that ssh-agent is your friend :).

[ Reply to This | # ]
10.5: Set up OS X as an SSL-secured reverse proxy
Authored by: ianf on Mar 11, '08 04:06:05PM
Hi, I'm the anonymous author of the hint, just thought I'd expand on the above based on one of the comments;
Getting to the real point, though, I guess I'm not quite sure what the point is. Is it just to get it listening to https? If so, this is a nice summary of all the steps.
The purpose of the hint is to allow secured remote access to a device located on an internal network using the Mac as a proxy to that device, so that the device itself isn't directly exposed to the real world. In my case it's a TiVo running its own unsecured web server/interface. Using the above instructions (and forwarding port 443 to the Mac) I'm able to securely access the TiVo's web interface without exposing its own port 80 directly to the web, while at the same time ensuring that all traffic to and from it is encrypted, which in this case, I'll admit, is perhaps overkill ;-).
Is it to have some login-protected pages, with secure access? If so, you could do things a bit more simply (with a bit of added flexibility). Just set the web server to listen to a port that isn't available externally (assume, for the sake of argument, 8080). Then enable ssh access to the box. When you want to get to the site, do ssh myname@external-address -L 9999:hostname:8080 (9999 is a local port number, hostname is a name that is recognized on the remote box, so it could be a local name, and 8080 is the port to which you want to tunnel) Then point your browser at http://localhost:9999/ et voila.
Useful hint, I currently do something similar to allow me to securely VNC remotely to my mac, but hadn't thought of using it in that way.

Cheers,
IanF

[ Reply to This | # ]
10.5: Set up OS X as an SSL-secured reverse proxy
Authored by: amusingfool on Mar 12, '08 10:50:25AM

If that's the goal, set up the tunnel like I mentioned, and set the target to be the TiVo's server and port, rather than another port on the "accessible" web server.



[ Reply to This | # ]
10.5: Set up OS X as an SSL-secured reverse proxy
Authored by: ianf on Mar 12, '08 12:10:42PM

Hi, thanks for your reply, however I think I may be missing something obvious.

The TiVo doesn't run an SSL server, so I can't forward a port on the router directly to it, if that's what you're suggesting. Or are you saying that the command you suggested will connect to my mac and tell it to forward the connection onto the TiVo? If so that's dead clever and I didn't know it could be done :-)

Cheers,
Ian



[ Reply to This | # ]