2022-07-13 12:52:07 +02:00
An ansible role to set up an ssh tunnel and port forwardings from the remote machine to local machines
2022-07-13 13:06:37 +02:00
# Required variables
2022-07-13 12:52:07 +02:00
... e.g. in `group_vars`
- `ssh_tunnel_pubkey` : The complete line to be used in `authorized_keys` , e.g. "ssh-ed25519 AAAA[...]aU root@mylocalmachine "
- `ssh_tunnel_privkey` : The content of the corresponding private key file, including the BEGIN and END tags. It is highly recommended to put this inside an encrypted ansible vault.
2023-01-09 13:32:32 +01:00
- `remote_forward` : The list of port forwardings *from* the remote server *to* some local machine. Example:
2022-07-13 12:52:07 +02:00
```
2023-01-09 13:32:32 +01:00
remote_forward:
2022-07-13 12:52:07 +02:00
- exposed_port: 80 # public port at the remote machine
ephemeral_port: 10080 # internal port at remote machine's localhost address. The ssh tunnel will fetch traffic from there
dest_host: my-internal-http-server.local.domain.tld # domain or IP address of the destination machine. Must be reachable form the local machine.
dest_port: 80 # open port at the destination machine
protocols: ["tcp"] # list of protocols for this forwarding. "tcp" and "udp" are supported.
```
2023-01-09 13:32:32 +01:00
- `local_forward` : The list of port forwardings *from* the local machine *to* the remote machine. Example:
```
local_forward:
- local_port: 1234 # port bound on local machine, IP is automatically queried as A-record of inventory_hostname
2023-01-09 13:34:43 +01:00
remote_bind_ip: 127.0.0.98 # the IP some service on the remote machine is listening on
2023-01-09 13:32:32 +01:00
remote_port: the remote machine's port to forward the traffic to
```
