22 lines
No EOL
1.5 KiB
Markdown
22 lines
No EOL
1.5 KiB
Markdown
An ansible role to set up an ssh tunnel and port forwardings from the remote machine to local machines
|
|
|
|
# Required variables
|
|
... e.g. in `group_vars`
|
|
- `ssh_tunnel_pubkey`: The complete line to be used in `authorized_keys`, e.g. "ssh-ed25519 AAAA[...]aU root@mylocalmachine"
|
|
- `ssh_tunnel_privkey`: The content of the corresponding private key file, including the BEGIN and END tags. It is highly recommended to put this inside an encrypted ansible vault.
|
|
- `remote_forward`: The list of port forwardings *from* the remote server *to* some local machine. Example:
|
|
```
|
|
remote_forward:
|
|
- exposed_port: 80 # public port at the remote machine
|
|
ephemeral_port: 10080 # internal port at remote machine's localhost address. The ssh tunnel will fetch traffic from there
|
|
dest_host: my-internal-http-server.local.domain.tld # domain or IP address of the destination machine. Must be reachable form the local machine.
|
|
dest_port: 80 # open port at the destination machine
|
|
protocols: ["tcp"] # list of protocols for this forwarding. "tcp" and "udp" are supported.
|
|
```
|
|
- `local_forward`: The list of port forwardings *from* the local machine *to* the remote machine. Example:
|
|
```
|
|
local_forward:
|
|
- local_port: 1234 # port bound on local machine, IP is automatically queried as A-record of inventory_hostname
|
|
remote_bind_ip: 127.0.0.98 # the IP some service on the remote machine is listening on
|
|
remote_port: the remote machine's port to forward the traffic to
|
|
``` |