One of my colleagues needs to expose the local running app to an external service. There were simple constraints - the domain name under which service was exposed cannot change (because it needs to be whitelisted) and need to be a subdomain of the company domain.

They already have some virtual machines for developers with external IP adresses and SSH access running. I’ve proposed using them to solve this task - below you can find the solution that can be applied.

What will be needed:

  • publicly available server (external IP) with (GNU/)Linux and nginx (for this post I’m assuming it is Ubuntu),
  • user and permissions to change nginx configuration (sudo/root),
  • SSH access for that server,
  • some domain name, for example - some.domain.tld - pointing to the server external IP.

Let’s start with configuration - in /etc/nginx/sites-available/some.domain.tld write:

server {
  listen 80;
  listen [::]:80;

  gzip on;
  server_name         some.domain.tld;

  location / {
    proxy_redirect off;
    proxy_set_header Host;
    proxy_set_header X-Original-Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;

This configuration will proxy requests for some.domain.tld to the local port 8080 on the server.

To enable it we need to link this configuration to sites-enabled directory using command:

ln -s /etc/nginx/sites-available/some.domain.tld /etc/nginx/sites-enabled/some.domain.tld

and restart nginx - systemctl restart nginx. Now under domain some.domain.tld visitors will see an error page with the message “bad gateway” - all because on 8080 port there is nothing.

Now, with the power of a ssh tunnel, we will make this 8080 port on remote server will point to some port on our local machine.

To expose our local service we can use the command:



  • $PORT_ON_SERVER is the port which we forward request to on server,
  • $LOCAL_PORT - local port on dev machine where something is running,
  • $LOGIN and $SERVER are the username and address of the server running proxy.

Assuming that username is alice, the server is available under some.domain.tld domain and our local service is available under port 4502:

ssh -N -R 8080:localhost:4502 alice@some.domain.tld

And that’s all - after opening the domain in the browser we will see our local service. And anybody on the Internet can also view it, so watch out! ;-)