1. The reason and purpose of establishing a reverse tunnel
Because we need to make WeChat payment and Alipay payment, these two payments will push the payment results to my server after the user's payment is completed, and our development server is usually located behind the company's router and cannot be accessed from the external network. Four solutions.
Method 1. Directly connect the external network to your development machine, so that the external network can be accessed directly. The disadvantage is that other colleagues in the company cannot access the Internet.
Method 2, do NAT forwarding on the router, so that it can also be accessed on the external network. The disadvantage is that the access right of the router is required. Secondly, if it is a multi-level routing, the configuration is more complicated.
Method 3: Do development or testing directly on a server with an external network. For example, after the code is written, package it and deploy it to an external network server for testing. The disadvantage is that the code cannot be debugged very well.
Method 4 is to use an external network server as a reverse tunnel. The disadvantage is that you need to have an external network server. However, now Alibaba Cloud has provided a pay-as-you-go server, and you can choose the 1C1G version.
It happened that Alibaba Cloud was engaged in activities some time ago. The purchase of a 1C2G server for 3 years costs only 298 yuan, and a 1M network is also given, while the recommended person will get a 1C2G1M server for 3 months. I happened to have a colleague who needed to buy it, so I used my recommendation, so I had a server with an external network.
2. Reverse tunnel environment
The environment required to establish a reverse tunnel
1. A Linux server with an external network, here select Alibaba Cloud ECS, CentOS7 system
2. Windows version of XShell5 software
3. How to build a reverse tunnel?
The construction of the reverse tunnel is divided into two steps. One is the configuration of the server configuration file, which allows the server to perform the reverse tunnel (the service itself is closed by default and needs to be opened). Second, the local XShell configures the reverse tunnel.
a. Server reverse tunnel configuration
Enter the configuration modification, mainly the operation of vim
vim /etc/ssh/sshd_config
Press the insert key to enter the editing function, add a line at the end of the configuration, and enter the content
GatewayPorts clientspecified
Press ECS to exit the editing function, enter: wq, press Enter to save, and use the method of reloading the configuration to make the new settings take effect. Because I am a Linux novice, I don't know how to load it here, but I still have the ultimate weapon, restart the server.
reboot
After the server restarts, the configuration takes effect automatically.
b. Local XShell configuration
The local configuration is mainly reflected in the three categories of connection, tunnel, and tracking. See the picture for details. It is best to mark the reconnection of the first picture with √, and the third picture is to add functions for clicking.
Configure the connection, set the connection name, account, password
The real highlight is to set up the tunnel. Don’t set it wrong here. There are two ways to set the tunnel, one is from remote to local, and the other is from local to remote. This article only talks about the configuration from remote to local, so in order Come.
The listening port fills in the external network port to be accessed, and the target port fills in the port provided by the local computer in the LAN. The default website port is 80. If the access is different and the server of Alibaba Cloud is used, you need to log in to the console to see if the corresponding port is opened.
So far the configuration is over, let's see if the reverse tunnel is successfully established.
See if the transfer rule is as shown above. See if the prompt looks like the image below.
Finally, test the connectivity, please configure the service locally, and set the access address and port. I am using IIS, and the configured local and external ports are 80. The final test result is shown in the figure below. The left side is the page that accesses the server, and the right side is the page accessed locally. There is no website configured on the server, and the site is .NET and cannot be deployed on Linux. So it truly reflects the result of this configuration: success!
Appendix: How does XShell modify the connection after adding it?
