Multiple http/tcp ports on same subdomain

antoniomika / sish

HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH.

https://ssi.sh

MIT License

3.84k stars 297 forks source link

Multiple http/tcp ports on same subdomain #293

Closed VitalyVaryvdin closed 4 months ago

VitalyVaryvdin commented 4 months ago

Hi, the issue seems to be loosely related to https://github.com/antoniomika/sish/issues/10

I'm trying to run npm dev server (vite) forwarded via sish instance, but the page keeps refreshing due to websocket port being unavailable. It uses, for example, port 3000 for http and port 3001 for websocket.

That way sish says dev subdomain is unavailable and forwards 3001 port to random subdomain instead.

ssh -R dev:80:localhost:3000 -R dev:80:localhost:3001 sish

This exposes tcp alias, which browser can't use in any way.

ssh -R dev:80:localhost:3000 -R dev:3001:localhost:3001 sish

This exposes port as sish:3001, which also can't be used by browser.

ssh -R dev:80:localhost:3000 -R 3001:localhost:3001 sish

Is there a way to expose multiple ports under the same subdomain?

antoniomika commented 4 months ago

Just by design of sish, the server hosts both subdomains and ports. As long as the host name resolves to the same server, you can achieve what you want by doing a tcp forward for the 3001 port. Something like:

ssh -R dev:80:localhost:3000 -R 3001:localhost:3001 tuns.sh

Would likely work for you as long as the hot reload socket tries dev.tuns.sh:3001 as the websocket.

If that doesn't work and you're able to change the address the browser uses for the websocket, you can forward the socket at a path and that would work as well. Just note that path wouldn't be accessible by the main app.

VitalyVaryvdin commented 4 months ago

Indeed. Didn't actually think about wildcard pointing to the same host. Thanks for the clarification.

Though, this command has been giving me connection refused error, after updating my local Vite it is now possible to use HMR on the same port with dev server, however it kept reloading the page until I specified --idle-connection=false in the CLI.

How would multi-tenancy be handled in that case? For example, there are demo-page-1.tuns.sh and demo-page-2.tuns.sh tunneled from different machines, but both use 3001 for websocket.

antoniomika commented 4 months ago

In that situation, you'd have to provide different ports. sish only treats 3 types of forwards as unique:

http (80)
https (443)
SNI (443, or any other port you want)

sish doesn't have support for registering a multiplexing http server on every port, only on port 80 or 443. This has to do with tcp aliases as other port/hostname combos will turn into internal tunnels.

In your situation, you have a few options.

Use different ports for the hot reloading middleware.
Have sish forward a path to the port and configure the websocket url to use that path (example)
Use SNI proxying and have the websocket hosted using TLS

I'll close this issue since it's use-case specific, but I'm happy to help here with anything.