Multiple SSH reverse port tunnels on the same remote host and port

Question

I've run across a few reverse port tunneling services, like http://progrium.com/localtunnel. I get that they allow me to easily setup a reverse SSH port tunnel, which lets me show my local web server online (e.g. I run a Rails app locally on port 3000, and using localtunnel's service I can share it with someone online with a URL like xhd3s.localtunnel.com.)

I'm a little confused about how this works, though. When you setup a remote tunnel, you have to specify the remote port to take over, which means one tunnel per port on the remote server. However, with these port tunneling services, everyone specifies the same remote port. The only difference is the tokenized subdomain.

How do they take the tokenized subdomain and translate it into a unique tunnel using the same port? I suspect there is some web server wizardry at play, but I'm not quite sure how this would work.

EDIT:

In other words, I would like to be able to issue these commands from two different computers:

# first computer
ssh -R 9000:localhost:3000 [email protected]

# second computer
ssh -R 9000:localhost:3000 [email protected]

What do I do on myserver.com to allow both of these reverse port tunnels to operate on port 9000?

Answer 1

I've spent some time playing around with this question. I now believe the premise that the remote SSH tunnels are all setup to work with the same port on the remote server is mistaken.

But after trying out some proof of concept stuff, I think I know vaguely what they're doing.

I was assuming that the SSH tunnels were all using the same port because all connections to the subdomain-ed URLs were presumably happening on port 80. However, if you setup proxy passing in your webserver, you can forward traffic to a different port on the server.

Here's some proof of concept Nginx proxy passing:

server {
    listen 80;
    server_name xcvs.myserver.com;

    location / {
        proxy_pass http://127.0.0.1:5222;
    }
}


server {
    listen 80;
    server_name csde.myserver.com;

    location / {
        proxy_pass http://127.0.0.1:5223;
    }
}

So, the traffic to these two different subdomains on port 80 are proxied to different ports, which you can then use to setup the SSH tunnels.

There's still a bit of mystery in the setup, though. When you setup a tunnel with a service like localtunnel, you issue a command like:

$ localtunnel 3000

I think this is hitting the server, getting back a new port number and subdomain pair, and then issuing the remote SSH tunnel command with those values for you.

But, I'm a bit unclear how to automate the creation and mapping of subdomain to port so that the web server knows how to proxy appropriately. I smell a weekend project in the works. :)