What can go wrong with ssh port-forwarding HTTP/HTTPS sites?

Question

I am trying to figure out how ssh port forwarding works. I'm very puzzled as to the different problems I am seeing.

First, a basic example: ssh -L 8080:www.ubuntuforums.org:80 localhost. After logging into my local machine, navigating to localhost:8080 in Chrome gets me to http://www.canonical.com/. If I navigate directly to http://www.ubuntuforums.org/ in my Chrome, I instead end up at http://ubuntuforums.org/. What is going on here? Why do I not end up at ubuntuforums.org but instead www.canonical.com?

Second, changing the website and port: ssh -L 8888:learnlayout.com:80 localhost. Navigating to http://localhost:8888 in Chrome I just hang forever. wget http://localhost:8888 gives me the following index.html:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
<head>
<title>Transmission Forward</title>
<script type="text/javascript">
window.location = "http://24.218.24.189:8080/"
</script>
</head>
<body>
<p>Stand By...</p>
</body>
</html>

Is ssh not handling redirects correctly or something when I point to it in my browser?

Third, ssh -L 8888:imgur.com:80 localhost. In my browser I get the following error: Fastly error: unknown domain: localhost. Please check that this domain has been added to a service.. wget localhost:8888 gives me:

--2016-05-07 16:36:47--  http://localhost:8887/
Resolving localhost... ::1, 127.0.0.1
Connecting to localhost|::1|:8888... connected.
HTTP request sent, awaiting response... 500 Domain Not Found
2016-05-07 16:36:47 ERROR 500: Domain Not Found.

This diversity of errors is really befuddling me. Is there anything obvious about ssh tunneling I am missing? Should these be working and maybe my network or router is up to something?

Answer 1

Background

SSH

You are using SSH to establish a secure connection between two systems, authenticating the user to the remote endpoint and then setting up a tunnel inside that connection so that all connections to a specific port on your local machine are sent - through the tunnel - to a different host and port

HTTP

Using a browser or tool like wget you are making HTTP request to your local machine and port. Whatever response you get from that endpoint is interpreted by the originating tool according to the HTTP specification.

Your issue

When you make HTTP requests the responses you get are not what you expect. If you try to access example.org on your local machine as localhost:8888 thanks to an SSH tunnel, you are not getting the actual page as if you were browsing example.org directly.

Explanation

Most pages/sites are domain-aware. That means that its functionality is tightly tied to the domain on which they are configured to serve.

In your examples there are an assortment of scenarios. Websites forcing a particular URL to access them, a website redirection using javascript and even a webserver that does not know what site to serve based off that URL. The explanation is the same for all of them: they are not prepared to be accessed with an URL different than what they consider the standard URL.

In my experience, the domain with which a site will be accessed is something one can assume. Some configurations can be made to enforce a particular version of that domain (like adding or removing www), but hardly anything else. Such configuration can be made in the webserver - or caching layer in front of it - or the application itself (WordPress has a setting for its domain that it will enforce on its own). The exception are applications that can be accessed with multiple DNSs and most web frameworks have a way to support that scenario, but they mostly need a backend configuration to determine the list of domains they will serve.

Solution

For browsing the web from a different connection or using a tunnel: use an HTTP proxy. In particular, SSH's option -d PORT will create a SOCKS proxy that you can configure in most HTTP tools to tunnel connections.