Expose reverse-SSH tunnel to Cloudron app?
-
Hi all,
Need a quick hint:
# MacBook → Cloudron box (works) ssh -R 172.18.0.1:11434:localhost:11434 <user>@<server> # On the Cloudron host (works) curl localhost:11434 # → “Ollama is running” # Inside my Cloudron app (times out) cloudron exec --app <app> -- curl 172.18.0.1:11434Goal: let the app reach Ollama on my Mac via that tunnel.
Host sees it, container doesn’t. What’s the right bind/IP/firewall tweak so the container can hit the tunnel?Thanks!
-
Hi all,
Need a quick hint:
# MacBook → Cloudron box (works) ssh -R 172.18.0.1:11434:localhost:11434 <user>@<server> # On the Cloudron host (works) curl localhost:11434 # → “Ollama is running” # Inside my Cloudron app (times out) cloudron exec --app <app> -- curl 172.18.0.1:11434Goal: let the app reach Ollama on my Mac via that tunnel.
Host sees it, container doesn’t. What’s the right bind/IP/firewall tweak so the container can hit the tunnel?Thanks!
@jorrg said in Expose reverse-SSH tunnel to Cloudron app?:
:localhost:11434
By binding the port to localhost it is available to the Cloudron host, but the apps which are running in containers on a separate network cannot reach it.
You need to bin them to a global IP (and then firewall it so no others can access it).
-
In sshd, you should have
GatewayPorts yes.If you whitelist the port 11434 as per https://docs.cloudron.io/networking/#whitelist-ports , it should work . I tested this and it works with your commands.
But, I don't completely understand it. I found that 11434 also gets open to the world
In your example, curl localhost:11434works.. why? aren't we just binding to 172.18.0.1 ?
