Expose reverse-SSH tunnel to Cloudron app?

jorrg

Hi all,

Need a quick hint:

# MacBook → Cloudron box (works)
ssh -R 172.18.0.1:11434:localhost:11434 <user>@<server>

# On the Cloudron host (works)
curl localhost:11434          # → “Ollama is running”

# Inside my Cloudron app (times out)
cloudron exec --app <app> -- curl 172.18.0.1:11434

Goal: let the app reach Ollama on my Mac via that tunnel.
Host sees it, container doesn’t. What’s the right bind/IP/firewall tweak so the container can hit the tunnel?

Thanks!

fbartels

@jorrg said in Expose reverse-SSH tunnel to Cloudron app?:

:localhost:11434

By binding the port to localhost it is available to the Cloudron host, but the apps which are running in containers on a separate network cannot reach it.

You need to bin them to a global IP (and then firewall it so no others can access it).

joseph

In sshd, you should have GatewayPorts yes .

If you whitelist the port 11434 as per https://docs.cloudron.io/networking/#whitelist-ports , it should work . I tested this and it works with your commands.

But, I don't completely understand it. I found that 11434 also gets open to the world In your example, curl localhost:11434 works.. why? aren't we just binding to 172.18.0.1 ?

james

Marking this topic as solved since no more input was given from user @jorrg

Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.

Cloudron Forum

Expose reverse-SSH tunnel to Cloudron app?