Chisel: Ngrok local-tunnel Alternative

So today we're gonna learn a tool called chisel, from the same creator of overseer that I usually use to graceful restart production service.

What chisel can do? It can forward traffic from private network to public network, for example if you have service/port that only accessible from your internal network, and you want it to be exposed/tunneled to server that has public IP/accessible from outside, but only for the case when you cannot use reverse proxy because the reverse proxy cannot access your private server (eg. because it protected by firewall or doesn't have public IP at all).

internet --> public server <-- internet <-- private server/localhost
                           <--> tunnel <-->

You can first install chisel by running this command

go install github.com/jpillora/chisel@latest 

or download the binary directly. 

Then in the public server (server with public IP), you can do something like this:

chisel server --port 3229 --reverse

this would listen to port 3229 for tunnel requests.

On the client/private network that you want to be exposed to public you can run this command:

chisel client http://publicServerIP:3229 R:3006:127.0.0.1:3111

The command above means that on the server, there will be port 3006 listened, any traffic that goes to that port, will be forwarded to client to port 3111.

After that you can add https for example using caddy (don't forget to add DNS first so letsencrypt can get the proper certificate):

https://myWebSite.com {
  reverse_proxy localhost:3006
}

Other alternatives are cloudflare tunnel, but it requires you to setup network and other stuff in their website (not sure what they will charge you for excess traffic), there's also ngrok (the original, but now a paid service), localtunnel (but it always dead after few requests).

More alternative and resources here:

• https://github.com/anderspitman/awesome-tunneling 
• https://medium.com/geekculture/chisel-network-tunneling-on-steroids-a28e6273c683 
• https://0xdf.gitlab.io/2020/08/10/tunneling-with-chisel-and-ssf-update.html
  

Ngrok: easiest way to Tunnel to localhost

Ngrok is a tool that could help you publish your local web so it can be accessed by public. The example use case is when you want to publish your development server, so client or your boss can access it from another place. Yes, it's easy to install your web application to a VPS or hosting server or use VPN remote desktop software (Hamachi or TeamViewer), but it would took some time and probably bigger bandwidth. It's really easy to install ngrok since it's portable (built using Go programming language), in ArchLinux you can type:

yaourt --needed --noconfirm -S --force ngrok

Or you can download the binary from their website. To use ngrok, just type the program name followed with service port on your localhost that you want to publish, for example:

ngrok 8080

After running the program, there would be a link given (HTTP and HTTPS) that can be acessed by public, if people visit that link it would give the same output as http://localhost:8080.

You can view the visit log on the web interface http://127.0.0.1:4040.

If you have already registered to their website you can use subdomain feature, by adding authtoken (get it after registering) for the first time, for example:

ngrok -authtoken ndf8gus0n958t 8080

Then you can use subdomain feature for example:

ngrok -subdomain mysubdomain 8081

This would create a subdomain on Ngrok's domain, for example mysubdomain.ngrok.com that linked to your  http://localhost:8081. One more cool feature about Ngrok is you can replay the request, just press the replay button on the web interface. Minor flaw of this program, if you run multiple instance of Ngrok, only the first instance will get web interface (http://127.0.0.1:4040), the next instance would not get the web interface.