How to make SSH port fowarding for HTTPS?

Question

I've created the following port forwarding:

ssh -vL localhost:4433:example.com:443 remote-linux-host

^{Note: I'm using 4433 on my local instead of 443 to avoid running with sudo.}

however when I go to https://localhost:4433/, after ignoring the certificate check, there is the following error (on both Chrome and Firefox):

404 - Not Found

Same when using curl:

$ curl -s https://localhost:4433/ | html2text
<?xml version="1.0" encoding="iso-8859-1"?>
****** 404 - Not Found ******

How do I make the port forwarding for HTTPS?

My aim is to open https://example.com/ (which works fine over HTTPS) on my local (port 4433) via remote server.

"404" means the server is working fine, it just can't resolve the URL into anything sensible. — Ignacio Vazquez-Abrams, Feb 25 '18 at 21:38
The `https://example.com/` URL when going directly works fine. — kenorb, Feb 25 '18 at 21:39
Yes, and it also sends a completely different `Host` header. — Ignacio Vazquez-Abrams, Feb 25 '18 at 21:40

score 13 · Accepted Answer · edited Feb 25 '18 at 23:31

13

Let´s suppose that example.com is 93.184.216.34.

One of the methods could be as follows.

Do:

ssh -L 4433:93.184.216.34:443 remote-linux-host

Define in your local /etc/hosts in the machine using the browser:

127.0.0.1 example.com

And then open in the browser: https://example.com:4433/

In this way, it will send the correct Host header.

Beware of browser/resolver DNS caches after creating the hosts entry.

edited Feb 25 '18 at 23:31

kenorb

answered Feb 25 '18 at 22:02

Rui F Ribeiro

2

I suppose I could use 127.0.0.2 also, so as not to break any other loopback functions. – Hephaestus Oct 26 '20 at 01:06

score 4 · Answer 2 · answered Feb 26 '18 at 00:02

4

To keep hostnames, SSL certs, etc. all happy, you could use the -D option to create a dynamic SOCKS4/5 proxy.

ssh -D 4444 username@ssh-hostname

Then on local machine set firefox/chrome to use said proxy.

answered Feb 26 '18 at 00:02

ivanivan

2 Answers2