Accessing Onsite Webpages From Offsite

From Hall D Ops Wiki
Jump to: navigation, search

Some webpages are not accessible from outside the JLab network. To get to these from offsite, you'll need to setup an ssh tunnel using your CUE account. Here is an example of how to run web browser from a VNC session on a machine at JLab so you can access internal web pages. A couple of notes:


Start VNC server on jlabl1

1.) ssh to login.jlab.org and from there, ssh to jlabl1

> ssh login.jlab.org
...
jlabl14% ssh jlabl1

2.) start a private VNC server

jlabl1.jlab.org:~> vncserver -geometry 1200x1000

New 'jlabl1.jlab.org:96 (davidl)' desktop is jlabl1.jlab.org:96

Starting applications specified in /home/davidl/.vnc/xstartup
Log file is /home/davidl/.vnc/jlabl1.jlab.org:96.log

Note the number "96" in the above. Since a specific port number was not given with the vncserver command, the system automatically found a free port. In my case, this was "96". The actual TCP port that we will need to tunnel to will be this plus 5900. In the current example, this would be: 5900+96=5996. Each private VNC session will need to use a unique port.

The server is now running and you may log out. It will remain there until you explicitly kill it (or the computer is rebooted). This means you generally will not need to do steps 1.) and 2.) in the future and can go directly to step 3.). Just make sure to remember your port number.

Connect to Server on jlabl1

3.) From your offsite computer setup two ssh tunnels that will connect you through the login server to jlabl1. Setting up a tunnel is done with the -Lport1:host:port2 where "port1" is the TCP port on your local machine to listen on, host and port2 describe where to forward connections to on the other side of the tunnel. In the example below, we listen on port 5996 on the local computer and forward connections to port 54321 on login.jlab.org. We use 54321 in this example as a port that hopefully no one else is using. (You could use 5996 here as well, but may run into conflicts with persons tunneling VNC sessions not going to jlabl1.) The second ssh command listens on the same port number on login.jlab.org (54321 in this case) effectively connecting the two tunnels. It forwards it to port 5996 on jlabl1.

 > ssh -L5996:localhost:54321 login.jlab.org
...
jlabl14% ssh -L54321:localhost:5996 jlabl1


4.) Start up your local VNC client software.

You'll need a VNC client program to connect to the server. Many systems come with these, but a quick Google search will almost certainly turn up something for any platform.

Linux

If you do not have a VNC client, try installing the tigervnc package. It has a client called "vncviewer". Use it by opening another window and running the command with the host and port to connect to. Since you've set up the tunnels in step 3., you just need to tell it to connect to the localhost at the correct port number.

> vncviewer localhost:96

Mac OS X

Mac OS X comes with a VNC client in it's "Screen Sharing" program. It can easily be launched using the "open" command though giving an argument containing the protocol, host, and port. Open another window and type something like this:

> open vnc://localhost:5996


Running a web browser

You should be able to start up firefox by either clicking an icon in the program tray or just opening a terminal in your VNC window and typing "firefox". IF YOU DO NOT SEE A NORMAL DESKTOP, then you may need to edit your .vnc/xstartup file on Jlabl1.jlab.org (NOT YOUR LOCAL HOST!). Mine looks like this:

#!/bin/sh

# Uncomment the following two lines for normal desktop:
unset SESSION_MANAGER
exec /etc/X11/xinit/xinitrc

[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
twm &


Once the browser comes up, type in the name of a URL like:

https://hdops.jlab.org

You should be able to navigate to internal pages now.