Whether you’re the Secretary of Defense, or just an average Joe trying to survive with some peace of mind and security, encryption is a good thing. Have many virtual hosts on your unencrypted Apache server, but want encryption for whichever virtual host you specify? Here is the solution! Note, this is written for Linux clients – not Windows. You can tweak the instructions to work with Windows by using Putty and creating a tunnel that way.
First of all, here is the command to tunnel for Linux:
Explanation of the above command:
- ssh starts the ssh client
- -f forks the ssh client into the background
- -L forwards the command to the binded source_port:server:destination_port
- -N tells ssh not to execute a command on the remote server once you are logged in to it
After you have started the tunnel using the command above, you will stay logged into it as long as the terminal is open.
Next, you would open your web browser and go to the following address with the address bar:
By going to that address, it fails? What? Ohhhhh that’s right, you need to add the entry for that site to your hosts file:
Open the file:
(If you were doing this in Windows, the file is at C:WindowsSystem32driversetchosts)
Add this line to it:
Now go to the address again and it should work:
If you were to run a packet sniffing program such as WireShark, you could monitor your network adapter (wlan0 or eth0 – whichever one you are using) and see that everything going to myserver.com (which is where you are tunneled into via ssh – using it to access you_virtual_host.com) is encrypted! Whoo hoo now you can log into your unencrypted website without worrying that people can see your plain text password going over the network.
If you were to monitor your loopback interface (lo) then you would see all the clear text data – except it never leaves your computer unencrypted.
NOTE: Once you have added your_virtual_host.com to your /etc/hosts file, it will always look for that domain on the local machine which means you need to open to tunnel to access it. As a result, if you try to ssh into your_virtual_host.com you will see that the connection is refused. The way around this is to ssh into a different domain on the same server (notice that I ssh’d into myhost.com instead of my_virtual_host.com).
Every host you add to the 127.0.0.1 line in the /etc/hosts file that is on your server will work on the same port (10000 or whatever port you specify – you can use any port you want that isn’t taken by another program). So, if you have my_other_domain.com on the server and, in your web browser, you go to http://my_other_domain.com then it will work as well with the existing tunnel.
View the next article for setting your computer to automatically start the tunnel when you log in.
If this works for you or not, please comment below and let me know.