I recovered from a small disaster today using the neko dockerised web-browser.
I set up a remote backup with Proxmox running on a HP mini and a Synology a month ago at a friend’s house 3000 km away. I thought I’d reserved all the IP addresses, but last night the Synology IP address changed, so the NFS shares to Proxmox and Jellyfin broke. That wasn’t to hard to fix remotely, but I don’t want it to happen every time the DHCP lease expires.
So now I need to log into their router and reserve the IP addresses…
I can get on the local network there by ssh-ing into one of my entities (via Tailscale), but how do I get to the web interface of the router?
Enter neko. It spins up a browser in a Docker container that can be accessed over a web address. So I created an LXC, installed docker and spun it up, then was able to use that to open the local-only web interface to the router.
neko is intended for watch parties, so multiple people can be logged in to the same browser window at a time - there’s a toggle to take control of the window for clicks and typing, but apart from that it’s all pretty straight forward. There’s a very noticeable lag, but it got the job done.
Perhaps there was an easier lighter-weight way of doing this? In the old old days there was a text browser called Lynx - so perhaps there’s some modern iteration that could have done this job?
Edit: There is an easier lighter-weight way of doing this!
Thanks to @SteveTech@programming.dev, @Dewege@feddit.org and others who mentioned ‘ssh tunneling’ - TIL I could just connect a local port (8080 in my case) to port 80 on the router (192.168.1.1:80 in my case) via the VM I have ssh access to over tailscale (thirdbreakfast@100.126.38.117) with:
ssh -L 8080:192.168.1.1:80 thirdbreakfast.126.38.117
ssh -L <local port to use>:<remote machine to access with port> <ssh address of jump machine>
When executed, that looks like I’ve just ssh’ed into that machine, but until I log out of that connection I can open up 127.0.0.1:8080 in my browser and I’m in the router’s web interface - still a tiny bit of lag, but way smoother experience with less carry on.
Amazeballs.
sshuttledoes exactly that. It’s basically a VPN that uses SSH tunnelling. If you have a host in the same network as the target machine, and you can SSH into it,sshuttlecan route all TCP traffic between you and the target (or a subnet) through the host without having to bind local ports manually.Oh man this looks so much simpler than having to Google/man page how to ssh tunnel every 8-10 months.
This was my first thought. I’m actually using this right now to set up WireGuard at my house so I can tunnel there from a remote location on several devices that don’t have ssh accounts on the target.
Next in line is
ssh -D 9999 remotehostwhich opens a socks5 proxy on localhost:9999 that tunnels all connections through the remote host. This is especially rad with proxy.pac https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Proxy_servers_and_tunneling/Proxy_Auto-Configuration_PAC_fileAnd next in line is
ssh -L 9999:target_host:80(or whatever) which tunnels 127.0.0.1:9999 to target_host:80.