forked from cloudfoundry/docs-bosh
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcli-tunnel.html.md.erb
31 lines (22 loc) · 1.19 KB
/
cli-tunnel.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
---
title: CLI Tunneling
---
<p class="note">Note: Applies to CLI v2.</p>
CLI supports tunneling all of its traffic (HTTP and SSH) through a SOCKS 5 proxy specified via `BOSH_ALL_PROXY` environment variable. (Custom environment variable was chosen instead of using `all_proxy` environment variable to avoid accidently tunneling non-CLI traffic.)
Common use cases for tunneling through a jumpbox VM include:
- deploying Director VM with `bosh create-env` command
- accessing the Director and UAA APIs
<pre class="terminal">
# establish a tunnel and make it available on a local port
$ ssh -4 -D 12345 -fNC jumpbox@jumpbox-ip -i jumpbox.key
# let CLI know about above tunnel via environment variable
$ export BOSH_ALL_PROXY=socks5://localhost:12345
$ bosh create-env bosh-deployment/bosh.yml ...
$ bosh alias-env aws -e director-ip --ca-cert ...
</pre>
SSH options:
- `-D` : local SOCKS port; make sure port is not already in use by a different tunnel/process
- `-f` : forks the process in the background
- `-C` : compresses data before sending
- `-N` : tells SSH that no command will be sent once the tunnel is up
- `-4` : force SSH to use IPv4 to avoid the dreaded `bind: Cannot assign requested address` error