Expose an app/api running on local host to public internet using AWS EC2
MIT License
Reverse proxy that creates a secure tunnel from public endpoint to locally running web service
Environment variables can be loaded from any .env
file.
service/app/api
is running)ingress
and egress
on the specified port. Defaults to False
100
t2.nano
~/.aws/config
~/.aws/config
US-WEST-2
expose_localhost
Expose Localhost
server_info.json
[email protected]
route53
. Example: mywebsite.com
tunnel
CHANNEL_TIMEOUT
can be adjusted to improve latency depending on the application's role.
Network Latency
Shorter timeouts can make your server more responsive to incoming connections but may also lead to false negatives if network latency is high. If connections take longer to establish due to network conditions, a short timeout might reject valid connections prematurely.
Connection Rate
If your server expects a high rate of incoming connections, and you want to process them quickly, a shorter timeout can be beneficial. However, it also means that your server needs to be able to process connections rapidly.
Resource Usage
Short timeouts can lead to a higher rate of repeated checks, which may consume more CPU resources on the server.
Ensure that your server has the capacity to handle frequent connection checks, if you are setting CHANNEL_TIMEOUT
too low.
The public DNS names for EC2 instances are long and messy. To avoid that, an A
record can be added to the route53
hosted zone.
⚠️ Requires an active hosted zone on route53
.
💡 SUBDOMAIN.HOSTED_ZONE
will be the endpoint to access the localhost from public internet.
pem
format stored in current working directory.key_file
and cert_file
env var.expose
will generate a self-signed certificate and a private key automatically.⚠️ Some web browsers might throw a warning and some might even block a self-signed certificate/private CA.
Manually generate self-signed certificate
openssl req -newkey rsa:2048 -sha256 -nodes -keyout private.pem -x509 -days 365 -out public.pem -subj "/C=US/ST=New York/L=Brooklyn/O=Example Brooklyn Company/CN=tunnel.example.com"
To verify the generated certificate
openssl x509 -inform pem -in public.pem -noout -text
python3 -m pip install expose-localhost
import os
os.environ['env_file'] = 'custom' # to load a custom .env file
import expose
# Instantiate object
tunnel = expose.Tunnel()
# Start tunneling
tunnel.start()
# set 'purge' flag to 'True' to reclaim AWS resources if configuration fails
# tunnel.start(purge=True)
# Stop tunneling - deletes all AWS resources acquired
tunnel.stop()
If
E: Could not get lock /var/lib/dpkg/lock-frontend
occurs during startup, simply rerun the script with start command.
This occurs when
apt
hasn't released the resources yet. A retry logic is in place to delete the lock file automatically. However, if any such issues persist, re-runningtunnel.start()
will simply re-configure the instance entirely.
Currently expose
cannot handle, tunneling multiple port numbers without modifying the following env vars in the .env
file.
KEY_PAIR # SSH connection to AWS ec2
KEY_FILE # Private key filename for self signed SSL
CERT_FILE # Public certificate filename for self signed SSL
SERVER_INFO # Filename to dump JSON data with server configuration information
SECURITY_GROUP # Ingress and egress firewall rules to control traffic allowed via VPC
Docstring format: Google
Styling conventions: PEP 8
Clean code with pre-commit hooks: flake8
and
isort
Requirement
python -m pip install gitverse
Usage
gitverse-release reverse -f release_notes.rst -t 'Release Notes'
PreCommit
will ensure linting, and the doc creation are run on every commit.
Requirement
pip install sphinx==5.1.1 pre-commit recommonmark
Usage
pre-commit run --all-files
https://pypi.org/project/expose-localhost/
https://thevickypedia.github.io/expose/
© Vignesh Rao
Licensed under the MIT License