I recovered from a small disaster today using the neko dockerised web-browser.
I set up a remote backup with Proxmox running on a HP mini and a Synology a month ago at a friend's house 3000 km away. I thought I'd reserved all the IP addresses, but last night the Synology IP address changed, so the NFS shares to Proxmox and Jellyfin broke. That wasn't to hard to fix remotely, but I don't want it to happen every time the DHCP lease expires.
So now I need to log into their router and reserve the IP addresses...
I can get on the local network there by ssh-ing into one of my entities (via Tailscale), but how do I get to the web interface of the router?
Enter neko. It spins up a browser in a Docker container that can be accessed over a web address. So I created an LXC, installed docker and spun it up, then was able to use that to open the local-only web interface to the router.
neko is intended for watch parties, so multiple people can be logged in to the same browser window at a time - there's a toggle to take control of the window for clicks and typing, but apart from that it's all pretty straight forward. There's a very noticeable lag, but it got the job done.
Perhaps there was an easier lighter-weight way of doing this? In the old old days there was a text browser called Lynx - so perhaps there's some modern iteration that could have done this job?
Edit: There is an easier lighter-weight way of doing this!
Thanks to @[email protected], @[email protected] and others who mentioned 'ssh tunneling' - TIL I could just connect a local port (8080 in my case) to port 80 on the router (192.168.1.1:80 in my case) via the VM I have ssh access to over tailscale ([email protected]) with:
ssh -L 8080:192.168.1.1:80 [email protected]
ssh -L <local port to use>:<remote machine to access with port> <ssh address of jump machine>
When executed, that looks like I've just ssh'ed into that machine, but until I log out of that connection I can open up 127.0.0.1:8080 in my browser and I'm in the router's web interface - still a tiny bit of lag, but way smoother experience with less carry on.
Amazeballs.
Yeah, SSH tunneling. What I would do (and have done in the past) is something like:
That will forward port 8080 on your host to port 80 on 192.168.0.1, so you can access your router's web UI with
http://localhost:8080/in your own web browser.You can also setup full tunneling with SSH, but that requires messing around with SOCKS and I usually can't be bothered.
ssh -D8080 myserverand then use any of the proxy extensions (i like proxyswitchy omega I think it’s called). Also works with tsocks or anything that can use a SOCKS5 proxy, and as an added bonus, it’ll resolve DNS through the proxy as well.I’ve been using the
-L2500:localhost:25 -L14300:localhost:143trick to access my personal email without leaking anything outside of the ssh tunnel for years, and things like sslh and corkscrew allow me to get around/through draconian corporate IT policies with almost 100% success.The last trick I have is iodine which can tunnel traffic through DNS. If you can’t get a direct connection to the iodine endpoint it can be damn slow, but if you gotta get through it can be a godsend.
I use this to help my grandma remotely! The two steps needed were to join her into my Tailscale network and set up SSH with key authentication only.
Now I am able to SSH into her computer and enable VNC (remote control) and connect to the VNC-server over an SSH-tunnel like this.
I just can't get over the fact that I didn't knew of ssh tunneling till today. P.S I have a 24x7 home server for last 5years
Thanks - this is exactly what I needed.
You beat me by some minuts :)