EC2: Web Portals On Private Instances

General Information

Accessing web portals that are running on private AWS EC2 instances.


  • AWS Account
  • Basic VPC, Subnets, etc already setup
  • EC2 instance running with some sort of web portal that is listening only on a private network

Access Through a Bastion Host

Accessing web portals on instances in private only subnets through a bastion host (that does not have a browser).

This example is using Firefox from a jumpbox to access a private IP only FreeIPA web portal

  • If on Windows, launch Xming on your local laptop/desktop
    • SSH to your local Linux jumpbox, execute firefox (firefox forwards from your jumpbox back to your Windows system)
    • Open a new SSH session to your jumpbox (this one will forward the traffic)
  • If on a Linux desktop, skip the above and just open Firefox
  • From the jumpbox's new ssh session or straight from your Linux desktop
    • SSH to the bastion host (while opening a local proxy listening port)
      ssh -D NUMBERHERE -i ec2keyfile.pem
      • Leave this session open to the AWS bastion host in order to forward the Firefox traffic to it. This will make it like you are browsing Firefox from the bastion host.
  • From Firefox
    • Configure Firefox to forward proxy traffic through the local ssh listener to the remote bastion host
    • Click “Settings” (the three lines in the upper right corner)
    • Click “Preferences”
    • Click “Advanced” > “Network” > “Settings”
      • Connection Settings dialog box
        • Click “Manual proxy configuration”
        • SOCKS Host: “localhost”
        • Port: “NUMBERHERE” > Must match the port used in the ssh -D command above
        • Remove “localhost” from the “No proxy for:” box
      • Click “OK”

  • linux_wiki/ec2_web_portals_on_private_instances.txt
  • Last modified: 2019/05/25 23:50
  • (external edit)