Message from @Goz3rr

Discord ID: 528561273743605761

porco
2018-12-29 13:03:57 UTC  

but amazon does it on AWS

Goz3rr
2018-12-29 13:04:05 UTC  

yeah but they probably do it on a DNS level then

porco
2018-12-29 13:04:16 UTC  

on amazon, you can ssh using the hostname, but not using the IP, because other containers have the same IP

porco
2018-12-29 13:04:19 UTC  

right that could be

porco
2018-12-29 13:05:04 UTC  

so instead, the better way would probably be to let ssh run on a different port on every vm, and then just use ssh forwarding

porco
2018-12-29 13:05:30 UTC  

ssh host:2201 => vm 1
ssh host:2202 => vm 2 etc etc

timsandtoms
2018-12-29 13:05:36 UTC  

@Tervy Can I permanently activate that and use group policy?

Goz3rr
2018-12-29 13:06:03 UTC  

maybe look at SRV records?

porco
2018-12-29 13:06:39 UTC  

Let me look that up

Tervy
2018-12-29 13:06:54 UTC  

@timsandtoms not 100% sure so i wont give you "yes" answer to that

timsandtoms
2018-12-29 13:08:30 UTC  

No worries. I'm just trying to avoid that hour long trawl through the MDL forums that I always end up doing, I'll suck it up and stop being lazy.

porco
2018-12-29 13:10:43 UTC  

@Goz3rr from what I understand, for using a srv record, the service would need to be discoverable already

porco
2018-12-29 13:10:58 UTC  

which isn't if my IP is internal

Goz3rr
2018-12-29 13:11:01 UTC  

I never used AWS so I'm not familiar with what they do, but on azure they just open up different ports

Goz3rr
2018-12-29 13:11:04 UTC  

reading what AWS does now

porco
2018-12-29 13:11:06 UTC  

I can't set 10.10.10.1 as a target

Goz3rr
2018-12-29 13:11:16 UTC  

but it looks like they use a ssh server on the host as a proxy

porco
2018-12-29 13:11:19 UTC  

oh I tried to find that out, too

Goz3rr
2018-12-29 13:13:36 UTC  

you can uh

Goz3rr
2018-12-29 13:13:41 UTC  

set up one ssh server as a gateway

Goz3rr
2018-12-29 13:13:47 UTC  

that redirects based on key

Goz3rr
2018-12-29 13:13:54 UTC  

because the protocol doesn't actually send the hostname

porco
2018-12-29 13:14:05 UTC  

the key thing is a good idea though

Goz3rr
2018-12-29 13:14:36 UTC  

the first paragraph here

porco
2018-12-29 13:15:08 UTC  

that looks like what I want to do

porco
2018-12-29 13:15:12 UTC  

I'll try that out

porco
2018-12-29 13:15:35 UTC  

if it works I can make a nice script to deploy the keys and it's good to go

Tervy
2018-12-29 13:16:02 UTC  

then there is always the overkill "traefik" setup

porco
2018-12-29 13:16:33 UTC  

yes but that's also just http

Goz3rr
2018-12-29 13:16:48 UTC  

alternatively most ssh clients support jumphosts

Goz3rr
2018-12-29 13:16:59 UTC  

so you ssh in to your host, and then it runs the ssh command to ssh into the instance you want

porco
2018-12-29 13:17:12 UTC  

jumphosts are what I am using now but I spend a few hours / week explaining people how to use jumphosts

Tervy
2018-12-29 13:17:14 UTC  

really ? i always thought traefik can do almost anyhting on packets you want

Goz3rr
2018-12-29 13:17:29 UTC  

ah

porco
2018-12-29 13:17:59 UTC  

our girl @小機器豬 for example is hosted on one of such VMs

Tervy
2018-12-29 13:20:02 UTC  

cant you specify what port goes to what port on vm on traefik ?

porco
2018-12-29 13:20:13 UTC  

yes but only for http services

Tervy
2018-12-29 13:20:14 UTC  

should that just clear your headache with ssh etc

porco
2018-12-29 13:20:44 UTC  

```@tbouvet as mentioned in the README, Traefik is an http (only) reverse proxy, then the answer is no. We want to add TCP support in the future, you can follow this issue #10.```