Making a local server public with

From ActiveArchives
Jump to: navigation, search

Recently I have setup a Raspberry Pi web server to be accessible publically using Here are my notes for it's setup.

DIRECT DOWNLOAD LINK TO SCRIPT: on the Server (front-end)

Run pagekite (in my case using screen)...

./ --clean --isfrontend --ports=9999 --protos=http,https --domain=http,

BONUS: configure apache to reverse proxy on a CNAME (to have available as instead of


<VirtualHost *:80>
	UseCanonicalName Off
	ProxyVia On
	ProxyRequests Off
	ProxyPreserveHost on
	<Location />
        ProxyPass http://localhost:9999/ retry=0 timeout=30
        ProxyPassReverse http://localhost:9999/
</VirtualHost> on the Pi

./ --clean --service_on=


ExecStart=/home/pi/pk/ --clean --service_on=

Test with:

 sudo service pagekite start
 sudo service pagekite status

and add to startup automatically with:

 sudo systemctl enable pagekite

Configuring ssh

So I wanted to have a Raspberry Pi's webserver public, and also be able to ssh to the machine. This via a public virtual server which has it's own SSH service (running on the standard port 22). In the end I used Apache reverseproxy to make the web available without the visibility of the high port (10107 in this example). NB however the reverseproxy is *not* necessary for the ssh access to work as this is handled by client configuration (to use an http proxy directly on 10107).

NB: "SECRETFOO" is my "secret" (since changed in private ;) ... and "" is the public CNAME registered domain. NB: My apache reverse proxy is only setup for port 80 (doesn't do SSL). SSH still seems to work via 10107.

front end (public server)

./ --clean \
    --isfrontend \
    --rawports=virtual \
     --ports=10107 \
     --protos=http,https,raw \

back end / PI

./ --clean \ \ \

On my laptop (where I will try to ssh via the frontend to the PI, the key was that the proxy port is 10107. I needed to install corkscrew (via apt) to make this work on Debian (the netcat examples elsewhere work on Mac OSX / FreeBSD).


     CheckHostIP no
     ProxyCommand /usr/bin/corkscrew %h 10107 %h %p

So in the end you can visit and also:


some links used in getting here:

extended notes

Initially I was using "port 2222" but it seems completely unnecessary. the "service_on=raw-2222" and I configured my laptop's ssh to use the non-standard 2222. So apparently whatever PORT ssh tries to use translates into a request on the backend for raw-PORT. In the case of 2222 the backend still ended up connecting it to the Pi's sshd on port 22. In any case, none of this had any effect on the front end which (happily) remains quite simple to configure, basically I just needed to add "raw" to the protocols and the "rawports=virtual" option.

     CheckHostIP no
     ProxyCommand /usr/bin/corkscrew %h 10107 %h %p
     Port 2222

(old -- still based on service_on=raw-2222) When this starts it says:

>>> Hello! This is v0.5.9.0.                        [CTRL+C = Stop]
    Connecting to front-end relay ...                      
     - Protocols: http https raw                                               
     - Ports: 10107                                                            
     - Raw ports: virtual                                                      
~<> Flying localhost:22 as raw:// (HTTP proxied)   
~<> Flying localhost:80 as                      
    ::1 < (localhost:80)               < raw:// (localhost:22)           
 << [connect]  Front-end connect:

What links here

Personal tools