Accessing private servers
Overview
At some times, the best solution for a customer may be to install an AhsayOBS server on-premises. This can involve installing the server software on a computer that does not have direct internet connectivity and communicates via NAT from a private IP address only. MyClient must be able to make inbound requests to the server in order to sync data with it. There are several possible approaches for accessing an on-premises AhsayOBS server that is behind a NAT.
Method 1. Forward port
All NAT server solutions have the ability to make manual port mappings through the firewall. Please configure the NAT or firewall to forward the necessary ports for AhsayOBS through the firewall.
Although AhsayOBS normally listens on TCP ports 80 and 443, any port translations are possible at the NAT level by configuring the firewall software.
Method 2. Bastion host
If you are unable to forward ports through the customer's firewall, you can set up a bastion host. A bastion host works around the asymmetry of NAT to achieve full two-way connectivity.
The bastion host must have full external-facing internet connectivity. You can implement the bastion host as either part of your existing infrastructure; as a virtual machine on your own infrastructure; or as a virtual machine on any low-cost external VPS provider. It should be possible to get a reliable bastion host on a linux VPS from an external provider for 5 USD/mo or less.
There are many software solutions for implementing a bastion host, on both Windows and Linux:
- VPN software
- OpenVPN
- Reverse proxy software
- ssh -D
- PortFusion, MyEnTunnel, Bitvise Tunnelier,
- Firecat, Zebedee, revinetd, ReverseHttp, ...
- Third-party reverse proxy hosting services
- ngrok, localtunnel.me, pagekite, ...