How To Connect To RethinkDB Web UI Via SSH Tunnel

RethinkDB is a great ‘NoSQL’/document store database that I like to work with as the datastore backing to web projects.

One of RethinkDB’s features is a web-based UI for administering the DB. This can be very handy for general cluster admin tasks, performance monitoring, and general spelunking in the data within.

Although useful, it’s also something that you should lock-down from an access/security perspective, as they make clear in their docs:

Once done, it would still be nice to access that sweet dashboard remotely, but, securely. I found the instructions in the docs didn’t work so well for me, so I came up with the following.

Set-up background SSL tunnel:

I use an SSH tunnel to bind an address/port local to my machine, to an address/port that is local to the remote machine. Once set-up, I can point my browser at http://localhost:8080/ and connect to the remote admin UI.

In your terminal, do:

$ ssh -fNTL localhost:8080: user@your.ip

If you now check your running processes using ps aux, you should see the SHH tunnel in there, running in the background.

1-liner to kill the background SSL tunnel:

Once you‘re done, it’s a good idea to close the tunnel. As it’s running in the background, you need to kill the process. Either find the pid to kill it manually, or, use the following 1-liner to do it auto-magically. NB this actually kills the first process it finds containing the strings ‘ssh’ and ‘8080’ - so beware in case some other process matches this pattern!

$ kill $(ps aux | grep '[s]sh' | grep 8080 | awk '{print $2}')

All that goodness wrapped-up in a Makefile

I also added these 1-liners to the Makefile I use as part of the build-process of various projects, which I attach here in case it is of use to anyone - also included are some notes explaining the various parts of the 1-liners:

# -----------------------------------------
# SSH Tunnel to remote RethinkDB Web UI
# -----------------------------------------

# -- Start a background SSH tunnel to the remote rethinkDB web admin ui --
# Binds localhost:8080 to the remote on `SERVER` (assumes user@your.ip set as variable) via SSH tunnel
# -f backgrounds the SSH process
# -N do not execute a remote command
# -T disable pseudo-tty allocation
# -L bind address/port
.PHONY: start_rethink_tunnel
	@ssh -fNTL localhost:8080: $(SERVER)
	@echo 'SSH tunnel to remote RethinkDB web admin ui started - browse to http://localhost:8080/'
	@echo '*REMEMBER* to stop the tunnel when done by: `make stop_rethink_tunnel`'

# -- Stop the previously started background SSH tunnel to the remote rethinkDB web admin ui --
# Get list of running processes
# Find all the ssh processes (square brackets needed to stop it finding *this* command as a process too, as it *also* contains the string 'ssh' - i.e. regex)
# Find the ssh process containing the port used in `make start_rethink_tunnel`
# Get the 2nd column (the one containing the pid)
# Pass the pid to `kill`
# NB double `$$` escape down to single `$` in the final executed command
.PHONY: stop_rethink_tunnel
	@kill $$(ps aux | grep '[s]sh' | grep 8080 | awk '{print $$2}')
	@echo 'SSH tunnel to remote RethinkDB web admin ui stopped'

To Top ^