Google Cloud expose application after SSH

Question

I have a web application running on a private server. I use ssh port tunnelling to map the private server port's to that of google cloud VM port 8080, and when I do curl http://localhost:8080 on gcp VM shell, it returns a valid response. However, when I try to access it from outside (in browser) using the external IP (or do curl http://[external_IP]:8080 in shell), it returns "the IP refused to connect".

My firewall settings allow tcp traffic on 8080 s.t. when I run another application on port 8080 directly in VM without ssh (say a docker hello-world app) it is accessible from outside using the same link and works well. Is there additional configuration i must do?

Answer 1

Check if your application is binding to 127.0.0.1 or localhost. If yes, change to 0.0.0.0.

To accept traffic from the VPC requires binding to a network interface connected to the VPC. The address 0.0.0.0 means bind to all network interfaces.

The network 127.x.x.x aka localhost or loopback address is an internal-only (Class A) network. If your application only binds to the internal network, external applications cannot connect to your application.

If instead your goal is to bind to localhost and use SSH port forwarding to access the loopback address, then start SSH like this:

ssh -L 8080:127.0.0.1:8080 IP_ADDRESS_OF_VM

You can then access port 8080 on the VM this way:

curl http://127.0.0.1:8080

The curl command is connecting to port 8080 on your local machine. SSH then forwards that connect to port 8080 on the remote machine.