The documentation you're currently reading is for version 2.3.2. Click here to view documentation for the latest stable version.

WebUI Access on Private NetworksΒΆ

If you are installing BWC on a host you don’t have direct (or VPN) network access to (such as an AWS instance with only private IP addresses), you may find you have some level of difficulty connecting to the webui.

Typically you might try to simply create an SSH tunnel through a bastion host, and then hit a URL on localhost, such as https://localhost:8443/. Doing so, though, you will likely see an error message, such as Unable to reach auth service. [auth:true].

Because of the way the webui authentication works, the browser will likely be provided with URLs for the auth service that don’t actually map to your “tunnel URLs”.

The easiest solution to bypass this problem, assuming you don’t have the ability to get a proper VPN set up between your networks, is to use SSH not to create tunnels, but as an SSH proxy, such as by doing: ssh -N -D 7654 bastion_host. This command, using -N, will not yield a command prompt.

Then, configure your browser to use localhost:7654 as a SOCKS5 proxy. At this point, you should be able to connect to the BWC webui using the private IP address, which will be proxied through your SSH session, and all should just work at that point.