Create Encrypted Connection to Remote Applications and Containers
If you want to create a encrypted connection between your local client machine and an application running on a remote machine, you can use SSH tunneling. Some applications transmit information without adding encryption. To access this type of applications over the internet using encryption, use SSH tunneling, also called SSH port forwarding. Doing so provides an encrypted connection between the local client machine and the remote application such as a container session. If the remote host or the local machine is protected by a firewall, you must use SSH tunnelling.
SSH Tunneling
These instructions show you how to forward a port on the client machine to a port
on the remote machine. For example, if you create a port forwarding mechanism
between port 5903 on your client machine and port
5902 on the remote machine, all connections to
localhost:5903 are automatically forwarded to
remotehost:5902, where localhost and
remotehost are the names or IP addresses of your local and
remote machines, respectively. Therefore, if you set up port 5902
on the remote machine to allow you to access a container session, then you can
access the container session directly from localhost:5903. After
you set up an SSH tunnel, all communication between the client port and the
container session is encrypted.
Using PuTTY on a Windows Client
If you are using PuTTY to connect to your remote machine, add a new forwarded
port using the menu option Change Settings, accessible by right clicking the
title bar of a PuTTY session. In the PuTTY Configuration
dialog box, under Category, choose
Connection > SSH >
Tunnels.
To connect via VNC, set up a tunnel to the container port
5901 (default VNC port).
In the Source port field, enter a free port on the client machine starting at
5900, for example5903.In the Destination field, enter the relevant host port that you connected to container port
5901when you executed thedocker runcommand, for example,localhost:5902. Note that you must uselocalhostand not the name of the host machine. This is because the Destination field interpretslocalhostas the name of the destination machine.
To connect via a web browser, set up a tunnel to the container port
6080 (default noVNC port).
In the Source port field, enter a free port on the client machine, for example
6082.In the Destination field, enter the relevant host port that you connected to container port
6080when you executed thedocker runcommand, for example,localhost:6081. Note that you must uselocalhostand not the name of the host instance. This is because the Destination field interpretslocalhostas the name of the destination machine.
If you are using multiple containers or running a VNC server on the client
machine, you must increment the source ports on the client machine until you
find a free port, for example, 5905 or
6085.
Using a Command-Line Interface
If you are using a command-line interface to SSH tunnel to a container port, use a command of this form:
ssh -L clientport:hostport ubuntu@MyRemoteMachine
clientport is a free port on the client machine, for
example 5903 or 6082.
hostport is the host port that you connected to the
container port when you executed the docker run command, for
examplelocalhost:5902 or
localhost:6081. Note that you must use
localhost and not the name of the host instance. This is
because the hostport argument interprets
localhost as the name of the host machine.
For example, use the following command:
ssh -L 5903:localhost:5902 ubuntu@MyCompanyDGX1
If you are running a VNC server on the client machine, you must increment the
client ports until you find a free port, for example 5905 or
6085.
Connect to Container Desktop
To connect to the container desktop you must ensure that you started a VNC server
and mapped a container port to a port on the remote Docker host when you executed
the docker run, for example:
docker run -it --rm -p 5902:5901 -p 6081:6080 --shm-size=512M mathworks/matlab:r2021a -vnc
-vnc starts the VNC server and the flag
-p maps the Docker host ports 5902 and
6081 to the container ports 5901 and
6080, respectively. For more information about running the
MATLAB® container and using these flags, see MATLAB Container on Docker Hub.After you set up SSH tunneling, to connect using a web browser on your local machine, use the URL:
http://localhost:6082
Note that you must use localhost and not the name of the host
instance.
If you incremented the client port when making the tunnel, use the appropriate
client port number, for example 6085.
After you set up SSH tunneling, to connect with VNC, use your VNC client to connect to the appropriate display port on the client, for example:
localhost:3
Note that you must use localhost and not the name of the host
instance.
If you incremented the client port when making the tunnel, use the appropriate
client display port number, for example, 5 for port
5905.
Related Topics
You can also select a web site from the following list:
Americas
- América Latina (Español)
- Canada (English)
- United States (English)
Europe
- Belgium (English)
- Denmark (English)
- Deutschland (Deutsch)
- España (Español)
- Finland (English)
- France (Français)
- Ireland (English)
- Italia (Italiano)
- Luxembourg (English)
- Netherlands (English)
- Norway (English)
- Österreich (Deutsch)
- Portugal (English)
- Sweden (English)
- Switzerland
- United Kingdom (English)