Knowledge base

Allowing Xplenty access to my server behind a firewall

Xplenty can access your database or file server, allowing you to read and write data easily, regardless of their whereabouts - on the cloud, hosted or on premise. 

This can be done in one of two methods:

  1. Allow Xplenty direct access to your server by opening a firewall rule.
  2. Create a reverse SSH tunnel from your network to Xplenty's network. 

Direct connection

Provide Xplenty access to your server from Xplenty's network:

Reverse SSH Tunnel

SSH (secure shell) tunneling is the process of forwarding selected ports through an authenticated and encrypted tunnel. In many cases, SSH tunneling is used to connect to a remote server that is secured behind a restrictive firewall or other network restrictions. We recommend that you use autossh which starts an instance of ssh client and monitors it, restarting it as necessary should it die or stop passing traffic. In order to allow Xplenty to connect to your server through an SSH tunnel, you have to complete the following steps:

    1. Add a public key in your user settings. The public key will be propogated to all Xplenty servers in up to 30 minutes.

    2. Create a Tunnel Connection in Xplenty. Name your connection. Select Tunnel Connection from the Access Type dropdown menu. Enter the Database name, User name, and Password. Click Create connection. It will fail because we haven't created the tunnel yet, but the light blue box will appear and you will be able to retrieve Xplenty’s tunnel server (Xplenty server endpoint that includes everything before the colon) and connection port(the number after the colon).

    3. If you're running Windows, see here about opening an SSH tunnel. If you're on Linux, Install autossh on either the target server or a server that has access to it. On Ubuntu/Debian for example, you can install using apt-get:
      sudo apt-get install autossh
      For other Linux distributions, follow the instructions here.
    4. Create directories to keep logs and pid files for the connection. For example:
      mkdir -p ~/MyDB/logs ~/MyDB/run
    5. Add Xplenty's server public key to a knownhosts file. For example:
      ssh-keyscan -p 50683 <Xplenty server> >> ~/MyDB/known_hosts
    6. You can test the tunnel using ssh. Use the following syntax and insert your information at the placeholders:
ssh -NR <connection port>:<my server>:<local port> sshtunnel@<Xplenty server> -g -i <private key file> -p 50683 -o "ExitOnForwardFailure yes" -o ServerAliveInterval=10 -o ServerAliveCountMax=1 -N -v
  1. Run autossh. Use the following syntax and insert your information at the placeholders:
    AUTOSSH_LOGFILE=~/MyDB/logs/tunnel.log AUTOSSH_PIDFILE=~/MyDB/run/ autossh -M 0 -f -N -R <connection port>:<my server>:<local port> sshtunnel@<Xplenty server> -g -i <path to private key> -p 50683 -o "ExitOnForwardFailure yes" -o ServerAliveInterval=10 -o ServerAliveCountMax=1 -o UserKnownHostsFile=<path to knownhosts file>
    For example, if you open the tunnel to a database that listens to port 5432 on host mydbserver, and the connection's assigned host and port at Xplenty are and 12345: Note that the ssh port in Xplenty's servers is 50683:
  2. AUTOSSH_LOGFILE=~/MyDB/logs/tunnel.log AUTOSSH_PIDFILE=~/MyDB/run/ autossh -M 0 -f -N -R 12345:mydbserver:5432 -g -i ~/.ssh/id_rsa -p 50683 -o "ExitOnForwardFailure yes" -o ServerAliveInterval=10 -o ServerAliveCountMax=1 -o UserKnownHostsFile=~/MyDB/known_hosts
  3. Add crontab record to run autossh automatically to reconnect after reboots. For example:
    @reboot AUTOSSH_LOGFILE=~/MyDB/logs/tunnel.log AUTOSSH_PIDFILE=~/MyDB/run/ autossh -M 0 -f -N -R 12345:mydbserver:5432 -g -i ~/.ssh/id_rsa -p 50683 -o "ExitOnForwardFailure yes" -o ServerAliveInterval=10 -o ServerAliveCountMax=1 -o UserKnownHostsFile=~/MyDB/known_hosts