- Infos im HLRS Wiki sind nicht rechtsverbindlich und ohne Gewähr -
- Information contained in the HLRS Wiki is not legally binding and HLRS is not responsible for any damages that might result from its use -

How to use Web Based Services on HLRS Compute Platforms

From HLRS Platforms
Jump to navigationJump to search

This guide shows you accessing web-based services on HLRS Compute Platforms over SOCKS proxy.

This guide assumes:

  • You have access to the Vulcan or Hawk cluster.

Warning: For security reasons;

  • Don't start a service on the login nodes, but use services on the compute nodes.
  • Only use as the hostname for starting Web based services.
  • Otherwise, your service will be accessible by everyone.

Modify your ssh config file

You can use the DynamicForward option with your SSH config (-D parameter if you do not use an SSH config). This will allow you to access local services running on the compute nodes over SOCKS proxy.

  • Warning: Exercise caution with wildcards, as they may impact other hosts. Ensure there are no conflicts.
Host vulcan
    Hostname vulcan.hww.hlrs.de
Host n*
    Hostname %h
    ProxyJump vulcan
    SendEnv PBS_JOBID
    DynamicForward 8080
Host hawk
    Hostname hawk.hww.hlrs.de
Host r*
    Hostname %h
    ProxyJump hawk
    SendEnv PBS_JOBID
    DynamicForward 8080
Host hawk-ai*
    Hostname %h
    ProxyJump hawk
    SendEnv PBS_JOBID
    DynamicForward 8080

Create a new Firefox profile

We recommend using Firefox and creating a new profile for accessing the web services running on the compute nodes:

  • Open about:profiles, create and launch a new profile.
  • In the new profile open about:preferences and search for proxy
  • Enter following settings (as shown below):
    • Manual proxy configuration
    • SOCKS Host:
    • SOCKS Port: 8080
    • SOCKS v5
    • No proxy for - leave the field empty
    • Proxy DNS

Starting from Firefox v67, you have to do this as well:

  • Open about:config
  • Find network.proxy.allow_hijacking_localhost and set it to true (Do NOT do this in your default Firefox profile! This may cause security issues when using proxies!)
Firefox proxy settings

Access the web-based service

To use the web-based service, first connect to the compute node running your job from your local computer.

On the login node:

qstat -anw # get the job id and the hostname

On your local computer:

export PBS_JOBID=JOB_ID # e.g., 2316419.hawk-pbs5
ssh COMPUTE_HOST # e.g., hawk-ai08

Check your SSH config in the first step if this doesn't work.

Then, launch Firefox web browser using the new profile. Open to access the service. The PORT_NUMBER is the port number set by the service (not necessarily 8080).