Any good solution to deliver private HTTP service to public with reverse connection?

Question

I am looking for a solution to let a private LAN HTTP service accessible from WAN with minimal configuration.

For example, I have more than 1000 deployments of HTTP service across nation running in LAN. These HTTP service are not available to public at the moment.

Now, the HTTP services would like to serve public request. Configure port forwarding for these HTTP services is tedious.

One near possible solution I can think of is setup a traffic server (or reverse proxy server) in WAN. These 1000 HTTP services will find a way to register the traffic server and stay connected all the time via some kind of reverse connection of tunneling . The traffic server will get request from public and route the request to corresponding HTTP service in backend and response the request to public.

After some research, I learned the reverse proxy Apache Traffic Server or Amazon CloudFront or Azure's CDN service may serve the front end well.

However, the backend HTTP services that could only achieve via some kind of reverse connection or tunneling doesn't support well by the front end traffic server.

Please share some opinions that may helps for this case. Thank you.

Answer 1

Most instances this is solved with an SSH Tunnel or Reverse proxy, which many appliance vendors will add an enable remote support button that establishes an SSH Socket with the home network. You could also use openvpn, just be cautions of security...communication between nodes, key rotation and so on.

More info on Reverse SSH tunnels

Private LAN, which I assume you mean unregistered IPs or RFC1918 private address space, is slated for deprication as each device will soon have a public, IPv6 address.