Tunneling BrowserBox Pro Over SSH: A Complete Guide to Using Port Forwarding to Run RBI on a Router
Secure Shell (SSH) isn’t just about secure remote server management and file transfers; its versatility extends to the secure tunneling of applications. This tutorial will walk you through tunneling BrowserBox Pro (BBPro), a cutting-edge remote browser isolation (RBI) solution, over SSH using port forwarding.
Features of BrowserBox Pro
BrowserBox Pro offers an array of advanced features that set it apart from other versions of remote browser isolation. With fully open source-code, non-commercial use for free, frequent updates and cutting-edge technology, BrowserBox Pro provides an enhanced browsing experience with superior rendering, top-tier graphics, and minimal lag. Its exclusive advanced features, Docker compatibility, cloud and platform independence, and advanced security mechanisms make it the ideal choice for businesses and organizations looking to enhance their cybersecurity, privacy, and browsing capabilities. Non-commercial uses can use it for free! Commercial users can purchases licenses here and volume discounts here.
Step 1: Install mkcert and Generate Certificates
Begin by installing
mkcert, a zero-config tool that generates locally-trusted SSL certificates. Installation instructions are provided on the official GitHub page.
After installation, you first need to install the local Certificate Authority with:
Then you can generate your SSL certificate and private key files for your localhost:
You will now have two files:
localhost.pem, your local certificate, and
localhost-key.pem, your private key.
Step 2: Open TCP Port Block
For BrowserBox Pro to operate smoothly, you need to open a TCP port block around your main port (for this example, we’ll use port 8080). Open TCP ports 8078 through 8082 to accommodate the main browser service, audio service, and devtools service. These services run on distinct ports within the port block.
Step 3: Set Up SSH Port Forwarding
With your certificates generated and your ports open, you’re ready to initiate SSH port forwarding. Ensure you have SSH access to your remote machine, then run:
ssh -L 8078:remote_host:8078 -L 8079:remote_host:8079 -L 8080:remote_host:8080 -L 8081:remote_host:8081 -L 8082:remote_host:8082 user@remote_host
user@remote_host with your remote machine’s SSH login details.
Step 4: Run BBPro on the Remote Machine
Having established the SSH connection, you’ll be in your remote machine’s shell. There, initiate the setup for BBPro by specifying the central port:
setup_bbpro --port 8080
Subsequently, start BBPro:
Step 5: Transfer Certificates to the Remote Machine
With BBPro running, transfer your locally-generated certificates to the remote machine using
scp localhost.pem user@remote_host:~/sslcerts/fullchain.pem scp localhost-key.pem user@remote_host:~/sslcerts/privkey.pem
This command copies
localhost-key.pem to the
sslcerts directory in your home (
~) directory on the remote machine and ensures they’re named with a convention that BBPro understands. Yes, scp will expand the tilde (~) to refer to your
Step 6: Shut down access to the remote machines BBPro ports using a firewall
You can do this step earlier, which may be more secure, but it doesn’t really matter where you do it. Once you shut access to the BBpro port block, no one outside of the SSH tunnel can access it, making it nearly totally secure!
Step 7: Connect to BBPro
Connect to the running bbpro instance by using a localhost HTTPS address! Yep you heard that right! By the power of mkcert and SSH tunnels you can use the localhost Login Link emitted at Step 4 from
setup_bbpro to connect from a browser on your local machine. Whack the link (which will look something like
https://localhost:8080/login?token=<sadsasadsa> into your browser’s address bar and you’re good to go!