Allowing Xplenty access to my server

Xplenty can access your database or file server, allowing you to read and write data easily, regardless of their whereabouts - on the cloud, hosted or on premise. 

This can be done in one of two methods:
  1. Allow Xplenty direct access to your server by opening a firewall rule.
  2. Create a reverse SSH tunnel from your network to Xplenty's network. 

Direct connection


Provide Xplenty access to your server from Xplenty's network:

Reverse SSH Tunnel


SSH (secure shell) tunneling is the process of forwarding selected ports through an authenticated and encrypted tunnel. In many cases, SSH tunneling is used to connect to a remote server that is secured behind a restrictive firewall or other network restrictions. We recommend that you use autossh which starts an instance of ssh client and monitors it, restarting it as necessary should it die or stop passing traffic. In order to allow Xplenty to connect to your server through an SSH tunnel, you have to complete the following steps:
  1. Add a public key in your user settings. The public key will be propogated to all Xplenty servers in up to 30 minutes.

  2. Create a “Tunnel connection” in Xplenty with and retrieve Xplenty’s tunnel server (Xplenty server) and connection port.

    create_tunnel

  3. If you're running Windows, see here about opening an SSH tunnel. If you're on Linux, Install autossh on either the target server or a server that has access to it. On Ubuntu/Debian for example, you can install using apt-get:
    sudo apt-get install autossh
    For other Linux distributions, follow the instructions here.
  4. Create directories to keep logs and pid files for the connection. For example:
    mkdir -p ~/MyDB/logs ~/MyDB/run
  5. Add Xplenty's server public key to a knownhosts file. For example:
    ssh-keyscan -p 50683 <Xplenty server> >> ~/MyDB/known_hosts
  6. You can test the tunnel using ssh. Use the following syntax and insert your information at the placeholders:
  7. ssh -NR <connection port>:<local host>:<local port> sshtunnel@<Xplenty server> -g -i <private key file> -p 50683 -o "ExitOnForwardFailure yes" -o ServerAliveInterval=10 -o ServerAliveCountMax=1 -N -v
  8. Run autossh. Use the following syntax and insert your information at the placeholders:
    AUTOSSH_LOGFILE=~/MyDB/logs/tunnel.log AUTOSSH_PIDFILE=~/MyDB/run/autossh.pid autossh -M 0 -f -N -R <connection port>:<local host>:<local port> sshtunnel@<Xplenty server> -g -i <path to private key> -p 50683 -o "ExitOnForwardFailure yes" -o ServerAliveInterval=10 -o ServerAliveCountMax=1 -o UserKnownHostsFile=<path to knownhosts file>
    
    For example, if you open the tunnel to a database that listens to port 5432 on host mydbserver, and the connection's assigned host and port at Xplenty are tunnel.xplenty.com and 12345: Note that the ssh port in Xplenty's servers is 
    50683:
  9. AUTOSSH_LOGFILE=~/MyDB/logs/tunnel.log AUTOSSH_PIDFILE=~/MyDB/run/autossh.pid autossh -M 0 -f -N -R 12345:mydbserver:5432 sshtunnel@tunnel.xplenty.com -g -i ~/.ssh/id_rsa -p 50683 -o "ExitOnForwardFailure yes" -o ServerAliveInterval=10 -o ServerAliveCountMax=1 -o UserKnownHostsFile=~/MyDB/known_hosts
  10. Add crontab record to run autossh automatically to reconnect after reboots. For example:
    @reboot AUTOSSH_LOGFILE=~/MyDB/logs/tunnel.log AUTOSSH_PIDFILE=~/MyDB/run/autossh.pid autossh -M 0 -f -N -R 12345:mydbserver:5432 sshtunnel@tunnel.xplenty.com -g -i ~/.ssh/id_rsa -p 50683 -o "ExitOnForwardFailure yes" -o ServerAliveInterval=10 -o ServerAliveCountMax=1 -o UserKnownHostsFile=~/MyDB/known_hosts

Feedback and Knowledge Base