How to Give Your RHEL Server a Public URL with Tunnelmole

Running a web server on Red Hat Enterprise Linux (RHEL) is a common task for developers, system administrators, and businesses who rely on its stability and security. Whether you're developing an application, hosting a personal project, or setting up a testing environment, you'll often need to make your server accessible from the public internet. However, due to network security measures like firewalls and NAT, your RHEL server is typically isolated within a local network, inaccessible from the outside world.

This comprehensive guide will walk you through the process of getting a secure, public URL for your RHEL server. We'll start by setting up a standard Nginx web server on RHEL. Then, we'll introduce Tunnelmole, an open-source tool that simplifies the process of creating a public endpoint, allowing you to bypass the complexities and potential security pitfalls of traditional methods like port forwarding. By the end of this tutorial, you'll be able to securely share your local RHEL server with anyone, anywhere.

The Challenge: Why Your RHEL Server Isn't Public by Default

When you set up a server on a RHEL machine within your home or office network, it's assigned a private IP address (like 192.168.1.10 or 10.0.0.5). This address is only reachable by other devices on the same local network. Two primary networking concepts are responsible for this isolation: Network Address Translation (NAT) and Firewalls.

Understanding Network Address Translation (NAT)

Most local networks sit behind a router that uses NAT. The router has a single public IP address that it uses to communicate with the rest of the internet. NAT's job is to manage traffic between the many devices on the local network (each with its private IP) and the single public IP. When you browse a website, your router "translates" your request, sending it out from its public IP and remembering to route the response back to your specific device.

However, this is a one-way street by design. NAT doesn't know what to do with unsolicited incoming traffic from the internet. If someone tries to connect to your public IP address, the router has no instructions on which local device to forward that request to. It simply drops the connection, effectively making your RHEL server invisible to the outside world.

The Role of Firewalls in RHEL

Red Hat Enterprise Linux is renowned for its robust security features, with firewalld being the default firewall management tool. A firewall acts as a gatekeeper, monitoring and controlling incoming and outgoing network traffic based on predetermined security rules. By default, firewalld on RHEL is configured to block almost all incoming connections to protect the system from unauthorized access and cyber threats.

Even if you could somehow bypass NAT, the firewall on your RHEL server would likely block the incoming request unless you explicitly create a rule to allow it.

The Traditional Solution: Port Forwarding and Its Downsides

The classic solution to this problem is port forwarding. This involves manually configuring your router to forward all incoming traffic on a specific port (e.g., port 80 for HTTP) to the private IP address and port of your RHEL server. You would also need to configure firewalld on your RHEL machine to allow traffic on that port.

While this method works, it comes with several significant drawbacks:

Complexity and Accessibility: Configuring port forwarding requires access to your router's admin interface. The process varies widely between router models, and many users, especially in corporate environments, may not have the necessary permissions.
Security Risks: Opening a port on your router directly exposes that service on your RHEL machine to the entire internet. This creates a permanent hole in your network's perimeter defense. If the service you're exposing (e.g., a web server or SSH) has any vulnerabilities, it becomes a direct target for automated bots and malicious attackers scanning for open ports. A misconfiguration could inadvertently expose more than you intended.
Dynamic IP Addresses: Most residential and many business internet service providers (ISPs) assign dynamic public IP addresses, which change periodically. If your public IP changes, your port forwarding rule becomes useless until you update it with the new IP address.

These challenges make port forwarding a less-than-ideal solution for many developers and sysadmins who need a quick, secure, and reliable way to expose a local server.

The Modern Solution: Secure Tunneling with Tunnelmole

A more secure and straightforward approach is to use a tunneling service. Tunneling tools create a secure, outbound connection from your local machine to a remote server. This connection is then used to "tunnel" incoming requests from the public internet back to your local server.

Tunnelmole is a powerful, open-source tunneling tool that makes this process incredibly simple.

Here’s how it overcomes the challenges of port forwarding:

No Router or Firewall Configuration: Because Tunnelmole establishes an outbound connection from your RHEL server, it works without any changes to your router or firewalld rules. Most firewalls allow outbound traffic by default.
Enhanced Security: You are not opening any inbound ports on your network. The connection is established from the inside out, significantly reducing your server's attack surface. The public endpoint is at Tunnelmole's service, not directly at your network's edge.
Simplicity: With a single command, you can get a public HTTPS URL that forwards to your local RHEL server.
Open Source and Self-Hostable: Tunnelmole is fully open-source, providing transparency and trust. For maximum privacy and control, you can also self-host the Tunnelmole service on your own infrastructure.

Step-by-Step Guide: Giving Your RHEL Server a Public URL

Let's walk through the process of installing an Nginx web server on RHEL 8/9 and then making it public with Tunnelmole.

Prerequisites

A running instance of Red Hat Enterprise Linux (version 8 or newer).
Access to a terminal with sudo privileges.
An active internet connection.

Step 1 — Install and Configure Nginx on RHEL

First, we'll install Nginx, a high-performance web server, and set up a basic website.

Install Nginx:
Open your terminal and use the dnf package manager to install Nginx.
```
sudo dnf install nginx -y
```
Start and Enable Nginx:
Once the installation is complete, start the Nginx service and enable it to launch automatically on system boot.
```
sudo systemctl start nginx
sudo systemctl enable nginx
```
Verify Nginx Status:
Check that the Nginx service is active and running without errors.
```
sudo systemctl status nginx
```
You should see output indicating the service is active (running).
Create a Sample Website:
On RHEL, Nginx virtual host configurations are typically placed in the /etc/nginx/conf.d/ directory. We'll create a simple configuration for our site.

First, create a directory for your website's files.
```
sudo mkdir -p /var/www/my-rhel-site
```
Next, create a simple index.html file to serve as the homepage.
```
echo "<h1>🚀 My RHEL Server is Live! 🚀</h1>" | sudo tee /var/www/my-rhel-site/index.html
```
Create an Nginx Server Block (Virtual Host):
Now, create a new configuration file for your site in /etc/nginx/conf.d/.
```
sudo nano /etc/nginx/conf.d/my-rhel-site.conf
```
Add the following server block configuration to the file. This tells Nginx to listen on port 8080 and serve files from the directory we just created. We use port 8080 to avoid conflicts and to demonstrate forwarding to a non-standard port.
```
server {
    listen 8080;
    server_name _; # Listen for any hostname

    root /var/www/my-rhel-site;
    index index.html;

    location / {
        try_files $uri $uri/ =404;
    }
}
```
Save the file and exit the editor (press Ctrl+X, then Y, then Enter in nano).
Adjust SELinux Permissions (If Necessary):
RHEL's SELinux security module might prevent Nginx from accessing the new web content directory. Run the following command to apply the correct context.
```
sudo chcon -R -t httpd_sys_content_t /var/www/my-rhel-site
```
Test and Reload Nginx:
Always test your Nginx configuration for syntax errors before applying it.
```
sudo nginx -t
```
If the test is successful, you'll see a message like nginx: configuration file /etc/nginx/nginx.conf test is successful. Now, reload the Nginx service to apply the changes.
```
sudo systemctl reload nginx
```

Your Nginx server is now running and serving your sample site on localhost:8080. You could test this from your RHEL machine's command line with curl http://localhost:8080. Now, let's make it public.

Step 2 — Install Tunnelmole on RHEL

Installing Tunnelmole is a breeze. The installation script automatically detects your operating system nd installs the correct pre-compiled binary.

Run the following command in your terminal:

curl -O https://install.tunnelmole.com/xD345/install && sudo bash install

This will download the installer, execute it with sudo permissions to place the tmole binary in /usr/local/bin, making it available system-wide.

Step 3 — Get a Public URL for Your Nginx Server

With Tunnelmole installed, making your Nginx server public requires just one command. We need to tell Tunnelmole which port our service is running on. In our Nginx configuration, we set it to 8080.

Execute the following command:

tmole 8080

Tunnelmole will start and connect to the service. After a moment, you'll see output like this:

Your Tunnelmole Public URLs are below and are accessible internet wide. Always use HTTPs for the best security

https://kf92h-ip-12-34-56-78.tunnelmole.net ⟶ http://localhost:8080
http://kf92h-ip-12-34-56-78.tunnelmole.net ⟶ http://localhost:8080

And that's it! Tunnelmole has generated two public URLs (one HTTP and one HTTPS) that are now securely tunneled to your local Nginx server running on port 8080. For the best security, always use the https URL.

Step 4 — Test Your Public RHEL Server

Open a web browser on any device with an internet connection—your phone, another computer, etc.—and navigate to the https URL provided by Tunnelmole.

You should see your website's content: 🚀 My RHEL Server is Live! 🚀

You have successfully exposed your RHEL-hosted web server to the public internet without any complex network configuration.

Advanced Tunnelmole Features

Tunnelmole offers more than just basic tunneling. Here are a few features to enhance your workflow.

Custom Subdomains

The randomly generated URLs from Tunnelmole are great for quick tests, but they change every time you restart the tool. For continuous work, like developing an API for a frontend application or demonstrating a site to a client over several days, a predictable URL is essential.

You can get a custom subdomain with the as parameter. This is a paid feature on the public Tunnelmole service but is free if you self-host.

tmole 8080 as my-awesome-rhel-project.tunnelmole.net

Now, your server will always be available at https://my-awesome-rhel-project.tunnelmole.net as long as Tunnelmole is running.

Integrating with NodeJS and TypeScript

If you are a NodeJS developer, Tunnelmole can be integrated directly into your projects as an NPM module. This allows you to start the tunnel programmatically when your application starts.

First, install it in your project:

npm install --save tunnelmole

Then, use it in your code:

import { tunnelmole } from 'tunnelmole';

(async () => {
    // This will start your tunnel in the background
    const url = await tunnelmole({
        port: 8080
    });

    // url will be something like https://kf92h-ip-12-34-56-78.tunnelmole.net
    console.log(`My app is public at ${url}`);

    // ... start your application server now
})();

Conclusion

Making a service on a Red Hat Enterprise Linux server publicly accessible no longer requires you to navigate the complexities and security risks of port forwarding and firewall management. By leveraging the power of secure tunneling with an open-source tool like Tunnelmole, you can get a public URL for your local server in minutes.

We've covered how to set up a standard Nginx web server on RHEL and, with a single command, expose it to the world using Tunnelmole. This empowers developers, hobbyists, and administrators to share their work, test webhooks, and manage remote services with unprecedented ease and security.