Configure SSH Tunneling with Mac / Linux Using SSH

Overview

Set up tunneling if you prefer to work directly from your local environment using your own browsers to access the Data Hub Service endpoints.

Before you begin

You need:

Peered Track

An Azure virtual network (VNet) with a bastion host
A peered DHS network
A Standard or Low Priority DHS with a Peered Network
A DHS user account with assigned roles to internally manage a DHS
(Optional) To add an LDAP configuration to externally manage DHS users
- To assign an LDAP configuration to a DHS
- To map DHS roles to LDAP roles

About this task

Set up secure shell (SSH) tunneling to access the Data Hub Service (DHS) endpoints from your local environment. In this task, you will use SSH with Mac or Linux to set up SSH tunneling between your browsers and Data Hub Service.

Important: For this task, you need the SERV-ADMIN portal role. See Portal Roles.

Important: If your DHS uses private endpoints, you can set up SSH tunneling. See Getting Started with Data Hub Service in Azure, and follow the peered configuration.

Procedure

Go to the MarkLogic Data Hub Service home page.
Navigate to your DHS to view the SSH tunneling script.
- In the Service column, click the service name.
Tip: You can customize your dashboard with column sorting, column configuring, and services searching and filtering. See Customize DHS Dashboard.
In the Data Hub Service page, click Action to open the drop-down menu.

In the Action drop-down menu, click SSH Tunneling Script to display the modal window with the current settings.

In the modal window, copy the script to your clipboard:
- highlight and copy the script, or
- click the copy script icon ()

Your script will look similar to the following:

 
  #!/bin/bash
    ssh -i $SSH_PEM_KEY -N \
    -L 5432:DHS_ENDPOINT:5432 \
    -L 8003:DHS_ENDPOINT:8003 \
    -L 8005:DHS_ENDPOINT:8005 \
    -L 8010:DHS_ENDPOINT:8010 \
    -L 8013:DHS_ENDPOINT:8013 \
    -L 8012:DHS_ENDPOINT:8012 \
    -L 8011:DHS_ENDPOINT:8011 \
    -L 8020:DHS_ENDPOINT:8020 \
  VM_USER@$BASTION_VM

To edit the script, paste to a text file.

In the text file, replace the following per your configuration: SSH_PEM_KEY, VM_USER, and BASTION_VM

Note: Replace DHS_ENDPOINT with the endpoints associated with each port number per your service.


Value	Replace With
SSH_PEM_KEY	The path to your private key file on your local machine. For details, see Detailed steps: Create and manage SSH keys for authentication to a Linux VM in Azure.
VM_USER	The user who can access the bastion host. The person who created the bastion host virtual machine (VM) must create a user who can access the VM.
BASTION_VM	The public IP address, host name, or Fully Qualified Domain Name (FQDN) of your bastion host. To create and view your bastion host public IP address, see Create, change, or delete a public IP address. To create a bastion host, see Create an Azure Bastion host using the portal.

Click the following link to view a full list of configure SSH tunneling resources.

In the command prompt, run the modified script.
- You can run the script locally, or
- You can save the script to a text file and run locally. Use the following command:
  - ```
  sh /path/to/file.txt
```

What to do next

Deploy your Data Hub project to a Data Hub Service.