Contents

Remote Access

There are a few different methods for remotely connecting to components and services in apps managed with Nanobox. Which method you use depends on the type of component to which you're connecting as well as what you're trying to do.

Nanobox Console

The nanobox console command allows you to securely access your production servers from your local machine. It drops you into an interactive console inside a component or even a specific component node.

# Pattern
nanobox console <component>

# Examples
nanobox console web.site

# console into a specific node in web.site
nanobox console web.site.1.3

The console is primarily used for managing and troubleshooting web and worker components. More information about the console command is available in the console documentation.

Nanobox Tunnel

The nanobox tunnel command creates a secure tunnel between your local machine and a production server. This tunnel allows you to use local clients to remotely manage production services. When creating a tunnel, Nanobox binds to and listens on a local port. Connections to that port are forwarded to your remote server.

nanobox tunnel data.db

Once the tunnel is open, you can use the tunnel connection credentials provided in your dashboard under the "Connect" section of each component.

Tunnel Connection Credentials

Tunnels are primarily used for managing data components. More information is available in the Managing Live Data and tunnel docs.

Console & Tunnel Security

Whenever servers are accessed remotely using the console or tunnel commands, there are three levels of authorization each request goes through:

  1. Your are an authorized Nanobox user.
  2. Your are an authorized team member on the app.
  3. Your are authorized to access the component.

If any of these authorizations fail, the remote connection is rejected.

Direct SSH Access

For direct SSH access to your app's server(s) and container(s) you can copy and save your app's private SSH key on your local machine and pass it into the ssh command with the identity_file argument (-i). The IP(s) and user necessary to SSH in are provided under "Admin" > "Security" in your application dashboard. More information is available in the App SSH keys doc.

ssh root@123.45.67.89 -i /path/to/private_key

Note: You will need to set the permissions of your key file to 600 (owner read/write). More info here.

Important Note

With SSH access and the user permissions granted, you have the ability to manipulate your live servers and containers. Please know that any damage or dataloss caused in error or with intent is your responsibility and Nanobox will not be held liable.

Reach out to help@nanobox.io and we'll try to help.