Reactphp Ssh Proxy Laravel Package

Getting Started

Start by installing via Composer (composer require clue/ssh-proxy) and reviewing the examples in the repo’s examples/ directory—especially connect.php and port-forward.php. The core use case is tunneling traffic to internal services (e.g., databases, internal APIs) through an SSH jump host without blocking the ReactPHP event loop. For example, to connect to a MySQL database behind a firewall:

$loop = React\EventLoop\Factory::create();
$factory = new Clue\React\SshProxy\Factory($loop);

// Connect to SSH jump host
$factory->connect('user@jump-host.example.com', [
    'password' => 'secret', // or 'privateKey' => file_get_contents('~/.ssh/id_rsa')
])->then(function (Clue\React\SshProxy\Proxy $proxy) use ($loop) {
    // Use proxy to forward traffic to internal MySQL
    $proxy->createConnector()->connect('127.0.0.1:3306')
        ->then(function (React\Socket\ConnectionInterface $dbConn) {
            // Use $dbConn like any normal socket connection
        });
});
$loop->run();

First look at: README, examples/connect.php, and the Proxy class API.

Implementation Patterns

• Tunnel all traffic via jump host: Use Proxy::createConnector() to create a React Socket Connector that wraps SSH. Feed this into React’s Client, DbalConnector, or HTTP clients.

  $connector = $proxy->createConnector();
  new React\Http\Client($connector, $loop);
  

• Bidirectional streaming: Pipe stdout/stderr or custom protocols over SSH tunnels using Stream APIs—ideal for building CLI tools or proxies.
• Microservice communication: Allow internal services to reach isolated backends (e.g., Redis, Elasticsearch) without opening ports to the public internet.
• Long-running daemons: Combine with react/socket, react/http, or thiagoalessio/tesseract_for_php to build SSH-tunneled logging or monitoring agents.

Integration tip: Hook into SshConnection events (e.g., error, close) via the factory callback to implement reconnection logic.

Gotchas and Tips

• Authentication: Prefer private key auth ('privateKey') over passwords—passwords are not deferred; they block during auth negotiation unless you use callback-based auth (rare).
• Error propagation: Network/auth errors surface as React\Promise\RejectedPromise, not exceptions in callbacks—always handle with .catch().
• Stream lifecycle: SSH tunnels stay open until explicitly closed. For short-lived tasks (e.g., one DB query), ensure proper cleanup with $conn->close() to avoid leaks.
• Buffering: Not all SSH servers behave identically—some (e.g., older OpenSSH) may drop data if you write too fast before drain. Use once($stream, 'drain') before bulk writes.
• Fallbacks: This package does not implement SSH itself—it delegates to phpseclib/phpseclib. Ensure ext-openssl or ext-gmp is available for crypto.
• Timeouts: Configure timeout in the factory options (default is 10s)—critical for reliable long-running connections.

Extension point: Extend Proxy to add custom keep-alive logic or per-session logging via decorators.