Access the Instance Locally Using the OCI Bastion Service

You can use the OCI Bastion service to access a private endpoint-enabled Visual Builder instance from your local system.

The Bastion service enables you to create and manage sessions that provide authenticated users temporary access to supported hosts that do not have a public IP address.

  1. Create a bastion in the same private subnet as the Visual Builder instance.
    1. In the OCI Console navigation menu, click Identity and Security, and then select Bastion.
    2. Select Create bastion.
    3. Enter a name for the bastion, or use the generated name.
    4. In the Configure networking pane, confirm the target virtual cloud network compartment and target subnet compartment are correct.
    5. Enter the Target virtual cloud network for the compartment.
    6. Enter the Target subnet for the subnet compartment.
    7. Enter 0.0.0.0/0 in the CIDR block allowlist. Click Create bastion.
  2. Create an SSH port forwarding session to create an SSH tunnel to a specific port on the target resource.
    1. Select the bastion you created.
    2. On the details page, select Sessions.
    3. Select Create session.
    4. Select SSH port forwarding session as the session type.
    5. Enter the IP Address of the VB instance, and specify port 443.
    6. Under Add SSH key, provide the public key file of the SSH key pair that you want to use for the session.

      You must provide the private key of the same SSH key pair when you connect to the session.

  3. Connect to the SSH server.
    1. On the Bastions list page, select the bastion that contains the port forwarding session that you want to work with.
    2. On the details page, select Sessions, and locate the session that you want to use to connect to the intended target resource.
    3. From the Actions menu for the session, select View SSH command, and then, next to SSH command, select Copy. Select Close.

      The copied SSH command might look something like this:

      ssh -i <privateKey> -N -L <localPort>:10.4.0.22:443 -p 22 
ocid1.bastionsession.oc1.us-sanjose-1.amaaaaaarnqxz5aa2vl
lvisdqikxdhsq@host.bastion.us-sanjose-1.oci.oraclecloud.com
    4. In a text editor, edit the command to replace <privateKey> with the path to the private key for the public key used when you created the session, and change the <localPort> to port 443.

      The edited SSH command might look something like this (changed text in bold):

      sudo ssh -i ~/Downloads/ssh-key-2025-02-10.key -N -L 443:10.4.0.22:443 -p 22
ocid1.bastionsession.oc1.us-sanjose-1.amaaaaaarnqxz5aa2vl
lvisdqikxdhsq@host.bastion.us-sanjose-1.oci.oraclecloud.com

      You might need to use sudo to listen on port 443.

    5. Open your command terminal and run the SSH command to start listening on port 443.
  4. On your local system, add an entry in the /etc/hosts file for the service URL.

    The entry in the hosts might look something like this: 

    127.0.0.1 private-test-vb.builder.us-sanjose-1.ocp.oraclecloud.com

For as long as the bastion session is active, you can access the VB instance by opening the URL you specified in the hosts file (private-test-vb.builder.us-sanjose-1.ocp.oraclecloud.com) in your browser.