xdebug, multiple developers, php storm, dbgpproxy

Please can anyone help if anyone has this similar scenario - because I am struggling to get it to work properly.

1. Three developers

2. Development server hosted on Azure (It's a Linux VM)

3. We can SSH tunnel in to the server - we are all using port 9001 to SSH tunnel. Source: 9001, Destination 127.0.0.1:9001 (REMOTE)

4. We can register our IDE with the dbgpProxy successfully.

5. When one of us loads a webpage, it debugs on my machine. 

Basically, it isn't debugging on the machine of the developer who's initiated it.

[xdebug]
zend_extension=xdebug
xdebug.mode=debug
xdebug.client_host=127.0.0.1
xdebug.client_port=9001
xdebug.remote_log=/tmp/xdebug.log
xdebug.log=/var/log/xdebug.log

Within PhpStorm:

Settings > PHP > Debug > XDebug > Debug Port – Set to 9001
Tools > Proxy > Config:
IDE Key - Set uniquely for each developer
IP - (External IP of the Dev Server)
Port - 9001
 
The dbgpProxy is started on the server: 10.0.0.6 is the local IP of the Azure server.
12:55:24.982 [info] [server] Started server server on 127.0.0.1:9000
12:55:24.982 [info] [server] Started client server on 10.0.0.6:9001
 
Register is successful (** is the office external IP, we all work in the same office)
12:55:33.842 [info] [server] Start new client connection from **:30400

12:55:33.842 [info] [proxyinit] [monk] Added connection for IDE Key 'monk': **:9001

12:55:33.842 [info] [server] Closing client connection from **:30400
In Chrome, the Debug Helper is set to use the same IDE as we have each individually set up in PhpStorm.
 
We can all connect at the same time - no problem there.
If my colleague loads a webpage on the server though, the debugger starts on my machine?
 
I know I will be missing something simple. Can anyone advise?
 
Thank you very much
0
25 comments

The proxy doesn't send the debug data to the developers' machines using the same TCP connection, it creates new ones instead.
It means that the proxy has to have the ability to connect to each one of your development machines directly, without any kind of tunnels, as right now, the way it looks to the proxy is that there are three sessions all registered from 127.0.0.1, because of the tunnel.

The better way of handling it would be to place the proxy in your local network (which the dev machines belong to), and then connect the proxy to the Azure machine via SSH with the remote port forwarding so that Xdebug could connect to the proxy.

Update: here's a link to back up my explanation of why it works this way.

Update 2: there's even a workaround, but you'll have to modify the proxy source code a bit. Check the last comment in this blog post.

0

Hi Eugene

Thank you for the information. I had read that the proxy would be best residing on the development server and then each dev SSH tunnelling to the server. 

How can I edit the source code for the dbgpProxy file on a Linux Ubuntu environment? Would that hack work for what I am trying to achieve.

It seems completely illogical this doesn't work in a more suitable solution? Surely there are 100's of companies trying to allow their developers to remote debug code held on a development server.

Thanks again

0

It seems completely illogical

You have to take into consideration that the DBGp Proxy is old, it's been made when xdebug.remote_connect_back wasn't a thing, so it was some kind of a replacement. It still relies on the server, the proxy, and the dev machines being located on the same LAN.

Would that hack work for what I am trying to achieve.

Yes, it seems to work: https://recordit.co/K3GEIS9vq5
You can get this proxy version here, the Python Remote Debugging Client section.
Please note that you need to open the tunnel first and only then register the IDE.

1

Thank you Eugene, I'll give it a try. But just to confirm, we are using PhpStorm - does this mean we will need to use Komodo instead?

 

0

No, it doesn't, the proxy works independently of the IDE. Also, please check the screencast.

1

Thank you, I'll give this a try and the screencast is great.

So with this solution, I should be able to run this in my environment. Proxy on the development web server hosted in Azure, SSH tunnel, IDE on local machines within an office environment, each using a unique key.

I'll give it a try.

0

Yes, it should work just fine. Please let me know how it goes, I am curious.

1

Appreciate your prompt help Eugene. I'll let you know how I get on.

Just getting my head around what to set IP's and Ports as now as my web server is on an external IP

INFO: dbgp.proxy: dbgp listener on 127.0.0.1:9003
INFO: dbgp.proxy: IDE listener on 10.0.0.6:9007 --- (10.0.0.6 is the Azure local server IP)
INFO: dbgp.proxy: Server:onConnect ('******', 23327) [proxyinit -p 9007 -k 9008 -m 1] --- (****** is the WAN IP of my office)

0

Just to keep you updated....so three of us connected to proxy. Exactly same settings apart from unique IDE key and unique SSH tunnel using the IDE key as the source port. Two of us don't get anything in phpstorm when we attempt to debug a page. One of us gets the debug info show in phpstorm.

 

0

What if this one person that catches the debug session disables Listening for incoming connections, what would the proxy log say on a debugging attempt?

0

So I think I've figured this issue for the other two developers is because they're within the office LAN and I'm outside as I'm working from home.

So therefore I presume the server can't write back to their machines and therefore that's a firewall / port forwarding issue on the router within the office.

Would the server just try to write back to the port (IDE key) only?

I.e. wanipofoffice:idekeyport which I would need to not only allow but also port forward their individual ports to their machine ? 

0

To confirm I didn't get their debug requests. They appeared to be sent fine in pydbgpproxy logs but they never received in their IDE.

0

Most probably, a port forwarding issue.
The proxy doesn't try to send data to their machines wherever they are located, it's trying to send data to 127.0.0.1:8123 (where 8123 is one of their IDE keys), there are no firewalls between the proxy and its 127.0.0.1.
If they don't get this connection on the other side of the tunnel, that means that either they didn't configure the remote port forwarding properly, or it doesn't work for some other reason.

Take one of them as a guinea pig, ask him to configure everything once again, and then, while the tunnel is up, run telnet 127.0.0.1 8123 (replace with the actual port) two times, one with Listening enabled, another - with disabled.

What would telnet say?

0

Thanks Eugene will give that a try. 

I presume since it works for me outside of the LAN it's a port forwarding issue within the LAN. It's figuring out which port isn't working properly. 

When I telnet to 127.0.0.1 on my machine and the port I've set up (8123) it connects fine. 

I'll ask them to try and see what they get but I'm guessing it doesn't work. 

I will need to figure out how to allow that through the router 

0

Please note they are supposed to run telnet on the server, not on the developer machine.
With ssh -R 8123:127.0.0.1:9000, port 8123 is being listened on the server, and when it gets the data to this port, it forwards it to <your dev machine>:9000, to PhpStorm.

You don't need to allow anything on the router, as soon as the tunnel is established, no other connection between the server and the dev machine is necessary - the SSH connection is being reused for that.

0

Yeah that makes sense. I am losing the plot I've been going around in circles with this. My mistake.

I need to try and understand why outside of the LAN I can debug but inside of the LAN I can't. Why can it not talk to machines within the LAN over the SSH tunnel.

0

We can have a remote session via TeamViewer if you'd like, as I understand why setting this up isn't exactly trivial, but we need access to a machine that can't get the connection of course.
You can send me an email to eugene dot morozov at jetbrains.com so that we could discuss the time.

0

Okay so it turns out machines within the LAN are accepting then telnet connection from the server...but then immediately the connection is being closed "Connection closed by foreign host."

If I connect to the port I open on Putty on my machine outside of the LAN it works fine.

If I connect to a 127.0.0.1 port that has been opened on an SSH tunnel within the LAN, it closes.

So I need to figure out what is shutting down that connection, effectively rendering the SSH tunnel useless.

 

0

It sounds exactly as if there was nothing listening on the developer machine side.
Here's an example: https://recordit.co/0MKfkG2N5V

On the first attempt, there was no SSH tunnel, so telnet failed to connect.
On the second attempt, the tunnel was established, but nothing listened to 9000 on the developer machine because I turned listening off. telnet stayed open for a couple of seconds and closed.
On the third attempt, I enabled listening, telnet was able to connect and stayed in the connected state.

If listening is enabled, I assume that it's the firewall on the dev machines that blocks the connection, as there's nothing else between the proxy and the machine.

0

That is exactly what is happening in second attempt...however, the difference is, listening is enabled. 

On my home PC, I only need to open the SSH tunnel to then be able to telnet (on another session) to the port I've opened.

So for example

ssh -R 8123:127.0.0.1:9003 user@serverip

If I then use another session on the serverip I can run telnet 127.0.0.1 8123

If I open another two sessions 

ssh -R 8125:127.0.0.1:9003 user@serverip
ssh -R 8127:127.0.0.1:9003 user@serverip

I can telnet 127.0.0.1 8125
and
telnet 127.0.0.1 8127

all works.

If I open an SSH tunnel in my office PC - within the LAN / office environment

ssh -R 8129:127.0.0.1:9003 user@serverip

and I try

telnet 127.0.0.1 8129 

it works, like in your second attempt - then something closes it.

0

When listening is enabled in PhpStorm, can you telnet to 127.0.0.1 9003 locally from the office PC?
Also, what OS are you using there? Have you tried to disable the firewall if it's Windows/macOS?

0

We may have cracked it. More testing tomorrow needed but, I've opened the ports on my router on the internal LAN so all ports can pass through within the 9000 range.

I've now got my work PC and my home PC both debugging together!

 

0

I've opened the ports on my router on the internal LAN so all ports can pass through within the 9000 range.

I have no idea how this might've helped - the connection from the proxy comes through the SSH tunnel which is a connection that is already established, so the only thing that could block it is the firewall on the local machine.
There's of course always a chance that I am missing something.

0

In Phpstorm, does it matter what the Xdebug>Debug Port is set too? Default in the latest version it's 9000,9001 - does this port affect what you can telnet too from the server to the local client

0

It definitely does. In 8123:127.0.0.1:9000, the bold part represents the port PhpStorm is listening to.
If you set it to 9003, but PhpStorm is listening on 9000 and 9001, no wonder you cannot catch any connection.

By the way, the default ports values are not 9000,9001 but 9000,9003

0

Please sign in to leave a comment.