I have a server ("A") running behind a firewall, which serves HTTP and websockets. I have no control over the firewall, but do have an external server ("B") to which the internal server can connect (note that the reverse connection from B to A is not possible due to the firewall). How can I set up some sort of proxy on B such that an Internet client ("C") can access the resources on A?
I'd prefer something lightweight—even a Python program or an SSH tunnel (which I've tried without success)—rather than something more heavyweight but robust.
(source: 
Best Answer
You have two problems. First, you have a firewall to circumvent. Second, you have to reverse proxy websockets.
The first problem is easier. I would start with installing openvpn-server on B and get A connected to it. You can choose any port the firewall will allow. I have found it to be excellent at maintaining a remote connection and you get encryption to boot.
The second problem is reverse proxying http and websockets. Websockets is complicated but once openvpn is installed you can use any of the conventional methods to do so without worrying about the firewall. I would attempt to use the websocket proxy features of more recent versions of nginx: http://nginx.org/en/docs/http/websocket.html