diff --git a/.drone.yml b/.drone.yml new file mode 100644 index 0000000..095344d --- /dev/null +++ b/.drone.yml @@ -0,0 +1,34 @@ +kind: pipeline +name: default + +steps: + - name: build + image: plugins/docker:linux-amd64 + pull: always + settings: + dockerfile: Dockerfile + daemon_off: false + dry_run: true + repo: docker.asperti.com/paspo/sshtunnel + when: + event: + exclude: + - tag + + - name: build_and_publish + image: plugins/docker:linux-amd64 + pull: always + settings: + dockerfile: Dockerfile + auto_tag: false + force_tag: true + daemon_off: false + password: + from_secret: docker_password + registry: docker.asperti.com + repo: docker.asperti.com/paspo/sshtunnel + username: + from_secret: docker_username + when: + event: + - tag diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..c32fef4 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,17 @@ +FROM alpine:latest + +ARG SSH_USER +ARG SSH_HOST +ARG SSH_PORT +ARG SSH_IDENTITY_PATH + +ARG REMOTE_HOST +ARG REMOTE_PORT +ARG LOCAL_PORT + +RUN \ + apk -U add openssh-client + +COPY entrypoint.sh / + +ENTRYPOINT ["/bin/sh", "/entrypoint.sh"] diff --git a/README.md b/README.md index 618cb52..8e96572 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,47 @@ # docker-sshtunnel -You can use this docker container to create a SSH tunnel to a remote machine and have it "visible" inside your docker environment. \ No newline at end of file +[![Build Status](https://drone.asperti.com/api/badges/paspo/docker-sshtunnel/status.svg)](https://drone.asperti.com/paspo/docker-sshtunnel) + +You can use this docker container to create a SSH tunnel to a remote machine and have it "visible" inside your docker environment. + +## Usage example + +With the following settings, you have a container that establishes an SSH session with the specified remote machine, forwards remote mysql port to a port on the local container itself which is then exported by the local docker. + +That way you can connect to a remote mysql server (even if not directly exposed) as if it is running on your machine. + +### Plain docker + +```bash +docker run --rm -ti \ + -e SSH_USER=root \ + -e SSH_HOST=myremoteserver.mydomain.com \ + -e REMOTE_PORT=3306 \ + -e LOCAL_PORT=3306 \ + -e REMOTE_HOST=127.0.0.1 \ + -p 3306:3306 \ + -v /home/me/.ssh/id_rsa:/id_rsa \ + --name stu \ + docker.asperti.com/paspo/sshtunnel:latest +``` + +## docker-compose + +```yaml +version: "3" +services: + + backup-slave: + image: docker.asperti.com/paspo/sshtunnel:latest + restart: unless-stopped + volumes: + - "/home/me/.ssh/id_rsa:/id_rsa" + environment: + - SSH_USER=root + - SSH_HOST=myremoteserver.mydomain.com + - REMOTE_PORT=3306 + - LOCAL_PORT=3306 + - REMOTE_HOST=127.0.0.1 + ports: + - 3306:3306 +``` diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100755 index 0000000..40eb2bb --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,51 @@ +#!/bin/sh + +ERROR=0 + +if [ "${SSH_USER}" = "" ] ; then + echo You must set the SSH_USER environment variable + ERROR=1 +fi + +if [ "${SSH_HOST}" = "" ] ; then + echo You must set the SSH_HOST environment variable + ERROR=1 +fi + +if [ "${REMOTE_HOST}" = "" ] ; then + echo You must set the REMOTE_HOST environment variable + ERROR=1 +fi + +if [ "${REMOTE_PORT}" = "" ] ; then + echo You must set the REMOTE_PORT environment variable + ERROR=1 +fi + +if [ "${LOCAL_PORT}" = "" ] ; then + echo You must set the LOCAL_PORT environment variable + ERROR=1 +fi + +SSH_PORT=${SSH_PORT:-22} +SSH_IDENTITY_PATH=${SSH_IDENTITY_PATH:-/id_rsa} + +if [ ! -r "${SSH_IDENTITY_PATH}" ] ; then + echo "The specified identity file (${SSH_IDENTITY_PATH}) is not readable" + ERROR=1 +fi + +if [ "${ERROR}" = "1" ] ; then + echo "Quitting" + exit 1 +fi + +while true ; do + ssh \ + -p ${SSH_PORT} -i ${SSH_IDENTITY_PATH} \ + -o StrictHostKeyChecking=no -N \ + -L 0.0.0.0:${LOCAL_PORT}:${REMOTE_HOST}:${REMOTE_PORT} \ + ${SSH_USER}@${SSH_HOST} + echo "Connection closed. Waiting 5 seconds before retry." + sleep 5s +done \ No newline at end of file