initial release
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/tag Build is passing

This commit is contained in:
Paolo Asperti 2021-03-19 09:34:33 +01:00
parent 0867a6fd69
commit d7fafd0928
Signed by: paspo
GPG Key ID: 06D46905D19D5182
4 changed files with 147 additions and 1 deletions

34
.drone.yml Normal file
View File

@ -0,0 +1,34 @@
kind: pipeline
name: default
steps:
- name: build
image: plugins/docker:linux-amd64
pull: always
settings:
dockerfile: Dockerfile
daemon_off: false
dry_run: true
repo: docker.asperti.com/paspo/sshtunnel
when:
event:
exclude:
- tag
- name: build_and_publish
image: plugins/docker:linux-amd64
pull: always
settings:
dockerfile: Dockerfile
auto_tag: false
force_tag: true
daemon_off: false
password:
from_secret: docker_password
registry: docker.asperti.com
repo: docker.asperti.com/paspo/sshtunnel
username:
from_secret: docker_username
when:
event:
- tag

17
Dockerfile Normal file
View File

@ -0,0 +1,17 @@
FROM alpine:latest
ARG SSH_USER
ARG SSH_HOST
ARG SSH_PORT
ARG SSH_IDENTITY_PATH
ARG REMOTE_HOST
ARG REMOTE_PORT
ARG LOCAL_PORT
RUN \
apk -U add openssh-client
COPY entrypoint.sh /
ENTRYPOINT ["/bin/sh", "/entrypoint.sh"]

View File

@ -1,3 +1,47 @@
# docker-sshtunnel
[![Build Status](https://drone.asperti.com/api/badges/paspo/docker-sshtunnel/status.svg)](https://drone.asperti.com/paspo/docker-sshtunnel)
You can use this docker container to create a SSH tunnel to a remote machine and have it "visible" inside your docker environment.
## Usage example
With the following settings, you have a container that establishes an SSH session with the specified remote machine, forwards remote mysql port to a port on the local container itself which is then exported by the local docker.
That way you can connect to a remote mysql server (even if not directly exposed) as if it is running on your machine.
### Plain docker
```bash
docker run --rm -ti \
-e SSH_USER=root \
-e SSH_HOST=myremoteserver.mydomain.com \
-e REMOTE_PORT=3306 \
-e LOCAL_PORT=3306 \
-e REMOTE_HOST=127.0.0.1 \
-p 3306:3306 \
-v /home/me/.ssh/id_rsa:/id_rsa \
--name stu \
docker.asperti.com/paspo/sshtunnel:latest
```
## docker-compose
```yaml
version: "3"
services:
backup-slave:
image: docker.asperti.com/paspo/sshtunnel:latest
restart: unless-stopped
volumes:
- "/home/me/.ssh/id_rsa:/id_rsa"
environment:
- SSH_USER=root
- SSH_HOST=myremoteserver.mydomain.com
- REMOTE_PORT=3306
- LOCAL_PORT=3306
- REMOTE_HOST=127.0.0.1
ports:
- 3306:3306
```

51
entrypoint.sh Executable file
View File

@ -0,0 +1,51 @@
#!/bin/sh
ERROR=0
if [ "${SSH_USER}" = "" ] ; then
echo You must set the SSH_USER environment variable
ERROR=1
fi
if [ "${SSH_HOST}" = "" ] ; then
echo You must set the SSH_HOST environment variable
ERROR=1
fi
if [ "${REMOTE_HOST}" = "" ] ; then
echo You must set the REMOTE_HOST environment variable
ERROR=1
fi
if [ "${REMOTE_PORT}" = "" ] ; then
echo You must set the REMOTE_PORT environment variable
ERROR=1
fi
if [ "${LOCAL_PORT}" = "" ] ; then
echo You must set the LOCAL_PORT environment variable
ERROR=1
fi
SSH_PORT=${SSH_PORT:-22}
SSH_IDENTITY_PATH=${SSH_IDENTITY_PATH:-/id_rsa}
if [ ! -r "${SSH_IDENTITY_PATH}" ] ; then
echo "The specified identity file (${SSH_IDENTITY_PATH}) is not readable"
ERROR=1
fi
if [ "${ERROR}" = "1" ] ; then
echo "Quitting"
exit 1
fi
while true ; do
ssh \
-p ${SSH_PORT} -i ${SSH_IDENTITY_PATH} \
-o StrictHostKeyChecking=no -N \
-L 0.0.0.0:${LOCAL_PORT}:${REMOTE_HOST}:${REMOTE_PORT} \
${SSH_USER}@${SSH_HOST}
echo "Connection closed. Waiting 5 seconds before retry."
sleep 5s
done