SSH_SERVER_HOST
— Target SSH server host for connection. Can be hostname or IP address. Required.SSH_SERVER_PORT
— Target SSH server port for connection. Must be valid integer port number. Optional. Default value22
.SSH_SERVER_USER
— Target SSH server username. Must be valid username. Required.REMOTE_SERVER_HOST
— Target service host for tunneling it. Can be hostname or IP address. Optional. Default valuelocalhost
.REMOTE_SERVER_PORT
— Target service port for tunneling it. Must be valid integer port number. Required.LOCAL_PORT
— Tunneled service port number of container. Must be valid integer port number. Optional. Default value same asREMOTE_SERVER_PORT
.HEALTHCHECK
— Set healthcheck level for forwarded port. Optional. Default valuesoft
. Possible values:none
— Disables healthcheck by always saying "health".soft
— Checks port listening (by usingnetstat
).hard
— Checks port opening (by usingnc
). Can emit handshake issues on authorize-able services.
Also, can be added additional environment variables for ssh
command. See Environment article ssh(1) manual page.
All command arguments be attached to ssh
command. See ssh(1) manual page.
Default command arguments is -N
, -T
, -C
, -o ServerAliveInterval=60
, -o GatewayPorts=true
and -o ExitOnForwardFailure=yes
.
config
and keys can be mounted to /ssh
directory.
docker run --rm \
-e SSH_SERVER_HOST=my-host.example \
-e SSH_SERVER_USER=my-user \
-e REMOTE_SERVER_PORT=3306 \
-v '~/.ssh:/ssh:ro' \
-p '127.0.0.1:3306:3306/tcp' \
7-zete-7/ssh-tunnel:latest
services:
mysql-proxy:
image: 7-zete-7/ssh-tunnel:latest
volumes:
- type: bind
target: /ssh
source: ${HOME}/.ssh
read_only: true
environment:
SSH_SERVER_HOST: my-host.example
SSH_SERVER_USER: my-user
REMOTE_SERVER_PORT: 3306
ports:
- target: 3306
published: 3306
protocol: tcp
host_ip: 127.0.0.1
app:
image: ...
depends_on:
- mysql-proxy
environment:
MYSQL_DSN: mysql://${MYSQL_USER:-app}:${MYSQL_PASSWORD:-!ChangeMe!}@mysql-proxy/${MYSQL_DATABASE:-app}
...
services:
mysql-proxy:
image: 7-zete-7/ssh-tunnel:latest
volumes:
- type: bind
target: /var/run/ssh/agent.sock
source: ${SSH_AGENT_SOCK}
read_only: true
environment:
SSH_AGENT_SOCK: /var/run/ssh/agent.sock
SSH_SERVER_HOST: my-host.example
SSH_SERVER_PORT: 2222
SSH_SERVER_USER: my-user
REMOTE_SERVER_HOST: deep-private-server.example
REMOTE_SERVER_PORT: 3306
LOCAL_PORT: 1234
ports:
- target: 1234
published: 3306
protocol: tcp
app:
image: ...
depends_on:
- mysql-proxy
environment:
MYSQL_DSN: mysql://${MYSQL_USER:-app}:${MYSQL_PASSWORD:-!ChangeMe!}@mysql-proxy:1234/${MYSQL_DATABASE:-app}
...