From 0f492e6eb62748be53b935097b46996f6e72faaf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dalibor=20Karlovi=C4=87?= Date: Thu, 3 Jun 2021 11:42:36 +0200 Subject: [PATCH] initial commit --- Dockerfile | 8 ++++++++ README.md | 36 ++++++++++++++++++++++++++++++++++++ 2 files changed, 44 insertions(+) create mode 100644 Dockerfile create mode 100644 README.md diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..2dd0929 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,8 @@ +FROM alpine:3.13 + +RUN apk add --no-cache --update openssh-client +CMD ssh \ + -o StrictHostKeyChecking=no \ + -N ${TUNNEL_HOST} \ + -L ${FORWARD_DSN} + diff --git a/README.md b/README.md new file mode 100644 index 0000000..12f9376 --- /dev/null +++ b/README.md @@ -0,0 +1,36 @@ +# SSH tunnel in Docker + +Use case: allow your Docker containers to use SSH tunnels +to get into those hard to reach places like corporate resources, +firewalled APIs etc. + +## Usage with Docker Compose + +```yaml +services: + # your reglar services + + ssh-tunnel: + image: sigwinhq/ssh-tunnel:latest + environment: + # if the key is password-protected + SSH_AUTH_SOCK: "/ssh-agent" + # the host via which we tunnel + TUNNEL_HOST: "username@ssh.host.you.can.reach.example.com" + # what do we want to proxy to? + FORWARD_DSN: "*:443:firewalled-api.example.com:443" + volumes: + # your key is now usable by the tunnel + - $HOME/.ssh:/root/ssh:ro + # if the key is password-protected + - $SSH_AUTH_SOCK:/ssh-agent + # this part is to make the tunnel transparent to others + networks: + default: + aliases: + - firewalled-api.example.com +``` + +After doing this, your other services should now have access +to the firewalled API as if it's available directly, +without even knowing about the proxy.