├── .gitignore
├── CHANGELOG.md
├── Dockerfile
├── LICENSE
├── Makefile
└── README.md


/.gitignore:
--------------------------------------------------------------------------------
1 | 
2 | # ignore makefile build artifacts
3 | build/
4 | 


--------------------------------------------------------------------------------
/CHANGELOG.md:
--------------------------------------------------------------------------------
 1 | # Changelog
 2 | 
 3 | All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
 4 | 
 5 | ## (2017-01-27)
 6 | 
 7 |    - Update image to use the `alpine:3.5`
 8 |    - Use `autossh` instead of simple `ssh` for extra stability of the tunnel
 9 |    - Provided sample `Makefile` to automate the build process -- on
10 |      unix-like systems you can use make command to build docker image and
11 |      container.
12 | 
13 | 	```SSH_CMD="*:6379:localhost:6379 martin@172.17.0.1" make build-container```
14 | 
15 |    - The assumption is, that local `ssh-agent` holds the required identity
16 |      files.  Another solution may be to generate new ssh key (`ssh-keygen`)
17 |      and use the ssh `-i` option to provide the identity directly.
18 | 
19 | ## (2016-09-13)
20 | 
21 |     Thanks to @phlegx we now have a seperate tag for reversed tunnels (remote -> local)
22 |     This adds the following tags to this repo:
23 |     - `kingsquare/tunnel:latest` (the `-L` option)
24 |     - `kingsquare/tunnel:forward`
25 |     - `kingsquare/tunnel:l`
26 | 
27 |     and the reverse option: (the `-R` option)
28 |     - `kingsquare/tunnel:reverse`
29 |     - `kingsquare/tunnel:r`
30 | 
31 |     Thanks @ignar for bringing this container back to my attention :)
32 | 
33 | ## (2015-11-10)
34 | 
35 |     Thanks to @ignar I took another look at the dockerfile and have updated it to use [AlpineLinux](http://www.alpinelinux.org/)
36 |     This results in a _much_ smaller image (<8mb) and is still just as fast and functional.
37 |     Thanks @ignar for bringing this container back to my attention :)
38 | 


--------------------------------------------------------------------------------
/Dockerfile:
--------------------------------------------------------------------------------
 1 | ###
 2 | #
 3 | # A docker image to allow ssh-tunneling via this image
 4 | #
 5 | # Usage:
 6 | # docker run -d --name [$your_tunnel_name] -v $SSH_AUTH_SOCK:/ssh-agent kingsquare/tunnel *:[$exposed_port]:[$destination]:[$destination_port] [$user@][$server]
 7 | #
 8 | # ie. docker run -d --name example_tunnel -v $SSH_AUTH_SOCK:/ssh-agent kingsquare/tunnel *:2222:127.0.0.1:23152 user@example.com
 9 | #
10 | ###
11 | 
12 | FROM alpine:3.12
13 | MAINTAINER Kingsquare <docker@kingsquare.nl>
14 | 
15 | ENV SSH_AUTH_SOCK /ssh-agent
16 | 
17 | ####
18 | # Install the autossh
19 | RUN apk add --update autossh && rm -rf /var/cache/apk/*
20 | 
21 | VOLUME ["/ssh-agent"]
22 | # for ambassador mode
23 | EXPOSE 2222
24 | 
25 | 
26 | ENTRYPOINT ["/usr/bin/autossh", "-M", "0", "-T", "-N", "-oStrictHostKeyChecking=no", "-oServerAliveInterval=180", "-oUserKnownHostsFile=/dev/null", "-L"]
27 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | ISC License
 2 | 
 3 | Copyright (c) 2014, Contributors
 4 | 
 5 | Permission to use, copy, modify, and/or distribute this software
 6 | for any purpose with or without fee is hereby granted, provided
 7 | that the above copyright notice and this permission notice
 8 | appear in all copies.
 9 | 
10 | THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 | WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
12 | OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE
13 | LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES
14 | OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
15 | WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
16 | ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.


--------------------------------------------------------------------------------
/Makefile:
--------------------------------------------------------------------------------
 1 | # Time-stamp: < Makefile (2017-01-28 08:51) >
 2 | BUILD=build
 3 | VOLUME=$(shell echo "$$SSH_AUTH_SOCK:/ssh-agent")
 4 | 
 5 | # required argument SSH_CMD (provided by environment variable SSH_CMD)
 6 | ifdef $$SSH_CMD
 7 | SSH_CMD=$$SSH_CMD
 8 | endif
 9 | 
10 | # optional argument NAME
11 | NAME=docker-tunnel
12 | ifdef $$NAME
13 | NAME=$$NAME
14 | endif
15 | 
16 | # optional argument TAG
17 | TAG=autossh
18 | ifdef $$TAG
19 | TAG=$$TAG
20 | endif
21 | 
22 | IMAGE=$(NAME):$(TAG)
23 | CONTAINER_BUILD_MARKER=$(BUILD)/container-$(NAME)
24 | IMAGE_BUILD_MARKER=$(BUILD)/image-$(NAME)-$(TAG)
25 | 
26 | .PHONY: all clean clean-container clean-image prepare image container start
27 | 
28 | all:
29 | 	@echo "legal targets: 'clean', 'clean-container', clean-image', 'build-image', 'build-container', 'start'"
30 | 	@echo ""
31 | 	@echo "    required argument to Makefile is 'SSH_CMD', ie:"
32 | 	@echo ""
33 | 	@echo '        make SSH_CMD="*:6379:localhost:6379 redis@172.17.0.1" build-container'
34 | 	@echo ""
35 | 	@echo "    optional arguments include 'NAME' and 'TAG', ie:"
36 | 	@echo ""
37 | 	@echo '        make NAME=redis-ssh-tunnel TAG=redis-project SSH_CMD="*:6379:localhost:6379 redis@172.17.0.1" build-container'
38 | 
39 | clean: clean-container clean-image
40 | 	rm -rf $(BUILD)
41 | 
42 | clean-container:
43 | 	rm -f $(CONTAINER_BUILD_MARKER)
44 | 	docker rm $(NAME)
45 | 
46 | clean-image:
47 | 	rm -f $(IMAGE_BUILD_MARKER)
48 | 	docker rmi $(IMAGE)
49 | 
50 | prepare:
51 | 	mkdir -p $(BUILD)
52 | 
53 | build-image: prepare $(IMAGE_BUILD_MARKER)
54 | 
55 | $(IMAGE_BUILD_MARKER): Dockerfile
56 | 	docker build -f $< -t $(IMAGE) .
57 | 	test `docker images --format '{{.ID}}' $(IMAGE) | wc -l` -eq "1" && touch $@
58 | 
59 | build-container: build-image $(CONTAINER_BUILD_MARKER)
60 | 
61 | $(CONTAINER_BUILD_MARKER): $(IMAGE_BUILD_MARKER)
62 | ifeq ($(strip $(SSH_CMD)),)
63 | 	$(error please define SSH_CMD, ie: 'make SSH_CMD="*:6379:localhost:6379 redis@172.17.0.1" build-container')
64 | else
65 | 	@echo "NAME   =$$NAME"
66 | 	@echo "TAG    =$$TAG"
67 | 	@echo "SSH_CMD=$$SSH_CMD"
68 | endif
69 | 	docker run -d --name $(NAME) -v $(VOLUME) $(IMAGE) $(SSH_CMD)
70 | 	docker stop $(NAME)
71 | 	test `docker ps --all --filter=name=$(NAME) --format '{{.ID}}' | wc -l` -eq "1" && touch $@
72 | 
73 | start: build-container
74 | 	docker start -a -i $(NAME)
75 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | [![](https://images.microbadger.com/badges/image/kingsquare/tunnel.svg)](https://microbadger.com/images/kingsquare/tunnel "Get your own image badge on microbadger.com")
 2 | # Tunnel
 3 | 
 4 | This is a `simple` ssh-tunnel container for easily connecting to other containers / servers elsewhere via a ```--link```-ed
 5 | tunnel container. This tunnel will use your local SSH-agent to connect to the endpoint thus no need to push your ~/.ssh/ files into
 6 | the image.
 7 | 
 8 | # Usage
 9 | 
10 | The full syntax for starting an image from this container:
11 | 
12 | 	docker run -d --name [$your_tunnel_name] -v $SSH_AUTH_SOCK:/ssh-agent kingsquare/tunnel *:[$exposed_port]:[$destination]:[$destination_port] [$user@][$server]
13 | 
14 | > You can append any ssh parameters
15 | 
16 | **Mac support:** ~~Please be aware that with the launch of the [Docker for Mac Beta](https://blog.docker.com/2016/03/docker-for-mac-windows-beta/) this currently doesnt work on Mac.~~ Please see this [note](https://github.com/kingsquare/docker-tunnel/issues/2#issuecomment-220782052)
17 | 
18 | # Examples
19 | 
20 | * you would like to have a tunnel port 3306 on server example.com locally exposed as 3306
21 | 
22 | 	```docker run -d --name tunnel_mysql -v $SSH_AUTH_SOCK:/ssh-agent kingsquare/tunnel *:3306:localhost:3306 me@example.com```
23 | 
24 | * you would like to have a tunnel port 3306 on server example.com locally exposed on the host as 3308
25 | 
26 | 	```docker run -d -p 3308:3306 --name tunnel_mysql -v $SSH_AUTH_SOCK:/ssh-agent kingsquare/tunnel *:3306:localhost:3306 me@example.com```
27 | 
28 | 
29 | # Using as an Ambassador
30 | 
31 | This method allows for using this image as an ambassador to other (secure) servers:
32 | 
33 | 	docker stop staging-mongo;
34 | 	docker rm staging-mongo;
35 | 	docker run -d --name staging-mongo -v $SSH_AUTH_SOCK:/ssh-agent kingsquare/tunnel *:2222:127.0.0.1:27017 tunnel-user@db.staging
36 | 
37 | 	docker stop production-mongo;
38 | 	docker rm production-mongo;
39 | 	docker run -d --name production-mongo -v $SSH_AUTH_SOCK:/ssh-agent kingsquare/tunnel *:2222:127.0.0.1:27017 tunnel-user@db.production
40 | 
41 | use the links in another container via exposed port 2222:
42 | 
43 | 	docker run --link staging-mongo:db.staging \
44 | 	    --link production-mongo:db.production \
45 | 	    my_app start
46 | 


--------------------------------------------------------------------------------