Docker,PHP-FPM,MySql:使用ssh隧道从容器连接到远程数据库
[英]Docker, PHP-FPM, MySql: connection to a remote DB from container using an ssh tunnel
问题描述
We've recently moved our php api to a docker container and I am trying to connect to a remote DB that requires an ssh tunnel. 
我们最近将php api移动到了docker容器,并且我试图连接到需要ssh隧道的远程数据库。 I've searched and can't find a workable answer, perhaps I'm trying to cut corners, I'm not sure. 我已经搜索过并且找不到可行的答案,也许我想偷工减料,我不确定。 New at this. 这是新的。
When I connect to the db via my mysql gui client, the ssh tunnel requires just a password, not a public key. 当我通过mysql gui客户端连接到数据库时,ssh隧道仅需要一个密码,而不是公共密钥。 Although I've read it's not the most secure way to do it, I am using sshpass in my build. 尽管我读过它不是最安全的方法,但是我在构建中使用了sshpass。
We're using Aura/SQL as a PDO library and it makes its connection when the container config is run. 我们使用Aura / SQL作为PDO库,并且在运行容器配置时建立连接。 When it was on the same server it worked fine from inside the api. 当它在同一台服务器上时,可以从api内部正常工作。 I'm not sure how Aura will know about the ssh connection. 我不确定Aura如何知道ssh连接。
Here is my Dockerfile: 这是我的Dockerfile:
# version
FROM php:7.2.3-fpm
RUN apt-get update && \
apt-get install -y procps git libssh2-1 libssh2-1-dev sshpass && \
pecl install ssh2-1.1.2 && \
docker-php-ext-enable ssh2 && \
docker-php-ext-install pdo pdo_mysql && \
sshpass -p 'XXXXXXXXX' ssh -o StrictHostKeyChecking=no -L 3306:localhost:3306 username@mysite.com
WORKDIR ./api
ADD ./ ./
ADD ./www.conf /usr/local/etc/php-fpm.d/www.conf
On build I don't get any errors, just a warning that known_hosts was updated and that a terminal was not open, some to that effect. 在构建时,我没有收到任何错误,只是一个警告,通知已知主机已更新,并且终端未打开,这可能会导致一些错误。
When I try to hit an endpoint that requires the db connection I get: 当我尝试命中需要数据库连接的端点时,我得到:
SQLSTATE[HY000] [2002] Connection refused
Am what I'm trying to do possible, or do I need a separate container, something like this: https://hub.docker.com/r/kingsquare/tunnel/ or https://docs.docker.com/samples/library/mysql/ 这是我正在尝试做的事情,还是我需要一个单独的容器,像这样: https : //hub.docker.com/r/kingsquare/tunnel/或https://docs.docker.com/samples /库/ mysql /
Thanks - D 感谢:D
1 个解决方案
解决方案1
0 2018-03-22 21:20:31
I think what you need to do is to run the ssh tunnel command after you start your container. 我认为您需要做的是在启动容器后运行ssh tunnel命令。
- Remove
sshpasscommand from docker file从sshpass文件中删除sshpass命令 - Start your container with
docker run(alternatively you can usedocker-compose)使用docker run启动容器(或者,您可以使用docker-compose) - Run ssh tunnel command on running container with
docker exec --detach YOUR_CONTAINER_NAME sshpass -p 'XXXXXXXXX' ssh -o StrictHostKeyChecking=no -L 3306:localhost:3306 username@mysite.com使用docker exec --detach YOUR_CONTAINER_NAME sshpass -p 'XXXXXXXXX' ssh -o StrictHostKeyChecking=no -L 3306:localhost:3306 username@mysite.com在正在运行的容器上运行ssh tunnel命令docker exec --detach YOUR_CONTAINER_NAME sshpass -p 'XXXXXXXXX' ssh -o StrictHostKeyChecking=no -L 3306:localhost:3306 username@mysite.com
Another solution is to wrap your commands in one bash script and put it in Dockerfile CMD ./my_wrapper_script.sh see the link . 另一种解决方案是将命令包装在一个bash脚本中,然后将其Dockerfile CMD ./my_wrapper_script.sh请参见链接 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.