How may I gett an SSH tunnel from local docker to remote DB working, using kingsquare and docker-compose

Question

My new responsibility is porting our project into dockers. This means local code on each developer machine with test data on a staging server. At the moment, the code lives on the same server and thus uses local host (127.0.0.1) to connect to the database. The docker currently deploys and can run unit tests, which succeed in cases where no DB is required.

I've tried using the answers provided here: https://github.com/phpmyadmin/docker/issues/99 which failed at the time and with a variety of different attempts eventually led to trying to create SSH tunnels from inside the container ( How do I complete this SSH tunnel from local development docker to staging database ). I've returned to trying to use the service, as the other options seem to be even more complicated or unreliable.

I've returned to using the kingsquare image that allows tunnelling but I don't know what ${SSH_AUTH_SOCK} is or how to use it. I've tried pointing it at an SSH key but that (probably obviously) fails.

I've included the whole docker-compose.yml, as an earlier mistake that I had not noticed is not including network reference in my existing docker (app).

version: '3'
services:
    tunnels:
        image: kingsquare/tunnel
        volumes:
            - '${SSH_AUTH_SOCK}:/ssh-agent'
        command: '*:3306:localhost:3306 -vvv user@[myserver->the IP of the machine hosting the DB?] -i /.ssh/openssh_ironman_justin  -p 2302'
        networks:
            mynetwork:
                aliases:
                    - remoteserver
    app:
        build:
            context: .
            dockerfile: .docker/Dockerfile
            args:
                APP_PATH: ${APP_PATH}
        image: laravel-docker
        env_file: .env
        ports:
            - 8080:80
            # We need to expose 443 port for SSL certification.
            - "443:443"
        volumes:
            - .:/var/www/jumbledown
        networks:
            - mynetwork
networks:
    mynetwork:
        driver: bridge

In the.env file, every developer has the following, which I need to change once the SSH tunnel is completed so that it uses the tunnel-DB combination:

DB_HOST=127.0.0.1 # As per answer, this will change to the IP address of the server containing the database.  I'll leave the current localhost reference rather than displaying the IP address of the machine.
DB_PORT=3306
DB_DATABASE=[central database or sharded version for testing data changes]
DB_USERNAME=[username]
DB_PASSWORD=[password]

I'd like to be be able to get the code in the app container able to use the database on the remote server, with as little post-deployment complication as possible.

I resolved a port issue.我解决了一个端口问题。

if I use command: '*:3306:localhost:3306 -vvv [username]@[IP of DB host] -i [location on my PC of key file]/openssh_dev -p 2302' then it does establish a connection but it gets turned down with: command: '*:3306:localhost:3306 -vvv [username]@[IP of DB host] -i [location on my PC of key file]/openssh_dev -p 2302'然后它确实建立了连接但它被拒绝了：

tunnels_1  | debug1: Trying private key: /.ssh/openssh_ironman_justin
tunnels_1  | @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
tunnels_1  | @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
tunnels_1  | @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
tunnels_1  | Permissions 0755 for '/.ssh/openssh_dev ' are too open.
tunnels_1  | It is required that your private key files are NOT accessible by others.
tunnels_1  | This private key will be ignored.

But how do I change the permissions of a mounted file? Can it be done via Dockerfile, or must it already be present before that starts?

Answer 1

But how do I change the permissions of a mounted file? Can it be done via Dockerfile, or must it already be present before that starts?

The Dockerfile is used to create the image. The container based on that image mounts the directory from your host machine and maintains the same host permissions.

You can change the permissions of the file on your host, Docker will use the same permissions in the container.

Answer 2

For your docker container 127.0.0.1 is its localhost. To access the host machine you need to change the host to 0.0.0.0 . On the other hand, if you want to connect to a remote host then it'll be your-host-ip-or-domain.com .