stackoom
  简体   繁体   中英

How to add SSH access to a docker container

 原文  2020-02-10 13:08:09       linux/ docker/ ssh

Question

I have the following DOCKER FILE

FROM alpine:3.10 as builder

ARG VERSION=7.12.0
ARG DISTRO=tomcat
ARG SNAPSHOT=true

ARG EE=false
ARG USER
ARG PASSWORD

RUN apk add --no-cache \
        ca-certificates \
        maven \
        tar \
        wget \
        xmlstarlet

COPY settings.xml download.sh camunda-tomcat.sh camunda-wildfly.sh  /tmp/

RUN /tmp/download.sh

#Enable Basic AUTH
COPY web.xml /camunda/webapps/engine-rest/WEB-INF/web.xml 

##### FINAL IMAGE #####

FROM alpine:3.10

ARG VERSION=7.12.0



ENV CAMUNDA_VERSION=${VERSION}
ENV DB_DRIVER=com.microsoft.sqlserver.jdbc.SQLServerDriver
ENV DB_URL=xx
ENV DB_USERNAME=dbname@xx
ENV DB_PASSWORD=xx
ENV DB_CONN_MAXACTIVE=20
ENV DB_CONN_MINIDLE=5
ENV DB_CONN_MAXIDLE=20
ENV DB_VALIDATE_ON_BORROW=true
ENV DB_VALIDATION_QUERY="SELECT 1"
ENV SKIP_DB_CONFIG=
ENV WAIT_FOR=
ENV WAIT_FOR_TIMEOUT=120
ENV TZ=UTC
ENV DEBUG=TRUE
ENV JAVA_OPTS="-Xmx768m -XX:MaxMetaspaceSize=256m"

EXPOSE 8080 8000

# Downgrading wait-for-it is necessary until this PR is merged
# https://github.com/vishnubob/wait-for-it/pull/68
RUN apk add --no-cache \
        bash \
        ca-certificates \
        openjdk11-jre-headless \
        tzdata \
        tini \
        xmlstarlet \
    && wget -O  /usr/local/bin/wait-for-it.sh \
      "https://raw.githubusercontent.com/vishnubob/wait-for-it/a454892f3c2ebbc22bd15e446415b8fcb7c1cfa4/wait-for-it.sh" --no-check-certificate \
    && chmod +x /usr/local/bin/wait-for-it.sh

RUN addgroup -g 1000 -S camunda && \
    adduser -u 1000 -S camunda -G camunda -h /camunda -s /bin/bash -D camunda
WORKDIR /camunda
USER camunda

#MSSQL SERVER JDBC DRIVER INSTALL
COPY mssql-jdbc-7.2.2.jre11.jar /camunda/lib/

ENTRYPOINT ["/sbin/tini", "--"]
CMD ["./camunda.sh"]

COPY --chown=camunda:camunda --from=builder /camunda .

This runs a CAMUNDA workflow Engine with an External SQL Paas Database and it works perfectly fine. However in order to troubleshoot I need to be able to SSH into the container.

I found on this website how to do it: https://docs.microsoft.com/en-us/azure/app-service/containers/tutorial-custom-docker-image

However the problem is that both ENTRYPOINT and CMD only allows ONE command, so I am not sure how to start up SSH

# ssh
ENV SSH_PASSWD "root:xyz"
RUN apt-get update \
        && apt-get install -y --no-install-recommends dialog \
        && apt-get update \
    && apt-get install -y --no-install-recommends openssh-server \
    && echo "$SSH_PASSWD" | chpasswd 

COPY sshd_config /etc/ssh/
COPY init.sh /usr/local/bin/
RUN chmod u+x /usr/local/bin/init.sh

EXPOSE 8000 2222

# end ssh config

2 answers

solution1
 2  2020-02-26 18:52:34

The Azure docs on this could be a bit better but you're almost there.

Firstly, since you're using Alpine Linux, your Dockerfile steps are a bit different from their example. Notably, you use apk add instead of apt-get install . Take a look at this guide which has examples of setting up SSH for Azure with Alpine.

RUN apk add openssh \
  && echo "root:Docker!" | chpasswd
COPY ./path/to/sshd_config /etc/ssh/

The sshd_config should look something like this: 

Port                    2222
ListenAddress           0.0.0.0
LoginGraceTime          180
X11Forwarding           yes
Ciphers                 aes128-cbc,3des-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr
MACs                    hmac-sha1,hmac-sha1-96
StrictModes             yes
SyslogFacility          DAEMON
PasswordAuthentication  yes
PermitEmptyPasswords    no
PermitRootLogin         yes
Subsystem               sftp internal-sftp
PidFile                 /etc/ssh/run/sshd.pid
HostKey                 /etc/ssh/ssh_host_rsa_key

The last step is to make sure that sshd gets started when the container starts up. While you're right that CMD can only take one command, that command can be a script which runs multiple things. By default, sshd forks a background process rather than running in the foreground so you should be ok. Your startup command could look like this for example:

#!/bin/sh

# ...

# Start sshd for Azure
ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa
mkdir -p /etc/ssh/run
/usr/sbin/sshd

# Run any additional commands like ./camunda.sh

Azure has some repositories with full sample projects including the SSH setup. Here's a good example although it is Ubuntu and your container is Alpine so it's a bit different.

solution2
 1  2020-02-10 13:28:55

Here are some suggestions:

  • create a custom script that you will run at container startup ( CMD tag) that starts the ssh daemon and your other services
  • (more hacky) like in this answer simply put everything in your CMD

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question docker: SSH access directly into container How to ssh into a docker container running on a different network? SSH Tunneling to docker container How to add service to docker container? How to add users to Docker container? How can I ssh into “Web App On Linux” docker container on Azure? How to SSH into running docker container from jenkins execute shell Docker within Docker container not mapping .ssh volume How to access a port exposed from a docker container? How to restrict access to path in Docker container?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM