Skip to content

Instantly share code, notes, and snippets.

@ilkka

ilkka/Dockerfile

Created March 27, 2015 08:34
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save ilkka/a47d6b1898603d406feb to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save ilkka/a47d6b1898603d406feb to your computer and use it in GitHub Desktop.
Download ZIP
Tunneling to an IP-restricted backend with Docker Compose
Raw
README.md

How it works

The 'tunnel' container gets an SSH secret key mounted inside it, then starts autossh and connects to the actual backend host that we're gonna run on in production, since that host can connect to the IP-restricted services we want. Then we link the tunnel container into our backend container as 'protected-service' or whatever the name of the service is, and then we just connect to that hostname instead of the real IP-restricted services.

Files

'Dockerfile' is the tunnel Dockerfile, 'tunnel.sh' is the entrypoint of the tunnel image.

Raw
docker-compose.yml
---
tunnel:
build: tools/tunnel
ports:
- "9001:9001"
- "9002:9002"
volumes:
- ./tools/tunnel/tunnel-key:/tunnel-key
backend:
build: backend
ports:
- "80:80"
links:
- "tunnel:protected-service"
Raw
Dockerfile
FROM ubuntu:14.04
MAINTAINER Ilkka Laukkanen <ilkka@ilkka.io>
ENV DEBIAN_FRONTEND noninteractive
RUN apt-get update && apt-get install -y autossh
EXPOSE 9001
EXPOSE 9002
ADD tunnel.sh /tunnel.sh
CMD ["/tunnel.sh"]
Raw
tunnel.sh
#!/bin/bash
SCRIPTDIR=$(cd -P $(dirname $0); pwd)
if [[ $# -ne 1 ]]; then
KEY=/tunnel-key
else
KEY=$1
shift
fi
autossh -M 0 \
-g \
-N \
-o StrictHostKeyChecking=no \
-o ServerAliveInterval=5 \
-o ServerAliveCountMax=1 \
-i $KEY \
-L 9001:10.0.0.1:8080 \
-L 9002:10.0.0.2:8000 \
tunnel-user@real-backend-host.example.com
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment