2024-06-04 17:44:27 +08:00
|
|
|
|
# docker-ssh-forwarding
|
|
|
|
|
|
在Docker中使用SSH将远程服务器内部端口转发到本地内部网络
|
|
|
|
|
|
|
|
|
|
|
|
适合将生产环境中为了安全而不开放外部访问的端口,通过SSH安全转发功能,映射到内部网络指定主机和端口上。
|
|
|
|
|
|
|
|
|
|
|
|
## 凭证
|
|
|
|
|
|
使用密钥登录,请提前将运行的用户的凭证放到远程服务器上(ssh-copy-id)
|
2024-06-05 10:23:39 +08:00
|
|
|
|
可以先启动容器后在容器内部使用
|
|
|
|
|
|
```
|
|
|
|
|
|
ssh-copy-id -p 222 user@host
|
|
|
|
|
|
|
|
|
|
|
|
# 若构建镜像时没有生成密钥凭证可先生成(容器内部执行)
|
|
|
|
|
|
ssh-keygen -t rsa -b 4096 -N "" -f /root/.ssh/id_rsa
|
|
|
|
|
|
```
|
2024-06-04 17:44:27 +08:00
|
|
|
|
|
|
|
|
|
|
## 构建
|
|
|
|
|
|
```
|
|
|
|
|
|
docker build . -t sshforwarding
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
## docker-compose.yml
|
|
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
|
version: "3"
|
|
|
|
|
|
services:
|
|
|
|
|
|
sshforwarding:
|
|
|
|
|
|
image: sshforwarding
|
|
|
|
|
|
container_name: sshforwarding
|
|
|
|
|
|
ports:
|
|
|
|
|
|
- 3307:3307
|
|
|
|
|
|
volumes:
|
|
|
|
|
|
- .ssh:/root/.ssh
|
|
|
|
|
|
environment:
|
|
|
|
|
|
REMOTE_USER: 远程服务器用户名
|
|
|
|
|
|
REMOTE_HOST: 远程服务器主机名
|
|
|
|
|
|
REMOTE_PORT: 远程服务器SSH端口
|
|
|
|
|
|
REMOTE_LISTEN_PORT: 需要转发的服务器端口
|
|
|
|
|
|
LOCAL_LISTEN_PORT: 本地监听端口
|
|
|
|
|
|
LOCAL_LISTEN_HOST: 本地监听地址
|
2024-06-05 10:23:39 +08:00
|
|
|
|
stdin_open: true
|
|
|
|
|
|
tty: true
|
2024-06-04 17:44:27 +08:00
|
|
|
|
```
|
