Initial working sql proxy setup

2022-11-11 15:38:59 +01:00 · 2022-11-11 15:38:59 +01:00 · 40630b86b9
parent 2ae3bff9d7
commit 40630b86b9
8 changed files with 64 additions and 1 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+/etc/ssh/*key*
--- a/2
+++ b/2
@ -0,0 +1,2 @@
+FROM ajoergensen/openssh-server
+RUN useradd -d /etc/ssh sqlproxy && usermod -p '*' sqlproxy
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -7,7 +7,28 @@ services:
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - /etc/hosts:/tmp/hosts:rw
-      - ./hostman.sh:/hostman.sh
+      - ./script/hostman.sh:/hostman.sh:ro
+  sshd:
+    build:
+      context: .
+      dockerfile: ./Dockerfile
+    command: ["./sqlproxy.sh", "&", "wait", "$!" ]
+    ports:
+      - 22:22
+    volumes:
+      - ./etc/ssh:/etc/ssh/
+      - /var/run/docker.sock:/tmp/docker.sock:ro
+      - ./script/hostman.sh:/hostman.sh:ro
+      - ./script/sqlproxy.sh:/sqlproxy.sh:ro
+    environment:
+      DISABLE_KEYGEN: true
+      DISABLE_CONFIG_GEN: true
+      HOST_CONF_PATH: /etc/hosts
+      RESOLVE_DOCKERHOST: true
+      DOCKER_HOSTNAME_VAR: DB_VHOST
+    networks:
+      - proxy
+    restart: unless-stopped
  nginx-proxy:
    image: jwilder/nginx-proxy
    ports:
--- a/etc/ssh/.ssh/authorized_keys
+++ b/etc/ssh/.ssh/authorized_keys
--- a/etc/ssh/sshd_config
+++ b/etc/ssh/sshd_config
@ -0,0 +1,13 @@
+PasswordAuthentication no
+PubkeyAuthentication yes
+Port 22
+X11Forwarding no
+PermitRootLogin no
+GatewayPorts no
+AllowTcpForwarding yes
+PermitOpen any
+
+PidFile /config/sshd.pid
+Subsystem	sftp	/usr/lib/ssh/sftp-server -u 022
+
+AllowUsers sqlproxy
--- a/script/hostman.sh
+++ b/script/hostman.sh
--- a/script/sqlproxy.sh
+++ b/script/sqlproxy.sh
@ -0,0 +1,8 @@
+#!/usr/bin/env sh
+# ensure permissions
+chown sqlproxy:sqlproxy /etc/ssh
+chown -R sqlproxy:sqlproxy /etc/ssh/.ssh
+chmod 0700 /etc/ssh/.ssh
+chmod 0600 /etc/ssh/.ssh/authorized_keys
+
+source ./hostman.sh
--- a/sqlproxy_setup.sh
+++ b/sqlproxy_setup.sh
@ -0,0 +1,18 @@
+if [ ! -f ./etc/ssh/ssh_host_ed25519_key ]
+then
+    echo "Generating sqlproxy SSHD keys"
+    ssh-keygen -f ./ -A
+fi
+
+read -r -p "Auto generate client keys+config? [Y/n] " GEN_KEYS
+case $GEN_KEYS in
+    [yY]*)
+        mkdir -p ~/.ssh
+        read -r -p "Key Name (should not already exist in ~/.ssh): " KEY_NAME
+        ssh-keygen -t ed25519 -f ~/.ssh/$KEY_NAME.key
+        read -r -p "Target Host: " HOST_NAME
+        echo -ne "\n\nHost $HOST_NAME\n  User sqlproxy\n  IdentityFile ~/.ssh/$KEY_NAME.key" >> ~/.ssh/config
+        cat ~/.ssh/$KEY_NAME.key.pub >> ./etc/ssh/.ssh/authorized_keys
+        break;;
+       *) echo "Not generating client ssh key.\nPlease put your desired public keys into ./etc/ssh/.ssh/authorized_keys";;
+esac