Initial working sql proxy setup
This commit is contained in:
parent
2ae3bff9d7
commit
40630b86b9
8 changed files with 64 additions and 1 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -0,0 +1 @@
|
||||||
|
/etc/ssh/*key*
|
2
Dockerfile
Normal file
2
Dockerfile
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
FROM ajoergensen/openssh-server
|
||||||
|
RUN useradd -d /etc/ssh sqlproxy && usermod -p '*' sqlproxy
|
|
@ -7,7 +7,28 @@ services:
|
||||||
volumes:
|
volumes:
|
||||||
- /var/run/docker.sock:/tmp/docker.sock:ro
|
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||||
- /etc/hosts:/tmp/hosts:rw
|
- /etc/hosts:/tmp/hosts:rw
|
||||||
- ./hostman.sh:/hostman.sh
|
- ./script/hostman.sh:/hostman.sh:ro
|
||||||
|
sshd:
|
||||||
|
build:
|
||||||
|
context: .
|
||||||
|
dockerfile: ./Dockerfile
|
||||||
|
command: ["./sqlproxy.sh", "&", "wait", "$!" ]
|
||||||
|
ports:
|
||||||
|
- 22:22
|
||||||
|
volumes:
|
||||||
|
- ./etc/ssh:/etc/ssh/
|
||||||
|
- /var/run/docker.sock:/tmp/docker.sock:ro
|
||||||
|
- ./script/hostman.sh:/hostman.sh:ro
|
||||||
|
- ./script/sqlproxy.sh:/sqlproxy.sh:ro
|
||||||
|
environment:
|
||||||
|
DISABLE_KEYGEN: true
|
||||||
|
DISABLE_CONFIG_GEN: true
|
||||||
|
HOST_CONF_PATH: /etc/hosts
|
||||||
|
RESOLVE_DOCKERHOST: true
|
||||||
|
DOCKER_HOSTNAME_VAR: DB_VHOST
|
||||||
|
networks:
|
||||||
|
- proxy
|
||||||
|
restart: unless-stopped
|
||||||
nginx-proxy:
|
nginx-proxy:
|
||||||
image: jwilder/nginx-proxy
|
image: jwilder/nginx-proxy
|
||||||
ports:
|
ports:
|
||||||
|
|
0
etc/ssh/.ssh/authorized_keys
Normal file
0
etc/ssh/.ssh/authorized_keys
Normal file
13
etc/ssh/sshd_config
Normal file
13
etc/ssh/sshd_config
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
PasswordAuthentication no
|
||||||
|
PubkeyAuthentication yes
|
||||||
|
Port 22
|
||||||
|
X11Forwarding no
|
||||||
|
PermitRootLogin no
|
||||||
|
GatewayPorts no
|
||||||
|
AllowTcpForwarding yes
|
||||||
|
PermitOpen any
|
||||||
|
|
||||||
|
PidFile /config/sshd.pid
|
||||||
|
Subsystem sftp /usr/lib/ssh/sftp-server -u 022
|
||||||
|
|
||||||
|
AllowUsers sqlproxy
|
8
script/sqlproxy.sh
Executable file
8
script/sqlproxy.sh
Executable file
|
@ -0,0 +1,8 @@
|
||||||
|
#!/usr/bin/env sh
|
||||||
|
# ensure permissions
|
||||||
|
chown sqlproxy:sqlproxy /etc/ssh
|
||||||
|
chown -R sqlproxy:sqlproxy /etc/ssh/.ssh
|
||||||
|
chmod 0700 /etc/ssh/.ssh
|
||||||
|
chmod 0600 /etc/ssh/.ssh/authorized_keys
|
||||||
|
|
||||||
|
source ./hostman.sh
|
18
sqlproxy_setup.sh
Executable file
18
sqlproxy_setup.sh
Executable file
|
@ -0,0 +1,18 @@
|
||||||
|
if [ ! -f ./etc/ssh/ssh_host_ed25519_key ]
|
||||||
|
then
|
||||||
|
echo "Generating sqlproxy SSHD keys"
|
||||||
|
ssh-keygen -f ./ -A
|
||||||
|
fi
|
||||||
|
|
||||||
|
read -r -p "Auto generate client keys+config? [Y/n] " GEN_KEYS
|
||||||
|
case $GEN_KEYS in
|
||||||
|
[yY]*)
|
||||||
|
mkdir -p ~/.ssh
|
||||||
|
read -r -p "Key Name (should not already exist in ~/.ssh): " KEY_NAME
|
||||||
|
ssh-keygen -t ed25519 -f ~/.ssh/$KEY_NAME.key
|
||||||
|
read -r -p "Target Host: " HOST_NAME
|
||||||
|
echo -ne "\n\nHost $HOST_NAME\n User sqlproxy\n IdentityFile ~/.ssh/$KEY_NAME.key" >> ~/.ssh/config
|
||||||
|
cat ~/.ssh/$KEY_NAME.key.pub >> ./etc/ssh/.ssh/authorized_keys
|
||||||
|
break;;
|
||||||
|
*) echo "Not generating client ssh key.\nPlease put your desired public keys into ./etc/ssh/.ssh/authorized_keys";;
|
||||||
|
esac
|
Loading…
Reference in a new issue