Initial working sql proxy setup

This commit is contained in:
Kevin Baensch 2022-11-11 15:38:59 +01:00
parent 2ae3bff9d7
commit 40630b86b9
8 changed files with 64 additions and 1 deletions

1
.gitignore vendored
View file

@ -0,0 +1 @@
/etc/ssh/*key*

2
Dockerfile Normal file
View file

@ -0,0 +1,2 @@
FROM ajoergensen/openssh-server
RUN useradd -d /etc/ssh sqlproxy && usermod -p '*' sqlproxy

View file

@ -7,7 +7,28 @@ services:
volumes: volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro - /var/run/docker.sock:/tmp/docker.sock:ro
- /etc/hosts:/tmp/hosts:rw - /etc/hosts:/tmp/hosts:rw
- ./hostman.sh:/hostman.sh - ./script/hostman.sh:/hostman.sh:ro
sshd:
build:
context: .
dockerfile: ./Dockerfile
command: ["./sqlproxy.sh", "&", "wait", "$!" ]
ports:
- 22:22
volumes:
- ./etc/ssh:/etc/ssh/
- /var/run/docker.sock:/tmp/docker.sock:ro
- ./script/hostman.sh:/hostman.sh:ro
- ./script/sqlproxy.sh:/sqlproxy.sh:ro
environment:
DISABLE_KEYGEN: true
DISABLE_CONFIG_GEN: true
HOST_CONF_PATH: /etc/hosts
RESOLVE_DOCKERHOST: true
DOCKER_HOSTNAME_VAR: DB_VHOST
networks:
- proxy
restart: unless-stopped
nginx-proxy: nginx-proxy:
image: jwilder/nginx-proxy image: jwilder/nginx-proxy
ports: ports:

View file

13
etc/ssh/sshd_config Normal file
View file

@ -0,0 +1,13 @@
PasswordAuthentication no
PubkeyAuthentication yes
Port 22
X11Forwarding no
PermitRootLogin no
GatewayPorts no
AllowTcpForwarding yes
PermitOpen any
PidFile /config/sshd.pid
Subsystem sftp /usr/lib/ssh/sftp-server -u 022
AllowUsers sqlproxy

8
script/sqlproxy.sh Executable file
View file

@ -0,0 +1,8 @@
#!/usr/bin/env sh
# ensure permissions
chown sqlproxy:sqlproxy /etc/ssh
chown -R sqlproxy:sqlproxy /etc/ssh/.ssh
chmod 0700 /etc/ssh/.ssh
chmod 0600 /etc/ssh/.ssh/authorized_keys
source ./hostman.sh

18
sqlproxy_setup.sh Executable file
View file

@ -0,0 +1,18 @@
if [ ! -f ./etc/ssh/ssh_host_ed25519_key ]
then
echo "Generating sqlproxy SSHD keys"
ssh-keygen -f ./ -A
fi
read -r -p "Auto generate client keys+config? [Y/n] " GEN_KEYS
case $GEN_KEYS in
[yY]*)
mkdir -p ~/.ssh
read -r -p "Key Name (should not already exist in ~/.ssh): " KEY_NAME
ssh-keygen -t ed25519 -f ~/.ssh/$KEY_NAME.key
read -r -p "Target Host: " HOST_NAME
echo -ne "\n\nHost $HOST_NAME\n User sqlproxy\n IdentityFile ~/.ssh/$KEY_NAME.key" >> ~/.ssh/config
cat ~/.ssh/$KEY_NAME.key.pub >> ./etc/ssh/.ssh/authorized_keys
break;;
*) echo "Not generating client ssh key.\nPlease put your desired public keys into ./etc/ssh/.ssh/authorized_keys";;
esac