Allow multiple tunnels

Readme.md

@@ -4,8 +4,48 @@ Example bridging connections across two distinct Docker networks using [`mole`](
 
 My real use case is something like a remote LDAP server that I don't want to expose to the public internet and some metrics servers only available behind a VPN. This setup will allow me to create a proxy container on a host that will act as a local LDAP or HTTP server.
 
-If I get time, I'll draw a diagram as well.
+Eg.
+
+```
++----------+          +----------+          +----------+
+|          |          |          |          |          |
+|          |          | Firewall |          |          |
+|          |          |          |          |          |
+|  Local   |  tunnel  +----------+  tunnel  |  Remote  |
+| Computer |--------------------------------|   SSH    |
+|          |          +----------+          |  Server  |
+|          |          |          |          |          |
+|          |          | Firewall |          |          |
+|          |          |          |          |          |
++----------+          +----------+          +----------+
+                                                 |
+                                                 |
+                                                 | tunnel
+                                                 |
+                                                 |
+                                            +----------+
+                                            |          |
+                                            |          |
+                                            |          |
+                                            |          |
+                                            |  Remote  |
+                                            |  Service |
+                                            |          |
+                                            |          |
+                                            |          |
+                                            +----------+
+```
 
 ## Running
 
 Requires you to provide your own ssh keys as well as provide the local machine IP address
+
+Dockamole is configured using environment variables:
+
+    # Required
+    MOLE_LOCAL_?        indexed local host and port
+    MOLE_REMOTE_?       indexed remote host and port
+    MOLE_SERVER         ssh server to connect to
+    # Optional
+    MAX_TUNNELS         number of tunnels allowed (default 10)
+    SSH_KEY             path to ssh private key that should be used (default ~/.ssh/id_rsa)

docker-compose-client.yml

@@ -10,7 +10,7 @@ services:
       # This key must be provided
       - ./id_rsa_proxy:/mole/.ssh/id_rsa
     environment:
-      - MOLE_LOCAL=0.0.0.0:8080
-      - MOLE_REMOTE=web:8080
+      - MOLE_LOCAL_1=0.0.0.0:8080
+      - MOLE_REMOTE_1=web:8080
         # IP address is the local address of the server. This is to show that it's connecting outside the bridge network
       - MOLE_SERVER=mole@10.255.52.39:2222

mole/start.sh

@@ -1,8 +1,23 @@
-#! bin/bash
+#! /bin/bash
+
+# Executes mole using local and remotes from env variables
+
+local_remote=""
+for i in `seq ${MAX_TUNNELS:-10}`; do
+    local_name=MOLE_LOCAL_$i
+    remote_name=MOLE_REMOTE_$i
+    if [ ! -z "${!local_name}" ] && [ ! -z "${!remote_name}" ]; then
+        local_remote="$local_remote -local ${!local_name} -remote ${!remote_name}"
+    fi
+done
+
+if [ -z "$local_remote" ]; then
+    echo "Must provide at least one local and remote via MOLE_LOCAL_1 and MOLE_REMOTE_1"
+    exit 1
+fi
 
 mole -v \
-    -local ${MOLE_LOCAL} \
-    -remote ${MOLE_REMOTE} \
+    $local_remote \
     -server ${MOLE_SERVER} \
-    -key ~/.ssh/id_rsa \
+    -key ${SSH_KEY:-~/.ssh/id_rsa} \
     -insecure