From 88ac7f12e8669fa726aa18ebf1fc25175fad1ba8 Mon Sep 17 00:00:00 2001 From: Ian Fijolek Date: Mon, 24 Jun 2019 14:43:17 -0700 Subject: [PATCH] Allow multiple tunnels --- Readme.md | 42 ++++++++++++++++++++++++++++++++++++++- docker-compose-client.yml | 4 ++-- mole/start.sh | 23 +++++++++++++++++---- 3 files changed, 62 insertions(+), 7 deletions(-) diff --git a/Readme.md b/Readme.md index a1fcdda..859fe18 100644 --- a/Readme.md +++ b/Readme.md @@ -4,8 +4,48 @@ Example bridging connections across two distinct Docker networks using [`mole`]( My real use case is something like a remote LDAP server that I don't want to expose to the public internet and some metrics servers only available behind a VPN. This setup will allow me to create a proxy container on a host that will act as a local LDAP or HTTP server. -If I get time, I'll draw a diagram as well. +Eg. + +``` ++----------+ +----------+ +----------+ +| | | | | | +| | | Firewall | | | +| | | | | | +| Local | tunnel +----------+ tunnel | Remote | +| Computer |--------------------------------| SSH | +| | +----------+ | Server | +| | | | | | +| | | Firewall | | | +| | | | | | ++----------+ +----------+ +----------+ + | + | + | tunnel + | + | + +----------+ + | | + | | + | | + | | + | Remote | + | Service | + | | + | | + | | + +----------+ +``` ## Running Requires you to provide your own ssh keys as well as provide the local machine IP address + +Dockamole is configured using environment variables: + + # Required + MOLE_LOCAL_? indexed local host and port + MOLE_REMOTE_? indexed remote host and port + MOLE_SERVER ssh server to connect to + # Optional + MAX_TUNNELS number of tunnels allowed (default 10) + SSH_KEY path to ssh private key that should be used (default ~/.ssh/id_rsa) diff --git a/docker-compose-client.yml b/docker-compose-client.yml index 7a215f7..083b608 100644 --- a/docker-compose-client.yml +++ b/docker-compose-client.yml @@ -10,7 +10,7 @@ services: # This key must be provided - ./id_rsa_proxy:/mole/.ssh/id_rsa environment: - - MOLE_LOCAL=0.0.0.0:8080 - - MOLE_REMOTE=web:8080 + - MOLE_LOCAL_1=0.0.0.0:8080 + - MOLE_REMOTE_1=web:8080 # IP address is the local address of the server. This is to show that it's connecting outside the bridge network - MOLE_SERVER=mole@10.255.52.39:2222 diff --git a/mole/start.sh b/mole/start.sh index 2b1d925..2131e8e 100755 --- a/mole/start.sh +++ b/mole/start.sh @@ -1,8 +1,23 @@ -#! bin/bash +#! /bin/bash + +# Executes mole using local and remotes from env variables + +local_remote="" +for i in `seq ${MAX_TUNNELS:-10}`; do + local_name=MOLE_LOCAL_$i + remote_name=MOLE_REMOTE_$i + if [ ! -z "${!local_name}" ] && [ ! -z "${!remote_name}" ]; then + local_remote="$local_remote -local ${!local_name} -remote ${!remote_name}" + fi +done + +if [ -z "$local_remote" ]; then + echo "Must provide at least one local and remote via MOLE_LOCAL_1 and MOLE_REMOTE_1" + exit 1 +fi mole -v \ - -local ${MOLE_LOCAL} \ - -remote ${MOLE_REMOTE} \ + $local_remote \ -server ${MOLE_SERVER} \ - -key ~/.ssh/id_rsa \ + -key ${SSH_KEY:-~/.ssh/id_rsa} \ -insecure