From df0362c124534a29387d203fd9b77027440e428c Mon Sep 17 00:00:00 2001 From: Ian Fijolek Date: Mon, 24 Jun 2019 12:46:33 -0700 Subject: [PATCH] Initial commit --- .gitignore | 2 ++ Makefile | 15 +++++++++++++++ Readme.md | 11 +++++++++++ docker-compose-client.yml | 16 ++++++++++++++++ docker-compose-remote.yml | 20 ++++++++++++++++++++ mole/Dockerfile | 20 ++++++++++++++++++++ mole/start.sh | 8 ++++++++ 7 files changed, 92 insertions(+) create mode 100644 .gitignore create mode 100644 Makefile create mode 100644 Readme.md create mode 100644 docker-compose-client.yml create mode 100644 docker-compose-remote.yml create mode 100644 mole/Dockerfile create mode 100755 mole/start.sh diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..dbc62ee --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +id_rsa_proxy +id_rsa_proxy.pub diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..ad25cd2 --- /dev/null +++ b/Makefile @@ -0,0 +1,15 @@ +.PHONY: default +default: remote client + +.PHONY: remote +remote: + docker-compose -f ./docker-compose-remote.yml up -d + +.PHONY: client +client: + docker-compose -f ./docker-compose-client.yml build + docker-compose -f ./docker-compose-client.yml up -d + +.PHONY: logs +logs: + docker-compose -f ./docker-compose-client.yml logs -f diff --git a/Readme.md b/Readme.md new file mode 100644 index 0000000..fae0e02 --- /dev/null +++ b/Readme.md @@ -0,0 +1,11 @@ +# Dockamole + +Example bridging connections across two distinct Docker networks using `mole`. + +My real use case is something like a remote LDAP server that I don't want to expose to the public internet and some metrics servers only available behind a VPN. This setup will allow me to create a proxy container on a host that will act as a local LDAP or HTTP server. + +If I get time, I'll draw a diagram as well. + +## Running + +Requires you to provide your own ssh keys as well as provide the local machine IP address diff --git a/docker-compose-client.yml b/docker-compose-client.yml new file mode 100644 index 0000000..7a215f7 --- /dev/null +++ b/docker-compose-client.yml @@ -0,0 +1,16 @@ +version: '2.2' + +services: + mole: + build: mole + ports: + # This is the port you will use to view the service: http://localhost:8880 + - 8880:8080 + volumes: + # This key must be provided + - ./id_rsa_proxy:/mole/.ssh/id_rsa + environment: + - MOLE_LOCAL=0.0.0.0:8080 + - MOLE_REMOTE=web:8080 + # IP address is the local address of the server. This is to show that it's connecting outside the bridge network + - MOLE_SERVER=mole@10.255.52.39:2222 diff --git a/docker-compose-remote.yml b/docker-compose-remote.yml new file mode 100644 index 0000000..4aa62bb --- /dev/null +++ b/docker-compose-remote.yml @@ -0,0 +1,20 @@ +version: '2.2' + +services: + proxy: + image: panubo/sshd + ports: + - "2222:22" + volumes: + # This key must be provided + - ./id_rsa_proxy.pub:/etc/authorized_keys/mole + environment: + - SSH_USERS=mole:101:101 + + web: + image: stefanscherer/whoami + expose: + - 8080 + ports: + # This port is published to debug that the web server is actually running + - "8080:8080" diff --git a/mole/Dockerfile b/mole/Dockerfile new file mode 100644 index 0000000..47fba25 --- /dev/null +++ b/mole/Dockerfile @@ -0,0 +1,20 @@ +# FROM golang +# RUN go get -u github.com/davrodpin/mole/cmd/mole + +FROM alpine +RUN apk add bash curl tar +RUN bash -c "bash <(curl -fsSL https://raw.githubusercontent.com/davrodpin/mole/master/tools/install.sh | sed 's/\bsudo\b//g')" + +RUN mkdir /mole +RUN adduser -S -h /mole mole + +USER mole + +RUN mkdir -p /mole/.ssh +RUN touch /mole/.ssh/config + +# Should not be running as root + +COPY ./start.sh ./ + +CMD ./start.sh diff --git a/mole/start.sh b/mole/start.sh new file mode 100755 index 0000000..2b1d925 --- /dev/null +++ b/mole/start.sh @@ -0,0 +1,8 @@ +#! bin/bash + +mole -v \ + -local ${MOLE_LOCAL} \ + -remote ${MOLE_REMOTE} \ + -server ${MOLE_SERVER} \ + -key ~/.ssh/id_rsa \ + -insecure