Initial commit
This commit is contained in:
commit
df0362c124
2
.gitignore
vendored
Normal file
2
.gitignore
vendored
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
id_rsa_proxy
|
||||||
|
id_rsa_proxy.pub
|
||||||
15
Makefile
Normal file
15
Makefile
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
.PHONY: default
|
||||||
|
default: remote client
|
||||||
|
|
||||||
|
.PHONY: remote
|
||||||
|
remote:
|
||||||
|
docker-compose -f ./docker-compose-remote.yml up -d
|
||||||
|
|
||||||
|
.PHONY: client
|
||||||
|
client:
|
||||||
|
docker-compose -f ./docker-compose-client.yml build
|
||||||
|
docker-compose -f ./docker-compose-client.yml up -d
|
||||||
|
|
||||||
|
.PHONY: logs
|
||||||
|
logs:
|
||||||
|
docker-compose -f ./docker-compose-client.yml logs -f
|
||||||
11
Readme.md
Normal file
11
Readme.md
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
# Dockamole
|
||||||
|
|
||||||
|
Example bridging connections across two distinct Docker networks using `mole`.
|
||||||
|
|
||||||
|
My real use case is something like a remote LDAP server that I don't want to expose to the public internet and some metrics servers only available behind a VPN. This setup will allow me to create a proxy container on a host that will act as a local LDAP or HTTP server.
|
||||||
|
|
||||||
|
If I get time, I'll draw a diagram as well.
|
||||||
|
|
||||||
|
## Running
|
||||||
|
|
||||||
|
Requires you to provide your own ssh keys as well as provide the local machine IP address
|
||||||
16
docker-compose-client.yml
Normal file
16
docker-compose-client.yml
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
version: '2.2'
|
||||||
|
|
||||||
|
services:
|
||||||
|
mole:
|
||||||
|
build: mole
|
||||||
|
ports:
|
||||||
|
# This is the port you will use to view the service: http://localhost:8880
|
||||||
|
- 8880:8080
|
||||||
|
volumes:
|
||||||
|
# This key must be provided
|
||||||
|
- ./id_rsa_proxy:/mole/.ssh/id_rsa
|
||||||
|
environment:
|
||||||
|
- MOLE_LOCAL=0.0.0.0:8080
|
||||||
|
- MOLE_REMOTE=web:8080
|
||||||
|
# IP address is the local address of the server. This is to show that it's connecting outside the bridge network
|
||||||
|
- MOLE_SERVER=mole@10.255.52.39:2222
|
||||||
20
docker-compose-remote.yml
Normal file
20
docker-compose-remote.yml
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
version: '2.2'
|
||||||
|
|
||||||
|
services:
|
||||||
|
proxy:
|
||||||
|
image: panubo/sshd
|
||||||
|
ports:
|
||||||
|
- "2222:22"
|
||||||
|
volumes:
|
||||||
|
# This key must be provided
|
||||||
|
- ./id_rsa_proxy.pub:/etc/authorized_keys/mole
|
||||||
|
environment:
|
||||||
|
- SSH_USERS=mole:101:101
|
||||||
|
|
||||||
|
web:
|
||||||
|
image: stefanscherer/whoami
|
||||||
|
expose:
|
||||||
|
- 8080
|
||||||
|
ports:
|
||||||
|
# This port is published to debug that the web server is actually running
|
||||||
|
- "8080:8080"
|
||||||
20
mole/Dockerfile
Normal file
20
mole/Dockerfile
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
# FROM golang
|
||||||
|
# RUN go get -u github.com/davrodpin/mole/cmd/mole
|
||||||
|
|
||||||
|
FROM alpine
|
||||||
|
RUN apk add bash curl tar
|
||||||
|
RUN bash -c "bash <(curl -fsSL https://raw.githubusercontent.com/davrodpin/mole/master/tools/install.sh | sed 's/\bsudo\b//g')"
|
||||||
|
|
||||||
|
RUN mkdir /mole
|
||||||
|
RUN adduser -S -h /mole mole
|
||||||
|
|
||||||
|
USER mole
|
||||||
|
|
||||||
|
RUN mkdir -p /mole/.ssh
|
||||||
|
RUN touch /mole/.ssh/config
|
||||||
|
|
||||||
|
# Should not be running as root
|
||||||
|
|
||||||
|
COPY ./start.sh ./
|
||||||
|
|
||||||
|
CMD ./start.sh
|
||||||
8
mole/start.sh
Executable file
8
mole/start.sh
Executable file
@ -0,0 +1,8 @@
|
|||||||
|
#! bin/bash
|
||||||
|
|
||||||
|
mole -v \
|
||||||
|
-local ${MOLE_LOCAL} \
|
||||||
|
-remote ${MOLE_REMOTE} \
|
||||||
|
-server ${MOLE_SERVER} \
|
||||||
|
-key ~/.ssh/id_rsa \
|
||||||
|
-insecure
|
||||||
Loading…
Reference in New Issue
Block a user