Initial commit

2019-06-24 12:46:33 -07:00 · 2019-06-24 12:46:33 -07:00 · df0362c124
commit df0362c124
7 changed files with 92 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,2 @@
+id_rsa_proxy
+id_rsa_proxy.pub
--- a/15
+++ b/15
@ -0,0 +1,15 @@
+.PHONY: default
+default: remote client
+
+.PHONY: remote
+remote:
+	docker-compose -f ./docker-compose-remote.yml up -d
+
+.PHONY: client
+client:
+	docker-compose -f ./docker-compose-client.yml build
+	docker-compose -f ./docker-compose-client.yml up -d
+
+.PHONY: logs
+logs:
+	docker-compose -f ./docker-compose-client.yml logs -f
--- a/Readme.md
+++ b/Readme.md
@ -0,0 +1,11 @@
+# Dockamole
+
+Example bridging connections across two distinct Docker networks using `mole`.
+
+My real use case is something like a remote LDAP server that I don't want to expose to the public internet and some metrics servers only available behind a VPN. This setup will allow me to create a proxy container on a host that will act as a local LDAP or HTTP server.
+
+If I get time, I'll draw a diagram as well.
+
+## Running
+
+Requires you to provide your own ssh keys as well as provide the local machine IP address
--- a/docker-compose-client.yml
+++ b/docker-compose-client.yml
@ -0,0 +1,16 @@
+version: '2.2'
+
+services:
+  mole:
+    build: mole
+    ports:
+      # This is the port you will use to view the service: http://localhost:8880
+      - 8880:8080
+    volumes:
+      # This key must be provided
+      - ./id_rsa_proxy:/mole/.ssh/id_rsa
+    environment:
+      - MOLE_LOCAL=0.0.0.0:8080
+      - MOLE_REMOTE=web:8080
+        # IP address is the local address of the server. This is to show that it's connecting outside the bridge network
+      - MOLE_SERVER=mole@10.255.52.39:2222
--- a/docker-compose-remote.yml
+++ b/docker-compose-remote.yml
@ -0,0 +1,20 @@
+version: '2.2'
+
+services:
+  proxy:
+    image: panubo/sshd
+    ports:
+      - "2222:22"
+    volumes:
+      # This key must be provided
+      - ./id_rsa_proxy.pub:/etc/authorized_keys/mole
+    environment:
+      - SSH_USERS=mole:101:101
+
+  web:
+    image: stefanscherer/whoami
+    expose:
+      - 8080
+    ports:
+      # This port is published to debug that the web server is actually running
+      - "8080:8080"
--- a/mole/Dockerfile
+++ b/mole/Dockerfile
@ -0,0 +1,20 @@
+# FROM golang
+# RUN go get -u github.com/davrodpin/mole/cmd/mole
+
+FROM alpine
+RUN apk add bash curl tar
+RUN bash -c "bash <(curl -fsSL https://raw.githubusercontent.com/davrodpin/mole/master/tools/install.sh | sed 's/\bsudo\b//g')"
+
+RUN mkdir /mole
+RUN adduser -S -h /mole mole
+
+USER mole
+
+RUN mkdir -p /mole/.ssh
+RUN touch /mole/.ssh/config
+
+# Should not be running as root
+
+COPY ./start.sh ./
+
+CMD ./start.sh
--- a/mole/start.sh
+++ b/mole/start.sh
@ -0,0 +1,8 @@
+#! bin/bash
+
+mole -v \
+    -local ${MOLE_LOCAL} \
+    -remote ${MOLE_REMOTE} \
+    -server ${MOLE_SERVER} \
+    -key ~/.ssh/id_rsa \
+    -insecure