我如何使用kingsquare和docker-compose从本地docker到远程数据库的SSH隧道工作 [英] How may I gett an SSH tunnel from local docker to remote DB working, using kingsquare and docker-compose

问题描述

我的新职责是将我们的项目移植到dockers中。这意味着每台开发人员机器上的本地代码以及登台服务器上的测试数据。目前，代码位于同一台服务器上，因此使用本地主机（127.0.0.1）连接到数据库。 docker当前正在部署并可以运行单元测试，在不需要数据库的情况下可以成功。

My new responsibility is porting our project into dockers. This means local code on each developer machine with test data on a staging server. At the moment, the code lives on the same server and thus uses local host (127.0.0.1) to connect to the database. The docker currently deploys and can run unit tests, which succeed in cases where no DB is required.

我已经尝试使用此处提供的答案：> https://github.com/phpmyadmin/docker/issues/99
在时间和各种尝试最终导致尝试从容器内部创建SSH隧道（）。我已返回尝试使用该服务，因为其他选项似乎更加复杂或不可靠。

I've tried using the answers provided here: https://github.com/phpmyadmin/docker/issues/99 which failed at the time and with a variety of different attempts eventually led to trying to create SSH tunnels from inside the container (How do I complete this SSH tunnel from local development docker to staging database) . I've returned to trying to use the service, as the other options seem to be even more complicated or unreliable.

我已返回使用kingsquare图像，该图像允许隧道传输，但我不知道$ {SSH_AUTH_SOCK}是什么或如何使用它。我尝试将其指向SSH密钥，但是（很明显）失败了。

I've returned to using the kingsquare image that allows tunnelling but I don't know what ${SSH_AUTH_SOCK} is or how to use it. I've tried pointing it at an SSH key but that (probably obviously) fails.

我已将整个docker-compose.yml包括在内，这是一个较早的错误，我没有注意到我现有的docker（app）中不包括网络引用。

I've included the whole docker-compose.yml, as an earlier mistake that I had not noticed is not including network reference in my existing docker (app) .

version: '3'
services:
    tunnels:
        image: kingsquare/tunnel
        volumes:
            - '${SSH_AUTH_SOCK}:/ssh-agent'
        command: '*:3306:localhost:3306 -vvv user@[myserver->the IP of the machine hosting the DB?] -i /.ssh/openssh_ironman_justin  -p 2302'
        networks:
            mynetwork:
                aliases:
                    - remoteserver
    app:
        build:
            context: .
            dockerfile: .docker/Dockerfile
            args:
                APP_PATH: ${APP_PATH}
        image: laravel-docker
        env_file: .env
        ports:
            - 8080:80
            # We need to expose 443 port for SSL certification.
            - "443:443"
        volumes:
            - .:/var/www/jumbledown
        networks:
            - mynetwork
networks:
    mynetwork:
        driver: bridge

在.env文件中，每个开发人员都具有以下内容，SSH隧道完成后，我需要更改它，以便它使用隧道DB组合：

In the .env file, every developer has the following, which I need to change once the SSH tunnel is completed so that it uses the tunnel-DB combination:

DB_HOST=127.0.0.1 # As per answer, this will change to the IP address of the server containing the database.  I'll leave the current localhost reference rather than displaying the IP address of the machine.
DB_PORT=3306
DB_DATABASE=[central database or sharded version for testing data changes]
DB_USERNAME=[username]
DB_PASSWORD=[password]

我希望能够在app容器中获取代码，从而能够使用远程服务器上的数据库

I'd like to be be able to get the code in the app container able to use the database on the remote server, with as little post-deployment complication as possible.

更新
我解决了端口问题。

Update I resolved a port issue.

更新2.5
，如果我使用
命令：'*：3306：localhost：3306 -vvv [username] @ [IP of数据库主机] -i [在我的PC上的密钥文件位置] / openssh_dev -p 2302'
，然后它确实建立了连接，但被拒绝：

Update 2.5 if I use command: '*:3306:localhost:3306 -vvv [username]@[IP of DB host] -i [location on my PC of key file]/openssh_dev -p 2302' then it does establish a connection but it gets turned down with:

tunnels_1  | debug1: Trying private key: /.ssh/openssh_ironman_justin
tunnels_1  | @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
tunnels_1  | @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
tunnels_1  | @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
tunnels_1  | Permissions 0755 for '/.ssh/openssh_dev ' are too open.
tunnels_1  | It is required that your private key files are NOT accessible by others.
tunnels_1  | This private key will be ignored.

但是如何更改已安装文件的权限？可以通过Dockerfile来完成，还是必须在开始之前就已经存在？

But how do I change the permissions of a mounted file? Can it be done via Dockerfile, or must it already be present before that starts?

推荐答案

但是如何更改已挂载文件的权限？可以通过Dockerfile完成
，还是必须在启动之前就已经存在？

But how do I change the permissions of a mounted file? Can it be done via Dockerfile, or must it already be present before that starts?

Dockerfile用于创建图片。基于该映像的容器从主机上挂载目录，并保持相同的主机权限。

The Dockerfile is used to create the image. The container based on that image mounts the directory from your host machine and maintains the same host permissions.

您可以更改主机上文件的权限，Docker将使用容器中的权限相同。

You can change the permissions of the file on your host, Docker will use the same permissions in the container.

这篇关于我如何使用kingsquare和docker-compose从本地docker到远程数据库的SSH隧道工作的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！