如何将 SSH 隧道反向到 Xdebug 的远程 docker 容器? [英] How to reverse SSH tunnel to remote docker container for Xdebug?
问题描述
在 SO 和其他地方有很多关于如何设置的帖子.到目前为止,我一直没有成功让它发挥作用.
There are many posts on SO and elsewhere on how to set this up. So far I've been unsuccessful in getting it working.
设置
本地机器 - Windows 10,安装了 Cygwin、git bash 和 WSL2 并安装了 Ubuntu;和 MacBook Air(莫哈韦沙漠)
主机 - 运行 Amazon Linux 2 的 AWS EC2 实例
Docker 容器 - CentOS 7.8 使用 Xdebug 运行 PHP
Setup
Local machine - Windows 10, with Cygwin, git bash, and WSL2 with Ubuntu installed; and MacBook Air (Mojave)
Host machine - AWS EC2 instance running Amazon Linux 2
Docker container - CentOS 7.8 running PHP with Xdebug
目标
利用从本地机器到容器的反向隧道,从本地机器远程调试容器中的 PHP 代码.
Goal
Remotely debug PHP code in container from local machine by utilizing a reverse tunnel from the local machine to the container.
我以前在主机上本地安装 PHP 代码时就已经开始工作了,所以问题不在于 Xdebug.一旦我将 PHP 代码移动到容器中,调试就不再起作用.
I have gotten this working before when the PHP code was installed locally on the host machine, so the question is not around Xdebug. As soon as I moved the PHP code into the container, debugging no longer works.
我的尝试
设置从本地机器到主机 EC2 实例的反向隧道有效.为此,我正在执行 ssh -vvv -i "aws.pem";-R 9000:localhost:9000 user@ec2instance
在终端、cygwin 或 git bash 中并使用 nc -z localhost 9000 || 测试在主机上回显没有隧道打开"
.
What I've tried
Setting up a reverse tunnel from the local machine to the host EC2 instance works. For this I'm doing ssh -vvv -i "aws.pem" -R 9000:localhost:9000 user@ec2instance
in terminal, cygwin, or git bash and testing with nc -z localhost 9000 || echo 'no tunnel open'
on the host machine.
当我docker exec -it container bash
进入容器并运行nc时,隧道不可用.
When I docker exec -it container bash
into the container and run nc, the tunnel is not available.
我正在使用 docker-compose:
I'm using docker-compose:
version: '2'
services:
web:
image: 'privateregistry/project/container:latest'
restart: always
container_name: web
ports:
- '8082:80'
- '447:443'
- '9000:9000'
volumes:
- '.:/var/www/project'
我尝试过映射 9000 端口和不映射 9000 端口.我尝试了 ssh 隧道的变体:
I have tried with and without mapping the 9000 port. I have tried variations of the ssh tunnel:
ssh -vvv -i "aws.pem";-R :9000:localhost:9000 user@ec2instance
ssh -vvv -i "aws.pem";-R 0.0.0.0:9000:localhost:9000 user@ec2instance
ssh -vvv -i "aws.pem";-R \*:9000:localhost:9000 user@ec2instance
ssh -vvv -i "aws.pem";-R 9000:172.20.0.2:9000 user@ec2instance
(容器IP)
我也试过使用 ssh -L
没有运气.
I've also tried using ssh -L
with no luck.
几个帖子,像这样一个建议添加GatewayPorts yes
在主机上.我也试过了,没有任何变化.
Several posts, like this one suggest adding GatewayPorts yes
on the host machine. I've tried this as well with no change.
我没有尝试使用 --network=host
,主要是出于安全考虑.我也不想使用 ngrok,因为我希望能够将 localhost 或 host.docker.internal
用于 xdebug.remote_host
设置.
I have not tried using --network=host
, primarily due to security concerns. I also would rather not use ngrok, as I'd like to be able to use localhost or host.docker.internal
for the xdebug.remote_host
setting.
为了完整起见,这是我对 Xdebug 的看法:
For completeness, here is what I have for Xdebug:
[XDebug]
xdebug.remote_enable=1
xdebug.remote_autostart=1
xdebug.remote_handler="dbgp"
xdebug.remote_port=9000
xdebug.remote_host="host.docker.internal"
;xdebug.remote_connect_back=1
xdebug.idekey = VSCODE
xdebug.remote_log = "/var/log/xdebug.log"
推荐答案
我成功了.在阅读 ssh 手册页并再次查看内容后,我意识到我绑定的是 docker 容器 IP,而不是网桥 (docker0) IP.
I got this working. After reading up on the ssh man page and looking over things again, I realized I was binding to the docker container IP not the bridge (docker0) IP.
我将连接命令更新为 ssh -vvv -i "aws.pem";-R 9000:172.17.0.1:9000 user@ec2instance
使用正确的 IP 和隧道开始工作.我仍然启用了 GatewayPorts(根据手册页)并删除了 9000:9000 映射.
I updated my connect command to ssh -vvv -i "aws.pem" -R 9000:172.17.0.1:9000 user@ec2instance
with the right IP and the tunnel started working. I do still have GatewayPorts enabled (per the man page) and removed the 9000:9000 mapping.
然后我将我的 xdebug.remote_host 值更新为相同的 IP 并且调试现在正在工作.不知道为什么 host.docker.internal 不起作用,但那是另一天.
I then updated my xdebug.remote_host value to the same IP and debugging is now working. Not sure why host.docker.internal didn't work, but that's for another day.
这篇关于如何将 SSH 隧道反向到 Xdebug 的远程 docker 容器?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!