🌐 Improved documantation and added a new argument

BREAKING CHANGES: - Renamed `REMOTE_IP` to `GATEWAY_IP`
Kalitsune · Mar 28, 2023 · 789b221 · 789b221
1 parent df6d708
commit 789b221
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 22 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -12,7 +12,8 @@ ENV SSH_PORT=22
 ENV SSH_USER=root
 ENV CONTAINER_IP=127.0.0.1
 ENV CONTAINER_PORT=80
-ENV REMOTE_IP=""
+ENV GATEWAY_IP=""
+ENV REMOTE_IP="*"
 ENV REMOTE_PORT=80
 
 # Security fix for CVE-2016-0777 and CVE-2016-0778

diff --git a/README.md b/README.md
@@ -2,24 +2,21 @@
 
 Create a lightweight Alpine Linux based SSH tunnel to a host.  Uses pure SSH, no fluff.
 
-For single TCP port applications (database/webserver/debugging access) a SSH tunnel is far faster and simpler than using a VPN like OpenVPN; see this excellent [blog post](https://blog.backslasher.net/ssh-openvpn-tunneling.html) for more info.
+**Learn more about ssh tunneling [here](https://iximiuz.com/en/posts/ssh-tunnels/))**
 
-For example I use it to create a SSH tunnel from a GCP Kubernetes cluster into an on prem bastion host in order to talk to an on prem MySQL database; it SSHs onto the internal LAN and connects me to the internal on prem MySQL server.
-
-Inspired by https://github.com/iadknet/docker-ssh-client-light and [GCP CloudSQL Proxy](https://cloud.google.com/sql/docs/mysql/sql-proxy)
-
-**FORKED FROM jujhars13/docker-ssh-tunnel/** but reversed the tunnel direction. (more details about tunneling [here](https://iximiuz.com/en/posts/ssh-tunnels/))
+FORKED FROM jujhars13/docker-ssh-tunnel but reversed the tunnel direction. 
 
 ## Required Parameters
 
-| Variable           | Description                                                       | Required |
-| ------------------ | ----------------------------------------------------------------- | -------- |
-| `SSH_PORT`         | Port number for SSH (defaults to 22)                              | No       |
-| `SSH_USER`         | Username for the SSH connection (default: root)                   | No       |
-| `CONTAINER_IP`     | IP address of the container (default: 127.0.0.1)                  | No       |
-| `CONTAINER_PORT`   | The port you want to expose on the container (default: 80)        | No       |
-| `REMOTE_IP`        | IP/Domain of the machine that will expose your app (the host)     | Yes      |
-| `REMOTE_PORT`      | Remote port that will be exposed on the host (default: 80)        | No       |
+| Variable           | Description                                                   | default    |
+| ------------------ | ------------------------------------------------------------- | ---------- |
+| `SSH_PORT`         | Port number for SSH                                           | 22         |
+| `SSH_USER`         | Username for the SSH connection                               | root       |
+| `CONTAINER_IP`     | IP address of the container                                   | 127.0.0.1  |
+| `CONTAINER_PORT`   | The port you want to expose on the container                  | 80         |
+| `GATEWAY_IP`       | IP/Domain of the machine that will expose your app (the host) | (required) |
+| `REMOTE_PORT`      | Which port should sshd listen from on the gateway             | 80         |
+| `REMOTE_IP`        | Which IP should sshd listen from on the gateway (`*` for all) | *          |
 
 
 Note: Remember to inject/mount your private SSH key into the container to `/ssh_key/id_rsa`.

diff --git a/examples/docker-compose.yaml b/examples/docker-compose.yaml
@@ -14,7 +14,8 @@ services:
       - SSH_USER=proxy
       - CONTAINER_IP=nginx-hello
       - CONTAINER_PORT=80
-      - REMOTE_IP=openssh-server
+      - GATEWAY_IP=openssh-server
+      - REMOTE_IP=*
       - REMOTE_PORT=8080
 
   nginx-hello:

diff --git a/run.sh b/run.sh
@@ -6,22 +6,23 @@
 #   ENV SSH_USER=root
 #   ENV CONTAINER_IP=127.0.0.1
 #   ENV CONTAINER_PORT=80
-#   ENV REMOTE_IP=""
+#   ENV GATEWAY_IP=""
+#   ENV REMOTE_IP="*"
 #   ENV REMOTE_PORT=80
 
-if [ -z ${REMOTE_IP+x} ] ; then 
-    echo "please specify REMOTE_IP;"; 
+if [ -z ${GATEWAY_IP+x} ] ; then 
+    echo "please specify GATEWAY_IP;"; 
     exit 1
 fi
 
-echo "starting SSH Reverse proxy $CONTAINER_IP:$CONTAINER_PORT -> $REMOTE_IP:$REMOTE_PORT as $SSH_USER@$REMOTE_IP:$SSH_PORT"
+echo "starting SSH Reverse proxy $REMOTE_IP:$REMOTE_PORT -> $CONTAINER_IP:$CONTAINER_PORT as $SSH_USER@$GATEWAY_IP:$SSH_PORT"
 
 /usr/bin/ssh \
 -NTC -o ServerAliveInterval=60 \
 -o GatewayPorts=yes \
 -o ExitOnForwardFailure=yes \
 -o StrictHostKeyChecking=no \
--R *:$REMOTE_PORT:$CONTAINER_IP:$CONTAINER_PORT \
-$SSH_USER@$REMOTE_IP \
+-R $REMOTE_IP:$REMOTE_PORT:$CONTAINER_IP:$CONTAINER_PORT \
+$SSH_USER@$GATEWAY_IP \
 -p $SSH_PORT \
 -i /ssh_key/id_rsa