Stunnel/Docker: Difference between revisions
From charlesreid1
No edit summary |
|||
| Line 55: | Line 55: | ||
connect = 127.0.0.1:22 | connect = 127.0.0.1:22 | ||
</pre> | </pre> | ||
Note that an SSH service should be listening on port 22 on the server. | |||
==Build Container== | |||
Here is the Dockerfile: https://charlesreid1.com:3000/docker/d-stunnel/src/master/Dockerfile | |||
Now build: | |||
<pre> | |||
$ docker build -t cmr_stunnel . | |||
</pre> | |||
==Run Container== | |||
Once the container is ready, we will specify two networking details (see [[Docker/Networking]]): | |||
* Use the host's network interface in the Docker container (this prevents the host machine from needing a dedicated listener for the Docker image on port 22 and port 443) | |||
* Map the host's port 443 and port 22 to the internal Docker container's port 443 and port 22 | |||
<pre> | |||
$ docker run \ | |||
--network=host \ | |||
-p 443:443 -p 22:22 \ | |||
-ti cmr_stunnel \ | |||
/bin/bash | |||
</pre> | |||
==Connect via ssh over stunnel== | |||
Revision as of 01:07, 31 March 2017
This page explains how to use stunnel in a Docker container to serve up different kinds of traffic over an encrypted SSL connection.
ssh traffic over port 443 using stunnel on docker
Let's start with an example of how to forward SSH traffic from a client to a server over stunnel.
The goal here is to be able to SSH to a local port on the client, and have that connection transparently forwarded to the server:
[client] $ ssh -p 2222 root@localhost [server ~ via client] $ whoami root [server ~ via client] $ whoami
Set up client
Start by setting up the client. The client want s to ssh to local port 2222, so have stunnel listen for traffic on 2222. Next, we want to pass the traffic to the server using port 443, so we will use the notation <server IP>:<server port> to direct traffic to the stunnel server's port 443:
# client config, # will ssh directly to local port 2222 # ssh -p 2222 root@localhost # stunnel client connects to remote stunnel server at IP A.B.C.D over external port 443 output = /var/log/stunnel4/stunnel.log cert = /etc/stunnel/stunnel.fullchain.pem pid = /var/run/stunnel4/stunnel.pid client = yes [ssh] accept = 2222 connect = A.B.C.D:443
The client will also need a copy of the server's certificate file, which can be securely copied from the server.
Set up server
Start by setting up the server configuration file:
# server config, # stunnel server will listen for stunnel clients connecting on port 443 # traffic will be decrypted and forwarded to local port 22 output = /var/log/stunnel4/stunnel.log cert = /etc/stunnel/stunnel.fullchain.pem key = /etc/stunnel/stunnel.key.pem pid = /var/run/stunnel4/stunnel.pid client = no [ssh] accept = 443 connect = 127.0.0.1:22
Note that an SSH service should be listening on port 22 on the server.
Build Container
Here is the Dockerfile: https://charlesreid1.com:3000/docker/d-stunnel/src/master/Dockerfile
Now build:
$ docker build -t cmr_stunnel .
Run Container
Once the container is ready, we will specify two networking details (see Docker/Networking):
- Use the host's network interface in the Docker container (this prevents the host machine from needing a dedicated listener for the Docker image on port 22 and port 443)
- Map the host's port 443 and port 22 to the internal Docker container's port 443 and port 22
$ docker run \ --network=host \ -p 443:443 -p 22:22 \ -ti cmr_stunnel \ /bin/bash
Connect via ssh over stunnel
 |
docker notes on the virtual microservice container platform
Installing the docker platform: Docker/Installing Docker Hello World: Docker/Hello World
Creating Docker Containers: Getting docker containers from docker hub: Docker/Dockerhub Creating docker containers with dockerfiles: Docker/Dockerfiles Managing Dockerfiles using git: Docker/Dockerfiles/Git Setting up Python virtualenv in container: Docker/Virtualenv
Running docker containers: Docker/Basics Dealing with volumes in Docker images: Docker/Volumes Removing Docker images: Docker/Removing Images Rsync Docker Container: Docker/Rsync
Networking with Docker Containers:
|
|
docker pods pods are groups of docker containers that travel together
Docker pods are collections of Docker containers that are intended to run in concert for various applications.
Wireless Sensor Data Acquisition Pod The wireless sensor data acquisition pod deploys containers This pod uses the following technologies: Stunnel · Rsync · Apache · MongoDB · Python · Jupyter (numerical Python stack)
Deep Learning Pod This pod utilizes the following technologies: Python · Sklearn · Jupyter (numerical Python stack) · Keras · TensorFlow
|
 |
stunnel secure tunnel - create secure encrypted connections on any port to wrap any protocol
Using: Client: Stunnel/Client Server: Stunnel/Server Stunnel Over Docker: Stunnel/Docker Certificates: Stunnel/Certificates
Protocols: Stunnel/Rsync · Stunnel/SSH · Stunnel/Scp · Stunnel/HTTP · Stunnel/OpenVPN
Other Links: RaspberryPi/Headless · RaspberryPi/Reverse SSH Category:Stunnel · Category:SSH · Category:Networking
|