Issue
Question 1
I'm looking for a way to SSH into my running container or the hosting VM in Azure App Service for Docker Containers (Linux). I've read the doc for enabling SSH when configuring a custom container and this question. However, both links requires me to install openssh
in my image:
# Install OpenSSH and set the password for root to "Docker!". In this example, "apk add" is the install instruction for an Alpine Linux-based image.
RUN apk add openssh \
&& echo "root:Docker!" | chpasswd
# Copy the sshd_config file to the /etc/ssh/ directory
COPY sshd_config /etc/ssh/
# Open port 2222 for SSH access
EXPOSE 80 2222
I don't want this for my image as it may introduce security issues. Can I connect directly to the VM that hosts my containers and do something like docker exec -it <container name> /bin/bash
?
Question 2
If I do install openssh
and SSH into the container this way, what happens if I have auto-scaling and multiple instances/containers running, which container am I SSHing into?
Solution
Can I connect directly to the VM that hosts my containers and do something like docker exec -it /bin/bash?
Of course not. You can connect directly to the host of the containers. Actually, the host is the app service plan that the app service host in. And I think you know the app service plan can't be connected to.
If I do install openssh and SSH into the container this way, what happens if I have auto-scaling and multiple instances/containers running, which container am I SSHing into?
When you enable the SSH for the containers, you then ssh into the container, not the service plan instance, so if you scale up the service plan, it does not make any affection for you to ssh into the containers. And if you enable SSH for multiple containers in the app service, then you can ssh into all the containers. But there is one thing you need to know. The first you ssh into is the frontend, and you can ssh into others through the service name with port 2222. For example, the docker-compose.yml looks like this:
version: '3.3'
services:
frontend:
image: xxxxxx
...
backend:
image: xxxxxx
...
Then you first ssh into the frontend, and you can also ssh into the backend inside the frontend container:
ssh backend -p 2222
Answered By - Charles Xu