Issue
My new responsibility is porting our project into dockers. This means local code on each developer machine with test data on a staging server. At the moment, the code lives on the same server and thus uses local host (127.0.0.1) to connect to the database. The docker currently deploys and can run unit tests, which succeed in cases where no DB is required.
I've tried using the answers provided here: https://github.com/phpmyadmin/docker/issues/99 which failed at the time and with a variety of different attempts eventually led to trying to create SSH tunnels from inside the container (How do I complete this SSH tunnel from local development docker to staging database) . I've returned to trying to use the service, as the other options seem to be even more complicated or unreliable.
I've returned to using the kingsquare image that allows tunnelling but I don't know what ${SSH_AUTH_SOCK} is or how to use it. I've tried pointing it at an SSH key but that (probably obviously) fails.
I've included the whole docker-compose.yml, as an earlier mistake that I had not noticed is not including network reference in my existing docker (app) .
version: '3'
services:
tunnels:
image: kingsquare/tunnel
volumes:
- '${SSH_AUTH_SOCK}:/ssh-agent'
command: '*:3306:localhost:3306 -vvv user@[myserver->the IP of the machine hosting the DB?] -i /.ssh/openssh_ironman_justin -p 2302'
networks:
mynetwork:
aliases:
- remoteserver
app:
build:
context: .
dockerfile: .docker/Dockerfile
args:
APP_PATH: ${APP_PATH}
image: laravel-docker
env_file: .env
ports:
- 8080:80
# We need to expose 443 port for SSL certification.
- "443:443"
volumes:
- .:/var/www/jumbledown
networks:
- mynetwork
networks:
mynetwork:
driver: bridge
In the .env file, every developer has the following, which I need to change once the SSH tunnel is completed so that it uses the tunnel-DB combination:
DB_HOST=127.0.0.1 # As per answer, this will change to the IP address of the server containing the database. I'll leave the current localhost reference rather than displaying the IP address of the machine.
DB_PORT=3306
DB_DATABASE=[central database or sharded version for testing data changes]
DB_USERNAME=[username]
DB_PASSWORD=[password]
I'd like to be be able to get the code in the app container able to use the database on the remote server, with as little post-deployment complication as possible.
Update I resolved a port issue.
Update 2.5
if I use
command: '*:3306:localhost:3306 -vvv [username]@[IP of DB host] -i [location on my PC of key file]/openssh_dev -p 2302'
then it does establish a connection but it gets turned down with:
tunnels_1 | debug1: Trying private key: /.ssh/openssh_ironman_justin
tunnels_1 | @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
tunnels_1 | @ WARNING: UNPROTECTED PRIVATE KEY FILE! @
tunnels_1 | @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
tunnels_1 | Permissions 0755 for '/.ssh/openssh_dev ' are too open.
tunnels_1 | It is required that your private key files are NOT accessible by others.
tunnels_1 | This private key will be ignored.
But how do I change the permissions of a mounted file? Can it be done via Dockerfile, or must it already be present before that starts?
Solution
But how do I change the permissions of a mounted file? Can it be done via Dockerfile, or must it already be present before that starts?
The Dockerfile is used to create the image. The container based on that image mounts the directory from your host machine and maintains the same host permissions.
You can change the permissions of the file on your host, Docker will use the same permissions in the container.
Answered By - Arik Answer Checked By - Candace Johnson (WPSolving Volunteer)