Article Directory
Reprinted from cpolar cloud article: SSH remote direct connection to Docker container
Under some special requirements, we want to directly connect to docker containers remotely through ssh. Here we introduce the realization of ssh remote direct connection to docker containers combined with the cpolar tool.
1. Download the docker image
This article downloads a tomcat image as an example, enter the command to pull the tomcat image:
docker pull tomcat
We downloaded the tomcat image, and the internal port of the tomcat container is 8080 by default. We mapped the internal port of the tomcat container to port 8088 of the host, and ran the image container.
docker run -it -d -p8088:8080 tomcat /bin/bash
Check the running container after running
docker ps -a
You can see that it has been running, and you can also see the container ID
2. Install ssh service
into the container
docker exec -it 容器ID /bin/bash
After entering the container, we install the ssh service, first update the package manager
apt-get update
install ssh service
apt-get install openssh-server
Install file editorvim
apt-get install vim
Set the SSH login password, the first time is to set the password, the second time is to confirm the password, enter twice
passwd
Modify the configuration file
vim /etc/ssh/sshd_config
Two places need to be modified:
First: Set the default port 22 of the ssh service to be consistent with the port of the container service. If we are a tomcat container, set it to 8080, because when we run the container, the internal port 8080 is mapped to the host's 8088 Port, so it needs to be consistent with the internal port of the container,
Second: PermitRootLogin prohibit-passwordChange to PermitRootLogin yes, enable login with password, save and exit after setting is complete
After the modification is complete, restart the ssh service
service ssh restart
3. Local LAN test
We have completed the settings above and installed the ssh service inside the container. Now we are going to test the LAN connection. The default user name is root, and the port number needs to be entered here. Port 8088 that we mapped to the host machine
ssh -p 8088 [email protected]
During the login process, you need to enter a password, that is, the password set above. After success, you can see that we have successfully entered the container
4. Install cpolar
To install cpolar, we install it on the host machine, without entering the container to install it
- Install commands using one-click scripts
curl -L https://www.cpolar.com/static/downloads/install-release-cpolar.sh | sudo bash
- Add a service to the system
sudo systemctl enable cpolar
- Start the cpolar service
sudo systemctl start cpolar
5. Configure the public network access address
After successfully starting the cpolar service, we visit the Linux LAN ip address + port 9200 on the browser, and log in to the cpolar web UI management interface.
cpolar official website address: https://www.cpolar.com
After successful login, click Tunnel Management on the left dashboard - Create Tunnel:
- Tunnel name: can be customized, be careful not to duplicate the existing tunnel name
- protocol: tcp
- Local address: 8088
- Domain name type: temporary random TCP port
- Region: Select China VIP
click创建
Then open the online tunnel list on the left, and view the public network address of the tcp connection generated just after the tunnel was created
6. SSH public network remote connection test
Use the ssh command line connection mode, note that the port after -p is the port corresponding to the public network address generated in cpolar
ssh -p 端口 root@公网地址
After execution, we can see that we have successfully entered the container, so that the ssh remote direct connection to the docker container is set up
7. Fixed connection public network address
It should be noted that the above steps use a random temporary tcp port address, and the generated public network address is a random temporary address, which will change randomly within 24 hours. Next, we configure a fixed TCP port address for it, which will not change, and there is no need to modify the address repeatedly every day after setting.
To configure a fixed tcp port address, you need to upgrade cpolar to a professional package or above.
Reserve a fixed tcp address
Log in to the cpolar official website , click on the reservation on the left, find the reserved tcp address, let's reserve a fixed tcp address for Minecraft:
- Region: Select China VIP
- Description: It is a note, which can be customized
click保留
After the address is successfully reserved, the system will generate a corresponding fixed public network address and copy it down
Open the cpolar web ui management interface, click on the tunnel management on the left dashboard - tunnel list, find the TCP tunnel we created above, and click on the right编辑
Modify the tunnel information and configure the successfully reserved fixed tcp address into the tunnel
- Port type: modified to fixed tcp port
- Reserved tcp address: fill in the address successfully reserved on the official website,
click更新
After the tunnel is successfully updated, click the status on the left dashboard - the list of online tunnels, and you can see that the public network address has been updated to a fixed tcp address.
8. SSH fixed address connection test
Enter the ssh connection command, use our above public network address and port, we can see that the connection is successful, and the fixed ssh remote direct connection to the docker container is set up
