Forward forwarded port in Docker

Question

I have some trouble forwarding ports that are LocalForward to the container via SSH Tunnel.

The whole network looks like this:

This is my Dockerfile for the GW Container:

FROM ubuntu:latest

RUN apt-get update \
  && apt-get install -y ssh \
  && apt-get clean

EXPOSE 80

COPY config /root/.ssh/config

ENTRYPOINT ["ssh", "app-server", "sleep infinity & wait"]

Related ssh config file:

Host vpn-gateway
 StrictHostKeyChecking no
 UserKnownHostsFile=/dev/null
 Hostname 10.20.30.40
 User matrix

Host app-server
 StrictHostKeyChecking no
 UserKnownHostsFile=/dev/null
 Hostname 20.30.40.50
 User matrix
 ProxyCommand ssh vpn-gateway nc %h %p %r
 LocalForward 80 30.40.50.60:1080

Now, I am using docker-compose for container orchestration with the following docker-compose.yml file:

version: "3.2"
services:
  gateway:
      container_name: gateway
      image: gateway
      build: ./docker/gateway
      volumes:
          - ~/.ssh/id_rsa:/root/.ssh/id_rsa
          - ~/.ssh/id_rsa.pub:/root/.ssh/id_rsa.pub
      ports:
        - 8080:80

So, the idea is that if I run wget from localhost: wget http://127.0.0.1:8080/api/health I will get a response from the API Server machine (30.40.50.60:1080). The problem is that I get reset:

--2018-06-25 07:19:26--  http://127.0.0.1:8080/api/health
Connecting to 127.0.0.1:8080... connected.
HTTP request sent, awaiting response... Read error (Connection reset by peer) in headers.
Retrying.

--2018-06-25 07:19:27--  (try: 2)  http://127.0.0.1:8080/api/health
Connecting to 127.0.0.1:8080... connected.
HTTP request sent, awaiting response... Read error (Connection reset by peer) in headers.
Retrying.

This could be caused by Docker not seeing any app using port 80 on the GW Container as mentioned here: https://serverfault.com/a/769583/292211

If I exec to the GW Container and run wget http://127.0.0.1:80/api/health I am getting a proper response.

Is there a way to cheat docker into thinking port 80 is available in the GW Container so it would allow me to forward port to the host? Or could any of these things be handled in a better way? All the mumbo-jumbo with SSH tunnels is due to third-party security restrictions.

Thanks!

score 1 · Accepted Answer · answered Jun 24 '18 at 20:28

1

I suspect that the issue is that the LocalForward bind address is localhost by default.

In order for arbitrary external connections to be accepted, you could try:

Host app-server    
    LocalForward 0.0.0.0:80 30.40.50.60:1080

answered Jun 24 '18 at 20:28

Greg

26
1

Forward forwarded port in Docker

1 Answers1