I am running PhpMyAdmin using Docker on my local machine with docker-compose. On remote server i'm using mysql user who can only access from localhost which is why i need ssh tunneling.
version: '3.1'
services:
phpmyadmin:
image: phpmyadmin
restart: always
ports:
- 8080:80
environment:
- PMA_ARBITRARY=1
volumes:
- /usr/local/etc/php/php.ini:/php-make/upload.ini
- ./config.inc.php:/etc/phpmyadmin/config.inc.php
networks:
- host
networks:
host:
Since i'm using host network, docker container should be aware of local port forwarding (not really sure about this tho, but i couldn't find much information online on how host network actually works).
SSH config
host remote-server-name
HostName remote-server-ip
User user
IdentityFile path-to-ssh-key
ForwardAgent yes
LocalForward 3306 127.0.0.1:3306
After i do ssh to remote server there should be a tunnel on my local machine on port 3306 that is pointing to 3306 on remote server. Here is netstat -tulpn to confirm that:
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 17506/ssh
Server choice configuration for PhpMyAdmin (phpmyadmin.config.inc)
$cfg['Servers'][$i]['verbose'] = 'remote-server-name';
$cfg['Servers'][$i]['host'] = '127.0.0.1';
$cfg['Servers'][$i]['port'] = '3306';
$cfg['Servers'][$i]['connect_type'] = 'tcp';
$cfg['Servers'][$i]['extension'] = 'mysqli';
$cfg['Servers'][$i]['auth_type'] = 'cookie';
$cfg['Servers'][$i]['AllowNoPassword'] = false;
$cfg['LoginCookieValidity'] = 24*60*60*30;
After i choose remote-server-name in server choice i get the following message
mysqli::real_connect(): (HY000/2002): Connection refused
which means mysql user in not allowed to access from given ip address (in this case my public ip) and i guess that's because docker container is not using ssh tunneling from my local machine even if i'm using host network (which again i'm not sure what it actually does).
Anyone got any ideas what i'm doing wrong?
CodePudding user response:
You need to change your service configuration to say
services:
phpmyadmin:
network_mode: host
# and not networks:
The configuration you have creates a Compose network that happens to be named host
, but it's not "the host network".
You may be able to use a different approach to connect to the ssh tunnel; also see From inside of a Docker container, how do I connect to the localhost of the machine?. In particular, if you're on a MacOS or Windows host, host networking just doesn't work (you connect to the "host network" of a hidden Linux VM) and you'll need to use the special host.docker.internal
host name instead of localhost
. For this you don't need any special networks:
or network_mode:
option at all.
You might need to change the settings of the ssh tunnel listener for this to work. The 127.0.0.1:3306
setting binds to the host's localhost interface, but at least on native Linux the request will actually arrive from the docker0
interface. Setting the tunnel listener to listen on 0.0.0.0:3306
will solve this problem but also will allow others on the network to connect to the forwarded database. There's not a trivial solution for this.