Home > front end >  Using local SSH tunneling with Docker (PhpMyAdmin) - Connection refused
Using local SSH tunneling with Docker (PhpMyAdmin) - Connection refused

Time:04-27

I am running PhpMyAdmin using Docker on my local machine with docker-compose. On remote server i'm using mysql user who can only access from localhost which is why i need ssh tunneling.

version: '3.1'

services:
  phpmyadmin:
    image: phpmyadmin
    restart: always
    ports:
      - 8080:80
    environment:
      - PMA_ARBITRARY=1
    volumes:
      - /usr/local/etc/php/php.ini:/php-make/upload.ini
      - ./config.inc.php:/etc/phpmyadmin/config.inc.php
    networks:
      - host

networks:
  host:

Since i'm using host network, docker container should be aware of local port forwarding (not really sure about this tho, but i couldn't find much information online on how host network actually works).

SSH config

host remote-server-name
    HostName remote-server-ip
    User user
    IdentityFile path-to-ssh-key
    ForwardAgent yes
    LocalForward 3306 127.0.0.1:3306

After i do ssh to remote server there should be a tunnel on my local machine on port 3306 that is pointing to 3306 on remote server. Here is netstat -tulpn to confirm that:

tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      17506/ssh

Server choice configuration for PhpMyAdmin (phpmyadmin.config.inc)

$cfg['Servers'][$i]['verbose'] = 'remote-server-name';
$cfg['Servers'][$i]['host'] = '127.0.0.1';
$cfg['Servers'][$i]['port'] = '3306';
$cfg['Servers'][$i]['connect_type'] = 'tcp';
$cfg['Servers'][$i]['extension'] = 'mysqli';
$cfg['Servers'][$i]['auth_type'] = 'cookie';
$cfg['Servers'][$i]['AllowNoPassword'] = false;
$cfg['LoginCookieValidity'] = 24*60*60*30;

After i choose remote-server-name in server choice i get the following message

mysqli::real_connect(): (HY000/2002): Connection refused

which means mysql user in not allowed to access from given ip address (in this case my public ip) and i guess that's because docker container is not using ssh tunneling from my local machine even if i'm using host network (which again i'm not sure what it actually does).

Anyone got any ideas what i'm doing wrong?

CodePudding user response:

You need to change your service configuration to say

services:
  phpmyadmin:
    network_mode: host
    # and not networks:

The configuration you have creates a Compose network that happens to be named host, but it's not "the host network".


You may be able to use a different approach to connect to the ssh tunnel; also see From inside of a Docker container, how do I connect to the localhost of the machine?. In particular, if you're on a MacOS or Windows host, host networking just doesn't work (you connect to the "host network" of a hidden Linux VM) and you'll need to use the special host.docker.internal host name instead of localhost. For this you don't need any special networks: or network_mode: option at all.

You might need to change the settings of the ssh tunnel listener for this to work. The 127.0.0.1:3306 setting binds to the host's localhost interface, but at least on native Linux the request will actually arrive from the docker0 interface. Setting the tunnel listener to listen on 0.0.0.0:3306 will solve this problem but also will allow others on the network to connect to the forwarded database. There's not a trivial solution for this.

  • Related