We all must have heard about docker. It was built to make development, testing, and delivery easier and faster than ever, while not sacrificing security and performance. Here at Astral Web, we use docker pretty often and we really love it.
Normally, when we’re building apps in a docker environment, we only allow incoming connections to services that we need. For a magento app, we usually only have port 443 exposed to the host machine (or internet if needed), and everything else (database, redis, elasticsearch) will never be available on the internet. However, there might be some cases where you will need to add some additional services and connect to it via the internet.
Last week we got a request to allow SSH connections to one of our dockerized magento applications in our shared development server so that some third-party developer can help with some debugging.
I personally don’t like to provide access to third party developers. So, when I really need to, I will do it super carefully. My other article will explain how to restrict SSH access on a traditional server environment.
Unlike in a traditional server, docker makes things easier. I can just add a few lines to docker-compose.yml file so I can enable SSH only for that specific docker container. Enjoy!
Via docker-compose.yml:
—
version: “2.1”
services:
openssh-server:
image: ghcr.io/linuxserver/openssh-server
container_name: openssh-server
hostname: openssh-server #optional
environment:
– PUID=1000
– PGID=1000
– TZ=Europe/London
– PUBLIC_KEY=yourpublickey #optional
– PUBLIC_KEY_FILE=/path/to/file #optional
– SUDO_ACCESS=false #optional
– PASSWORD_ACCESS=false #optional
– USER_PASSWORD=password #optional
– USER_PASSWORD_FILE=/path/to/file #optional
– USER_NAME=linuxserver.io #optional
volumes:
– /path/to/appdata/config:/config
ports:
– 2222:2222
restart: unless-stopped
Or, docker CLI:
docker run -d \
–name=openssh-server \
–hostname=openssh-server `#optional` \
-e PUID=1000 \
-e PGID=1000 \
-e TZ=Europe/London \
-e PUBLIC_KEY=yourpublickey `#optional` \
-e PUBLIC_KEY_FILE=/path/to/file `#optional` \
-e SUDO_ACCESS=false `#optional` \
-e PASSWORD_ACCESS=false `#optional` \
-e USER_PASSWORD=password `#optional` \
-e USER_PASSWORD_FILE=/path/to/file `#optional` \
-e USER_NAME=linuxserver.io `#optional` \
-p 2222:2222 \
-v /path/to/appdata/config:/config \
–restart unless-stopped \
ghcr.io/linuxserver/openssh-server
Main reference: https://github.com/linuxserver/docker-openssh-server