0

I need to SSH Tunnel into my Universities network to work on a project through a MySQL database (as opposed to physically being at school and using the network).

I can access the server with the following instructions (or via VSCode remote explorer):

ssh -L 4444:abc.university.ca:443 login.university.ca

ssh -p 4444 'your_username'@localhost

and am them prompted to enter my password.

I can also connect to the database from MySQL Workbench SSH Tunnel.

However I want to develop locally on my machine.

I have set up a Docker Container with an Apache PHP server so I don't have to manually copy my files to the server via the terminal.

Dockerfile

FROM php:7.2-apache
# Use the default production configuration
RUN mv "$PHP_INI_DIR/php.ini-production" "$PHP_INI_DIR/php.ini"
#get mysqli
RUN docker-php-ext-install mysqli
COPY src/ /var/www/html/

docker-compose.yml

version: "3.2"
services:
    web:
        build: php-apache
        container_name: php-apache-server
        ports:
          - "8080:80"

I am then trying to connect with the Database via connection.php

<?php 
/* DB Credentials */
$DB_SERVER = 'xxxxxxxxxxxx';
$DB_USERNAME = 'xxxxxxxxxx';
$DB_PASSWORD = 'xxxxxxxx';
$DB_NAME = 'xxxxxxxxx';
$PORT = xxxx;

/* Attempt to connect to MySQL database */
$link = mysqli_connect($DB_SERVER, $DB_USERNAME, $DB_PASSWORD, $DB_NAME);

// Check connection
if($link === false){
    die("ERROR: Could not connect. " . mysqli_connect_error());
}
?>

My problem is when I establish the SSH tunnel via the terminal, my application within the Docker container can not connect to the MySQL database. I am getting:

PHP Warning:  mysqli_connect(): php_network_getaddresses: getaddrinfo failed: Temporary failure in name resolution in /var/www/html/connection.php on line 11

My question is, how can I open the SSH tunnel from within my container, so my local apache-php server can connect to the database which is on my school's network?

halfer
  • 19,824
  • 17
  • 99
  • 186
praventz
  • 51
  • 10
  • You do one of two things - install ssh in your container or create an ssh container that your local container can link to. – Jay Blanchard Apr 01 '20 at 19:53
  • Please read: [Should we ever check for mysqli_connect() errors manually?](https://stackoverflow.com/q/58808332/1839439) – Dharman Apr 01 '20 at 20:47

2 Answers2

1

Well, I think that you would probably prefer to use VPN, versus an "SSH tunnel," but in any case the network-connection is going to be environmental: that is to say, "specific to the host environment, not to the Docker illusion."

If the tunnel exposes a specific known "host IP address," then the Docker bridge-network will be able to reach it.

Mike Robinson
  • 8,490
  • 5
  • 28
  • 41
0

To help with multiple hops and forwarding, in your .ssh/config

host uni
   hostname login.university.ca
   user  some_user

host abc
   hostname abc.university.ca
   port 443
   ProxyJump uni
   LocalForward localhost:3306 /var/lib/mysql/mysql.sock

Then $DB_SERVER=127.0.0.1 (localhost means local unix socket to mysql) to port 3306 from your docker container to utilize the local forwards to the remote server.

Other config tips for .ssh/config for less authenticating:

ControlMaster auto
ControlPath ~/.ssh/control-%r@%h:%p
ControlPersist 600
ServerAliveInterval 39
danblack
  • 12,130
  • 2
  • 22
  • 41