I have these needs from time to time in the web container:
ssh to a server from inside the web container
Use git to a private repository inside the web container
Use rsync (like ddev drush rsync)
Use ddev composer with access to private repositories
So how can I get my keys into the container?
DDEV supports having your ssh keys in the container without mounting them there, using an ssh-agent inside docker.
You can authenticate and add your keys via ddev auth ssh, and they will then be available from every project. This works for ssh from inside the container, private composer repositories, and drush rsync.
See https://ddev.readthedocs.io/en/stable/users/basics/cli-usage/#ssh-into-containers for docs.
Related
I have a machine with multiple docker containers for a project that I am developing and I just set up a new docker container running Gitlab-Runner inside it.
I need to run a few commands on all the other docker-containers whenever a commit is issued, is there anyway for the runner inside the Gitlab-Runner to access the other containers and tell them to execute commands or even restart them?
We currently don't use SSH keys to access this server that has all the docker containers, we use username and password.
The safe way (and easier than with passwords too) is start using SSH keys and access containers over network. Or at least issue commands to host over SSH from gitlab-runner.
Also, SOF seach returned this: manage containers from another container, docker
Looks legit.
I'm novice in docker and I would like to deploy a docker private registry on my host (Windows10 usign docker for windows) with users permissions so I used TLS to securite it according to the doc from https://docs.docker.com/registry/deploying/
I have the docker private registry deployed and to push the user must do docker login command.
Now, I would like to connect a UI to my private registry and make it read only to be able to pull and for that I tried to setup Harbor, Portus and many other examples but they are not documented for windows.
I tried to use this project https://github.com/kwk/docker-registry-frontend but same thing.
All of these projects they bind files in volumes docker run -v pathToFiles:pathToFiles:ro but in windows it is not supported.
I tries to make modification in images and put the files into them and build a new images with docker commit but the UI still not work or not connected to my server.
So, what is the best way to deploy a docker private registry with the docker registry open source in docker for windows AND manage user permissions with auth ? Should I use a reverse proxy ? but how on windows?
I'm not using docker EE.
Thank you.
We're trying to setup a GitLab Runner, which is resposible for building and testing our web application. For running the jobs we use the Docker executor with DinD.
Our problem is now: When trying to access certain services from inside the Runner Container (docker image) we get a timeout and no response back. It includes:
logging in to our own docker registry which is hosted on the same
system
wget on our domain (which is hosted on the same system)
What we can do:
ping our domain as well as the registry
ping other domains
wget other domains
Logging into the registry and wget our domain is successful when trying it native on the server and not in a docker container.
So it maybe looks like a docker problem.
Hope someone can help us.
If i declare docker secret on docker compose i'm not able to deploy in prd on remote docker machine secrets withous upload phisically secrets on remote machine. I think is not safe.
So, if i create manually secrets on remote docker machine how i can use by a container deployed by docker compose?
Secrets and other sensitive data can be uploaded via stdin over ssh, avoiding the need to copy the file to the remote server. I provided an example here: https://stackoverflow.com/a/53358618/2605742
This technique can be used to create secrets in swarm mode (even with a single-node swarm), or with docker compose, creating the containers without copying the docker-compose.yml file to the remote system.
I have a Spring Boot application set up to be a Spring Cloud Config server, and to pull the configuration from a Gitlab repository specified in the application.yml for the Spring Boot app. I'm using a deploy key on the Gitlab server.
This works running locally with the private key for the deploy key in my ~/.ssh directory.
I would like to run this app in Docker, and I want to use SSH forwarding instead of storing the private key from ~/.ssh in the Docker container.
I have installed ssh-agent on the Docker host and configured the following for the container in my docker-compose.yml:
volumes:
- $SSH_AUTH_SOCK:/ssh-agent
environment:
- SSH_AUTH_SOCK=/ssh-agent
I have a config file in ~/.ssh with the following:
Host mygitlabserver.com
Hostname mygitlabserver.com
StrictHostKeyChecking no
ForwardAgent yes
This all works if I SSH into the running Docker container and run a Git clone manually. But if I start the Spring Boot app in the container and try to pull configuration from Spring Cloud Config, I get this error in the Spring Boot apps logs:
java.lang.IllegalStateException: Cannot clone or checkout repository] with root cause com.jcraft.jsch.JSchException: Auth fail at com.jcraft.jsch.Session.connect
If I add the private key in ~/.ssh inside the Docker container instead of trying to use forwarding, the app is able to pull configuration from Git. Is there a way to get Spring Cloud Config to work inside Docker with the SSH forwarding?
If not, is there some other way to avoid storing the private key in ~/.ssh on the file system in the running Docker container?