samply
/
bridgehead
mirror of https://github.com/samply/bridgehead.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

feat: ssh tunnel (#292) 

* Added ccp module for a ssh tunnel

Usage details under https://github.com/samply/ssh-tunnel

* chore: update ssh-tunnel image to harbor

* feat: ssh tunnel support diffrent port

* chore: fix indentation

* chore: move to top level modules

* docs: add ssh-tunnel docs

---------

Co-authored-by: Tobias Kussel <tobias.kussel@dkfz-heidelberg.de>
This commit is contained in:
Jan 2025-04-14 10:45:15 +02:00 committed by GitHub
parent 973547c322
commit 2ddd535794
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 42 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
modules/ssh-tunnel-compose.yml Normal file
View File

@ -0,0 +1,17 @@
version: "3.7"
services:
ssh-tunnel:
image: docker.verbis.dkfz.de/cache/samply/ssh-tunnel
container_name: bridgehead-ccp-ssh-tunnel
environment:
SSH_TUNNEL_USERNAME: "${SSH_TUNNEL_USERNAME}"
SSH_TUNNEL_HOST: "${SSH_TUNNEL_HOST}"
SSH_TUNNEL_PORT: "${SSH_TUNNEL_PORT:-22}"
volumes:
- "/etc/bridgehead/ssh-tunnel.conf:/ssh-tunnel.conf:ro"
secrets:
- privkey
secrets:
privkey:
file: /etc/bridgehead/pki/ssh-tunnel.priv.pem

6
modules/ssh-tunnel-setup.sh Normal file
View File

@ -0,0 +1,6 @@
#!/bin/bash
if [ -n "$ENABLE_SSH_TUNNEL" ]; then
log INFO "SSH Tunnel setup detected -- will start SSH Tunnel."
OVERRIDE+=" -f ./$PROJECT/modules/ssh-tunnel-compose.yml"
fi

19
modules/ssh-tunnel.md Normal file
View File

@ -0,0 +1,19 @@
# SSH Tunnel Module
This module enables SSH tunneling capabilities for the Bridgehead installation.
The primary use case for this is to connect bridgehead components that are hosted externally due to security concerns.
To connect the new components to the locally running bridgehead infra one is supposed to write a docker-compose.override.yml changing the urls to point to the corresponding forwarded port of the ssh-tunnel container.
## Configuration Variables
- `ENABLE_SSH_TUNNEL`: Required to enable the module
- `SSH_TUNNEL_USERNAME`: Username for SSH connection
- `SSH_TUNNEL_HOST`: Target host for SSH tunnel
- `SSH_TUNNEL_PORT`: SSH port (defaults to 22)
## Configuration Files
The module requires the following files to be present:
- `/etc/bridgehead/ssh-tunnel.conf`: SSH tunnel configuration file. Detailed information can be found [here](https://github.com/samply/ssh-tunnel?tab=readme-ov-file#configuration).
- `/etc/bridgehead/pki/ssh-tunnel.priv.pem`: The SSH private key used to connect to the `SSH_TUNNEL_HOST`. **Passphrases for the key are not supported!**