DEV Community

Ngon
Ngon

Posted on

How to connect to a database inside a docker

#docker #ssh #database

If you host your database on a VPS and using docker. You do not want to map your database port to the VPS port. Example your docker-compose.yml is:

version: '3.1'
services:
  your_db:
    image: mysql:8.0.31
    container_name: your_db
    restart: always
    networks:
      main_default:
    env_file:
      - ./db.env
    volumes:
      - ./volumes/your_db:/var/lib/mysql
Enter fullscreen mode Exit fullscreen mode

And you want to connect to this database from your local machine. Here is the way:

With above docker-compose file, we can't connect to to mysql database from your local machine, also from the VPS. However, if we have another docker container also in that docker compose file, it can connect to mysql using port 3306.
Here's the thing we will do:

  • We will add new docker container with ssh server installed. We open ssh port to a random port. We also need to enable tcp forwarding in ssh configuration. I already created an image and push to docker hub, let's use my image and update above docker-compose.yml to 
version: '3.1'
services:
  ssh:
    container_name: ssh
    image: trngon/alpine-ssh
    ports:
      - "1234:22"
    volumes:
      - ./your-ssh-dir:/root/.ssh
    restart: always
  your_db:
    image: mysql:8.0.31
    container_name: your_db
    restart: always
    networks:
      main_default:
    env_file:
      - ./db.env
    volumes:
      - ./volumes/your_db:/var/lib/mysql
Enter fullscreen mode Exit fullscreen mode

Now, you can use the tool like Sequel Ace or dbeaver to using using ssh tunnel option. Put your database user/password as you set. The hostname is your_db (use your own if you changed it). Then the ssh host is your vps IP, user name is root and the key is the key you mapped above.The port is 1234 (if you do not change)

If you want to customize the ssh image, here is the docker file that you can re-use

FROM alpine:3.18.5

LABEL authors="Tran Trung Ngon"

RUN apk add --update --no-cache openssh

# You can remove it if do not want to add a key to this image
COPY ./ssh/authorized_keys /root/.ssh/authorized_keys

RUN apk add openrc && rc-update add sshd

COPY ./ssh/sshd_config /etc/ssh/sshd_config

COPY entrypoint.sh /entrypoint.sh

EXPOSE 22

ENTRYPOINT ["/entrypoint.sh"]
Enter fullscreen mode Exit fullscreen mode

entrypoint.sh

#!/bin/sh
ssh-keygen -A
/usr/sbin/sshd -D -e
Enter fullscreen mode Exit fullscreen mode

sshd_config

Port 22
AuthorizedKeysFile  .ssh/authorized_keys
AllowTcpForwarding yes
GatewayPorts no
X11Forwarding no
Subsystem   sftp    internal-sftp
Enter fullscreen mode Exit fullscreen mode
profile
Heroku
 Promoted

Heroku

Simplify your DevOps and maximize your time.

Since 2007, Heroku has been the go-to platform for developers as it monitors uptime, performance, and infrastructure concerns, allowing you to focus on writing code.

Learn More

Top comments (0)

profile
Docusign Developers
 Promoted

Image of Docusign

🛠️ Bring your solution into Docusign. Reach over 1.6M customers.

Docusign is now extensible. Overcome challenges with disconnected products and inaccessible data by bringing your solutions into Docusign and publishing to 1.6M customers in the App Center.

Learn more

Read next

godofgeeks profile image

CSRF Attacks & Mitigation

Aviral Srivastava -

mikeyoung44 profile image

New Benchmark Tests How Well AI Can Update Its Visual Knowledge While Retaining Information

Mike Young -

mikeyoung44 profile image

AI Training Breakthrough: New Method Cuts Learning Time by 30% While Boosting Performance

Mike Young -

mikeyoung44 profile image

AI Expert System Gets 2% Smarter by Rerouting Tasks on the Fly

Mike Young -