spacelatte/docker-ssh-overlay-port-forward.mk

## docker-ssh-overlay-port-forward.mk
#!/usr/bin/env make -f
# ---
# USAGE:
# make -f {this_file} port-fwd/host.ssh/container_ip:container_port PORT_NETWORK=attachable-overlay-net
# FLOW:
# Fact: Creates SSH tunnel, docker port-binding and socat TCP proxy to gain access on a non-published port on a container which is inside an overlay network.
# Uses SSH forwarding to have: `localhost:$PORT_LOCAL -> ssh.host:$PORT_INTERMEDIATE_HOST`
# Uses Docker port binding to have: `ssh.host:$PORT_INTERMEDIATE_HOST -> container:$PORT_INTERMEDIATE_PROXY`
# Uses Socat TCP proxy to have: `container:$PORT_INTERMEDIATE_PROXY -> target_ip:target_port`
# The `target_ip:target_port` is the 3rd path element.
# Example: `port-fwd/ssh.example.com/10.0.0.2:8000`
#                    ^        ^        ^
#                    |        |        port of the innermost container (target)
#                    |        ip of the innermost container. Does not have to be at the same host, since connection goes through the overlay network
#                    swarm cluster member, using a master/manager node would be wise.
# QUIRK: You must specify correct network. It must be the same network as target container.

PORT_NETWORK            := ingress
PORT_LOCAL              := $(shell echo $$(( RANDOM % 10000 + 10000 ));)
PORT_INTERMEDIATE_HOST  := $(shell echo $$(( RANDOM % 16384 + 32768 ));)
PORT_INTERMEDIATE_PROXY := $(shell echo $$(( RANDOM %  9000 +  1000 ));)
port-fwd/%:
	@echo "Opening localhost:$(PORT_LOCAL)"
	@ssh -tL $(PORT_LOCAL):0:$(PORT_INTERMEDIATE_HOST) ssh://$(dir $*) -- \
		docker run \
			--rm=true  \
			--net=$(PORT_NETWORK) \
			--name=portfwd-$(USER)-$(PORT_LOCAL)--$(PORT_INTERMEDIATE_HOST)-$(PORT_INTERMEDIATE_PROXY)--$(subst :,-,$(notdir $*)) \
			-p $(PORT_INTERMEDIATE_HOST):$(PORT_INTERMEDIATE_PROXY)/tcp \
			-it alpine/socat \
				-d TCP-L:$(PORT_INTERMEDIATE_PROXY),fork TCP:$(notdir $*)
	#!/usr/bin/env make -f
	# ---
	# USAGE:
	# make -f {this_file} port-fwd/host.ssh/container_ip:container_port PORT_NETWORK=attachable-overlay-net
	# FLOW:
	# Fact: Creates SSH tunnel, docker port-binding and socat TCP proxy to gain access on a non-published port on a container which is inside an overlay network.
	# Uses SSH forwarding to have: `localhost:$PORT_LOCAL -> ssh.host:$PORT_INTERMEDIATE_HOST`
	# Uses Docker port binding to have: `ssh.host:$PORT_INTERMEDIATE_HOST -> container:$PORT_INTERMEDIATE_PROXY`
	# Uses Socat TCP proxy to have: `container:$PORT_INTERMEDIATE_PROXY -> target_ip:target_port`
	# The `target_ip:target_port` is the 3rd path element.
	# Example: `port-fwd/ssh.example.com/10.0.0.2:8000`
	# ^ ^ ^
	# \| \| port of the innermost container (target)
	# \| ip of the innermost container. Does not have to be at the same host, since connection goes through the overlay network
	# swarm cluster member, using a master/manager node would be wise.
	# QUIRK: You must specify correct network. It must be the same network as target container.

	PORT_NETWORK := ingress
	PORT_LOCAL := $(shell echo $$(( RANDOM % 10000 + 10000 ));)
	PORT_INTERMEDIATE_HOST := $(shell echo $$(( RANDOM % 16384 + 32768 ));)
	PORT_INTERMEDIATE_PROXY := $(shell echo $$(( RANDOM % 9000 + 1000 ));)
	port-fwd/%:
	@echo "Opening localhost:$(PORT_LOCAL)"
	@ssh -tL $(PORT_LOCAL):0:$(PORT_INTERMEDIATE_HOST) ssh://$(dir $*) -- \
	docker run \
	--rm=true \
	--net=$(PORT_NETWORK) \
	--name=portfwd-$(USER)-$(PORT_LOCAL)--$(PORT_INTERMEDIATE_HOST)-$(PORT_INTERMEDIATE_PROXY)--$(subst :,-,$(notdir $*)) \
	-p $(PORT_INTERMEDIATE_HOST):$(PORT_INTERMEDIATE_PROXY)/tcp \
	-it alpine/socat \
	-d TCP-L:$(PORT_INTERMEDIATE_PROXY),fork TCP:$(notdir $*)