-
Notifications
You must be signed in to change notification settings - Fork 17
/
Copy pathssh-tunnel.sh
executable file
·94 lines (86 loc) · 3.61 KB
/
ssh-tunnel.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
#!/bin/bash
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# --------------------------------------------------------------
# Helper script for setting up an SSH Tunnel out of your CF app
#
# Author: Daniel Mikusa <[email protected]>
# Date: 7-3-2014
# --------------------------------------------------------------
set -e
# Look for .ssh directory in application, move it to /home/vcap/.ssh
SSH_FOLDER=$(find /home -name .ssh -type d | head -n 1)
if [ "$SSH_FOLDER" == "" ]; then
echo
echo "You need to include a '.ssh' directory with your application!"
echo "This needs to contain the private and public key for the user"
echo "that will connect to your SSH server."
echo
exit -1
elif [ "$SSH_FOLDER" != "/home/vcap/.ssh" ]; then
echo "Moved [$SSH_FOLDER] to /home/vcap/.ssh, where it's expected."
mv "$SSH_FOLDER" /home/vcap
else
echo "SSH Folder alread exists at [$SSH_FOLDER]"
fi
# Find and fix permissions on private keys
for FILE in /home/vcap/.ssh/*; do
if [[ "$FILE" == *.pub ]]; then
PUB_KEY=$FILE
PRIV_KEY="$(dirname "$FILE")/$(basename "$FILE" .pub)"
break
fi
done
if [ "$PUB_KEY" == "" ] || [ "$PRIV_KEY" == "" ]; then
echo "Failed to find public or private keys."
echo "Found -> [$PUB_KEY] [$PRIV_KEY]"
exit -1
else
echo "Found public key [$PUB_KEY] and private key [$PRIV_KEY]."
chmod 600 "$PRIV_KEY"
fi
# Make sure $SERVICE_PORTS is set, default to $PORT
if [ "$SERVICE_PORTS" == "" ]; then
export SERVICE_PORTS=$PORT
echo "No SERVICE_PORTS defined, defaulting to application on [$PORT]"
fi
# Calculate local port
# This checks env var LOCAL_BASE_PORT and increments the instance index onto it
if [ "$LOCAL_BASE_PORT" == "" ]; then
export LOCAL_BASE_PORT=31337
echo "No LOCAL_BASE_PORT defined, defaulting to 31337."
fi
LOCAL_PORT=$(python -c "import json, os; print json.loads(os.environ['VCAP_APPLICATION'])['instance_index'] * len(os.environ['SERVICE_PORTS'].split(' ')) + int(os.environ['LOCAL_BASE_PORT'])")
# Make sure PUBLIC_SERVER is defined
if [ "$PUBLIC_SERVER" == "" ]; then
echo
echo "You must define the location of your public server. Set this in the"
echo "environment variable PUBLIC_SERVER. <user@>host<:port>"
echo
exit -1
fi
# Connects via SSH to $PUBLIC_SERVER (<user@>host<:port>) and opens a reverse tunnel.
# The tunnel connects $LOCAL_PORT on the public server to $SERVICE_PORTS
# in the application container.
# $LOCAL_PORT is calculated based on $LOCAL_BASE_PORT, which is user defined.
for SERVICE_PORT in $SERVICE_PORTS; do
ssh -i "$PRIV_KEY" -oStrictHostKeyChecking=no -f -N -T -R"$LOCAL_PORT:localhost:$SERVICE_PORT" "$PUBLIC_SERVER"
echo "Connected! To access go to localhost:$LOCAL_PORT on your public server [$PUBLIC_SERVER]."
LOCAL_PORT=$(($LOCAL_PORT + 1))
done
#TODO: watch SSH tunnel to see if it goes down. If it does, try restarting.