finalize basic functionality around authorized keys

medic · Nov 8, 2024 · 344178d · 344178d
1 parent 4f0ea69
commit 344178d
Show file tree

Hide file tree

Showing 5 changed files with 11 additions and 14 deletions.
diff --git a/bastion/Dockerfile b/bastion/Dockerfile
@@ -23,7 +23,7 @@ RUN addgroup -S -g ${GID} ${GROUP} \
     && set -x \
     && apk add --no-cache openssh-server curl \
     && echo -e "\nLogin Successful! \n\nHowever, interactive sessions not allowed. Use \"-N\" with ssh tunnel command instead: \n" > /etc/motd \
-    && echo -e "\tssh -N -L 5432:CONTAINER-NAME-HERE:5432 bastion@127.0.0.1 -p 22222\n" >> /etc/motd \
+    && echo -e "\tssh -N -L 5432:CONTAINER-NAME:5432 bastion@PUBLIC-IP-OR-DNS -p 22222\n" >> /etc/motd \
     && chmod +x /usr/sbin/bastion \
     && chmod +x /usr/sbin/get_keys.sh \
     && mkdir -p ${HOST_KEYS_PATH} \

diff --git a/bastion/README.md b/bastion/README.md
@@ -1,9 +1,9 @@
 This project hard forked from [docker-bastion](https://github.com/binlab/docker-bastion/tree/master) at version [1.2.0](https://github.com/binlab/docker-bastion/releases/tag/v1.2.0)
 
-Per MIT license, copyright of this `bastion` sub-directory is Mark/binlab/mark.[email protected] and MIT license file perists.
+Per MIT license, copyright of this `bastion` sub-directory is Mark/binlab/mark.[email protected] and MIT license file persists.
 
-Sample SSH tunnel:
+Sample SSH tunnel to connect to container called `cht-sync-postgres-1` on remote server with IP `44.33.22.11`:
 
 ```shell
-ssh -N -L 5432:cht-sync-postgres-1:5432 bastion@127.0.0.1 -p 22222
+ssh -N -L 5432:cht-sync-postgres-1:5432 bastion@44.33.22.11 -p 22222
 ```
diff --git a/bastion/get_keys.sh b/bastion/get_keys.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-# todo 1 - get this to check github to see if $1 is in medic org and if they have an ssh key, fail if not
-# todo 2 - write this in node per Medic's requirements?
-curl -qs https://github.com/mrjones-plip.keys
-curl -qs https://github.com/dianabarsan.keys
+# todo:
+#  - have config pass in a GH org
+#  - get this to check github to see if $1 is in that  org and if they have an ssh key, fail if not
+#  - write this in node per Medic's requirements? would need to add node to the Dockerfile ... :/
diff --git a/docker-compose.pgadmin.yml b/docker-compose.pgadmin.yml
@@ -1,7 +1,7 @@
 services:
   postgres:
     ports:
-      - 5432:5432
+      - 5432:${POSTGRES_PORT:-5432}
 
   pgadmin:
     image: dpage/pgadmin4

diff --git a/env.template b/env.template
@@ -1,6 +1,3 @@
-# (Optional) project wide
-COMPOSE_PROJECT_NAME=pipeline
-
 # postgresql
 POSTGRES_USER=postgres
 POSTGRES_PASSWORD=postgres
@@ -25,5 +22,5 @@ COUCHDB_SECURE=false
 # (Optional) project wide
 #COMPOSE_PROJECT_NAME=cht-sync
 
-# bastion
-BASTION_PORT=2222
+# bastion - default is 2222 uncomment to change
+#BASTION_PORT=2222