Use RemoteForward and LocalForward instead of CLI args

QueraTeam · Aug 13, 2024 · 936be4b · 936be4b
1 parent 0a05133
commit 936be4b
Show file tree

Hide file tree

Showing 6 changed files with 253 additions and 336 deletions.
diff --git a/README.md b/README.md
@@ -73,13 +73,16 @@ For more information, see the [`ssh_config(5)`](https://linux.die.net/man/5/ssh_
 | ----------------------------- | ------------------------------ | ------------- |
 | `SSH_HOSTNAME` _required_     | Hostname                       | -             |
 | `SSH_PORT`                    | Port                           | `22`          |
+| `SSH_REMOTE_FORWARD`          | RemoteForward                  | -             |
+| `SSH_LOCAL_FORWARD`           | LocalForward                   | -             |
 | `SSH_SERVER_ALIVE_INTERVAL`   | ServerAliveInterval            | `10`          |
 | `SSH_SERVER_ALIVE_COUNT_MAX`  | ServerAliveCountMax            | `3`           |
 | `SSH_EXIT_ON_FORWARD_FAILURE` | ExitOnForwardFailure           | `yes`         |
 | `SSH_SESSION_TYPE`            | SessionType                    | `none`        |
 
-You can pass arguments to `ssh` command using the `SSH_CLI_OPTIONS` environment variable.
-You can define the SSH port forwarding using this variable (`-R` and `-L` options).
+You can define the SSH port forwarding using `SSH_REMOTE_FORWARD` and `SSH_LOCAL_FORWARD`.
+Each of these variables can have multiple port forwarding rules separated by semicolons (`;`).
+
 Please note that the server image only supports
 remote port forwarding by default for security reasons.
 If you want to use local port forwarding,
@@ -147,7 +150,7 @@ docker run --name tunnel-client --rm -it --init --add-host=host.docker.internal:
   -e CLIENT_ED25519_PRIVATE_KEY_BASE64="$(cat key2 | base64 -w 0)" \
   -e SSH_HOSTNAME="host.docker.internal" \
   -e SSH_PORT="2222" \
-  -e SSH_CLI_OPTIONS="-R 0.0.0.0:4444:127.0.0.1:6666" \
+  -e SSH_REMOTE_FORWARD="0.0.0.0:4444 127.0.0.1:6666" \
   ghcr.io/querateam/docker-ssh-tunnel/client
 ```
 
@@ -194,7 +197,7 @@ services:
       SERVER_ED25519_PUBLIC_KEY: ... value of key1.pub ...
       SSH_HOSTNAME: host.docker.internal
       SSH_PORT: 2222
-      SSH_CLI_OPTIONS: -R 0.0.0.0:4444:127.0.0.1:6666
+      SSH_REMOTE_FORWARD: 0.0.0.0:4444 127.0.0.1:6666
     extra_hosts:
       - host.docker.internal:host-gateway
 

diff --git a/client/entrypoint.sh b/client/entrypoint.sh
@@ -10,6 +10,10 @@ if [ -z "${SSH_HOSTNAME}" ]; then
     echo "SSH_HOSTNAME is not set. Exiting..."
     exit 1
 fi
+if [ -z "${SSH_REMOTE_FORWARD}" ] && [ -z "${SSH_LOCAL_FORWARD}" ]; then
+    echo "You should set at least one of SSH_REMOTE_FORWARD and SSH_LOCAL_FORWARD. Exiting..."
+    exit 1
+fi
 
 # We don't want to depend on the existence of a real user and a home directory,
 # so we can run the container as any non-root user with any uid and gid.
@@ -65,6 +69,16 @@ ServerAliveCountMax ${SSH_SERVER_ALIVE_COUNT_MAX:-3}
 ExitOnForwardFailure ${SSH_EXIT_ON_FORWARD_FAILURE:-yes}
 SessionType ${SSH_SESSION_TYPE:-none}
 " >"${HOME}/.ssh/config"
+if [ -n "${SSH_REMOTE_FORWARD}" ]; then
+    echo "${SSH_REMOTE_FORWARD}" | tr ';' '\n' | while IFS= read -r remote_forward; do
+        echo "RemoteForward ${remote_forward}" >>"${HOME}/.ssh/config"
+    done
+fi
+if [ -n "${SSH_LOCAL_FORWARD}" ]; then
+    echo "${SSH_LOCAL_FORWARD}" | tr ';' '\n' | while IFS= read -r local_forward; do
+        echo "LocalForward ${local_forward}" >>"${HOME}/.ssh/config"
+    done
+fi
 
 ################################
 # autossh options              #
@@ -76,4 +90,4 @@ export AUTOSSH_POLL="${AUTOSSH_POLL:-30}"
 ################################
 # start the SSH tunnel         #
 ################################
-exec /usr/bin/autossh -T ${SSH_CLI_OPTIONS} "${SSH_HOSTNAME}"
+exec /usr/bin/autossh -T "${SSH_HOSTNAME}"