Dockerized TCP Proxy over SSH Tunnel
Overview
A build TCP proxy that opens an SSH tunnel from inside a Docker container, letting local services reach a database that is only reachable inside a private cloud network via a bastion host.
Why It Exists
Managed databases in a VPC are not directly reachable from a developer machine. Rather than hand-rolling ssh -L commands, this packages the tunnel as a container service so any other container can connect to tunnel:<port> transparently.
What We Built
- A
ssh-tunnelservice image plus adocker-compose.ymlparameterized entirely through environment variables: SSH user/host/port, target host/port, and the local listen port. - Port mapping (e.g.
27017) so a remote database appears as a local endpoint. - Mounting of a specific SSH private key for authentication into the container.
Technologies & Approach
Docker Compose orchestrates a single tunnel container; configuration is environment-driven for reuse across targets. The pattern bridges a local dev environment to a private-network managed database through an SSH bastion.
Outcome / Impact
A clean, reusable connectivity primitive: securely reach VPC-private databases from local tooling without bespoke per-developer SSH setup. Validated the container-as-tunnel approach for cloud-private resource access.
Capabilities Demonstrated
- Secure access to private cloud (VPC) resources via SSH bastion tunneling
- Packaging networking concerns as composable Docker services
- Environment-driven, reusable infrastructure configuration