The following post explains how to open and connect your Nextcloud’s DB (MariaDB) by a ssh tunnel.
Field description:
-
Server side(GNULinux):
- Nextcloud: running on Docker-compose engine.
- OS: Debian with Docker compose installed.
- Database: MariaDB.
-
Localhost side(GNULinux):
- OS: Fedora.
- CLient: Dbeader 7.2.5
Further information you can go to my docker compose Statement here.
- Edit your docker-compose.yml and add the “ports” key into the statement.
$ nano docker-compose.yml
ports:
- 5555:3306
- port: 5555 –> Host.
- port: 3306 –> Container.
From the above the port “5555” it was used as example.
- recreate the Mariadb container.
$ docker-compose up -d
Into a production scenario you can use the “docker-compose up -d” it will notice the changed configuration and apply it to that container. Further info about docker-compose up here.
Checking the new changes:
$ docker ps | grep nextcloud-mariadb
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8281h2281i2i mariadb "docker-entrypoint.s…" 2 hours ago Up 2 hours 0.0.0.0:5555->3306/tcp nextcloud-mariadb
- Open the ssh tunnel connection.
Now we can test by the following command:
ssh -N -L a:b:c -p yyyy root@host.domain
ssh -N -L 8888:127.0.0.1:5555 -p yyyy root@host.domain
- N - Tells SSH not to execute a remote command.
- L - Creates a local port forwarding.
- p - ssh port
- a(8888) - Host port.
- b(localhost) - Localhost IP.
- c(5555) - remote port.
- Setup Dbeaver connection.
Above Main configuration, you have to fill up the database’s user credentials.
From the above capture I pointed up each field needed with a pepper:
- Host/IP: server IP.
- Port: server ssh port.
- User name: server user.
- Private key: here you can copy and paste the id_rsa path.(localmachine)
- Localhost: 127.0.0.1
- Local Port: a local port (localmachine)(eg:8888)
- Remote Host: server IP.
- Remote port: server port(eg:5555).
And it’s done, if you have any issue with the connection, you have to check out the firewall configuration from each endpoints, as well have a look into “/etc/ssh/sshd_config” from server side, the following command it’s recommended to troubleshooting any issue netstat eg:
# netstat -tu
# netstat netstat -tulpn | grep LISTEN