The following post explains how to open and connect your Nextcloud’s DB (MariaDB) by a ssh tunnel.

Field description:

  • Server side(GNULinux):

    • Nextcloud: running on Docker-compose engine.
    • OS: Debian with Docker compose installed.
    • Database: MariaDB.
  • Localhost side(GNULinux):

    • OS: Fedora.
    • CLient: Dbeader 7.2.5

Further information you can go to my docker compose Statement here.

  1. Edit your docker-compose.yml and add the “ports” key into the statement.
$ nano docker-compose.yml
  ports:
    - 5555:3306
  • port: 5555 –> Host.
  • port: 3306 –> Container.

From the above the port “5555” it was used as example.

  1. recreate the Mariadb container.
$ docker-compose up -d

Into a production scenario you can use the “docker-compose up -d” it will notice the changed configuration and apply it to that container. Further info about docker-compose up here.

Checking the new changes:

$ docker ps | grep nextcloud-mariadb
CONTAINER ID        IMAGE                                    COMMAND                  CREATED             STATUS              PORTS                                      NAMES
8281h2281i2i        mariadb                                  "docker-entrypoint.s…"   2 hours ago         Up 2 hours          0.0.0.0:5555->3306/tcp                     nextcloud-mariadb
  1. Open the ssh tunnel connection.

Now we can test by the following command:

ssh -N -L a:b:c -p yyyy root@host.domain
ssh -N -L 8888:127.0.0.1:5555 -p yyyy root@host.domain
  • N - Tells SSH not to execute a remote command.
  • L - Creates a local port forwarding.
  • p - ssh port
  • a(8888) - Host port.
  • b(localhost) - Localhost IP.
  • c(5555) - remote port.
  1. Setup Dbeaver connection.

Above Main configuration, you have to fill up the database’s user credentials.

From the above capture I pointed up each field needed with a pepper:

  • Host/IP: server IP.
  • Port: server ssh port.
  • User name: server user.
  • Private key: here you can copy and paste the id_rsa path.(localmachine)
  • Localhost: 127.0.0.1
  • Local Port: a local port (localmachine)(eg:8888)
  • Remote Host: server IP.
  • Remote port: server port(eg:5555).

And it’s done, if you have any issue with the connection, you have to check out the firewall configuration from each endpoints, as well have a look into “/etc/ssh/sshd_config” from server side, the following command it’s recommended to troubleshooting any issue netstat eg:

# netstat -tu
# netstat netstat -tulpn | grep LISTEN