Open a Nextcloud's DB through a ssh connection

The following post explains how to open and connect your Nextcloud’s DB (MariaDB) by a ssh tunnel.

Field description:

• Server side(GNULinux):

  • Nextcloud: running on Docker-compose engine.
  • OS: Debian with Docker compose installed.
  • Database: MariaDB.

• Localhost side(GNULinux):

  • OS: Fedora.
  • CLient: Dbeader 7.2.5

Further information you can go to my docker compose Statement here.

1. Edit your docker-compose.yml and add the “ports” key into the statement.

$ nano docker-compose.yml
  ports:
    - 5555:3306

• port: 5555 –> Host.
• port: 3306 –> Container.

From the above the port “5555” it was used as example.

2. recreate the Mariadb container.

$ docker-compose up -d

Into a production scenario you can use the “docker-compose up -d” it will notice the changed configuration and apply it to that container. Further info about docker-compose up here.

Checking the new changes:

$ docker ps | grep nextcloud-mariadb
CONTAINER ID        IMAGE                                    COMMAND                  CREATED             STATUS              PORTS                                      NAMES
8281h2281i2i        mariadb                                  "docker-entrypoint.s…"   2 hours ago         Up 2 hours          0.0.0.0:5555->3306/tcp                     nextcloud-mariadb

3. Open the ssh tunnel connection.

Now we can test by the following command:

ssh -N -L a:b:c -p yyyy root@host.domain
ssh -N -L 8888:127.0.0.1:5555 -p yyyy root@host.domain

• N - Tells SSH not to execute a remote command.
• L - Creates a local port forwarding.
• p - ssh port
• a(8888) - Host port.
• b(localhost) - Localhost IP.
• c(5555) - remote port.

4. Setup Dbeaver connection.

Above Main configuration, you have to fill up the database’s user credentials.

From the above capture I pointed up each field needed with a pepper:

• Host/IP: server IP.
• Port: server ssh port.
• User name: server user.
• Private key: here you can copy and paste the id_rsa path.(localmachine)
• Localhost: 127.0.0.1
• Local Port: a local port (localmachine)(eg:8888)
• Remote Host: server IP.
• Remote port: server port(eg:5555).

And it’s done, if you have any issue with the connection, you have to check out the firewall configuration from each endpoints, as well have a look into “/etc/ssh/sshd_config” from server side, the following command it’s recommended to troubleshooting any issue netstat eg:

# netstat -tu
# netstat netstat -tulpn | grep LISTEN