tldr;

Complete list of file can be found on Github

Be sure to update

  • the ssh-config file for the host domain. Host *.example.com
  • the service name and port in the nginx configuration file. proxy_pass http://server:8080;
  • bind the correct ssh public key in the docker-compose file - ${HOME}/.ssh/id_rsa:/root/.ssh/id_copy:ro
  • provide the correct SSH_TUNNEL and SSH_CONNECTION_HOST environment variables in the docker-compose file
  • fill in the correct services in the docker-compose file
  • in the service app connect to tunned service with the correct service name and port forwarded (e.g. http://zookeeper:2181)

Sort description

Ingress (nginx proxy) <-> Service <-> Tunneled Service (e.g. ZooKeeper)

Networks:

  • the ingress can only access the service are on their own network, therefore, nginx can’t access the tunnel.
  • the service can access both the ingress and tunnel services.
  • the tunnel only has access to the service.

Reverse tunneling is also support in this example via the ingress container. If that’s not needed, the vanilla nginx image from docker hub can be used instead.