That would be a HUGE help!
This is sort of what I was thinking, let me give it a try, looking forward to your example!
Any suggest for best image to use for the dockerfile?
Thanks again
That would be a HUGE help!
This is sort of what I was thinking, let me give it a try, looking forward to your example!
Any suggest for best image to use for the dockerfile?
Thanks again
@danwetherald Here’s what I’d base an image off docker-ssh-tunnel/Dockerfile at master · cagataygurturk/docker-ssh-tunnel · GitHub
Can try it with this, and I’ll write up a guide / example in a bit.
If I am being completely honest, I am not sure which is which variables are which haha.
Also, this does not include anything with the key.pem file.
Can you help me out?
Yeah, I’ll post an example specific to Hightouch soon.
Ah okay, yea I was taking this approach too literally haha
Can try a file like
FROM alpine:3.2
RUN apk add --update openssh-client && rm -rf /var/cache/apk/*
ADD ./key.pem key.pem
CMD ssh -I key.pem \
-R 0.0.0.0:56000:$SERVICE_HOST:$SERVICE_PORT \
tunnel.hightouch.io -p 49100 \
-o ExitOnForwardFailure=yes
with SERVICE_HOST
set to the database app, like dbapp.internal
and SERVICE_PORT
set to 5432
or 5433
if you’re pointing it at a read replica.
So I have it “working” but its using the release step and that will just hang forever and never “deploy”.
For some reason I get errors when trying to get this working with everything in the CMD of the dockerfile.
latest Dockerfile:
FROM alpine:latest
RUN apk add --update openssh-client && rm -rf /var/cache/apk/*
COPY key.pem .
CMD rm -rf /root/.ssh && mkdir -p /root/.ssh && cp -R /root/ssh/* /root/.ssh/ && chmod -R 600 /root/.ssh/*
EXPOSE 1-65535
I’ve just posted and example as you posted this Fly Postgres - Hightouch.io Peering - #10 by sudhir.j
This reference was accepting a tunnel, you want to establish one in reverse, so the commands are different, and there’s no port exposed.
I believe that last Dockerfile worked!!!
Thank you so much @sudhir.j - this was a pain in the ass haha.
Nice! Just remember to prefer a read replica for this, run the tunnel app in the same region you’re running the DB, etc. Otherwise things can slow down in a lot of cases.
Absolutely! Another awesome part of fly postgres, read replicas .
Just ran into the next issue lol - no SSL Mode settings at hightouch
The server does not support SSL connections
Any ideas?
You’re seeing this in the log output of the tunnelling container? Or when Hightouch is trying to connect to the DB?
On hightouch side, meaning they have no config for ssl mode.
Yeah, I think you’ll want to turn OFF SSL mode on Hightouch. The tunnel app to DB is protected internally by Fly’s networking, and the tunnel to Hightouch is also encrypted with the key you have at key.pem. The connection from Hightouch to the DB doesn’t need SSL, and you’ll want to disable that.
Yup, problem is its not a setting on their dashboard, chatting with their support now
Okay, they were able to add a SSL Mode flag for me
@sudhir.j asking them about it, but seeing a lot of
ssh: connect to host tunnel.hightouch.io port 49100: Operation timed out
Which of course causes the VM to restart, wondering if you would know anything about this?
Hmm. Autossh autossh(1): monitor/restart ssh sessions - Linux man page can prevent the VM exiting and restarting (they’ve suggested it in their docs as well — you could install it and run ssh through it) but this probably something I’d raise with Hightouch. Maybe they could give you a port that’s more available and reliable?
Gotcha! Okay I will look into both, waiting to hear what they think about the issue.
Thanks again for all your help, you rock!
Do you get these issues when trying to run a tunnel to Hightouch from a local machine pointed at a local DB as well? We can rule out it being a Fly problem if it behaves differently on your dev machine.