No Description

Fabian Peter Hammerle 27f57bd247 upgrade mariadb-client package from v10.6.8-r0 to v10.6.9-r0 1 month ago
.github 4d12fafff3 build(deps): bump docker/build-push-action from 3.1.0 to 3.1.1 (#28) 1 month ago fbc6339e09 release v2.0.1 1 year ago
Dockerfile 27f57bd247 upgrade mariadb-client package from v10.6.8-r0 to v10.6.9-r0 1 month ago
Makefile affd28a1bd added makefile to facilitate building, tagging & pushing container images 1 year ago 09e42367e0 readme: update docker-compose section (amendment to commit 938ea0f6aa997ac715dc32617aca5fa6d331c618) 1 year ago
docker-compose.yml 938ea0f6aa authorize public keys in env var SSH_CLIENT_PUBLIC_KEYS (instead of mounting /home/dump/.ssh/authorized_keys) 1 year ago 3019db1bdc entrypoint: unset no longer needed MYSQLDUMP_ARGS variable 1 year ago
mariadb-client-package-log.url fdcf437fb6 upgrade mariadb-client package to v10.6.8-r0 and openssh-server package to v9.0_p1-r1 4 months ago
openssh-package-log.url 8093da022f upgrade alpine base image v3.12 -> v13.4 including openssh-server package upgrade v8.3_p1-r0 -> v8.4_p1-r3 & mariadb-client package upgrade v10.4.13-r0 -> v10.5.8-r0 (diff links below) 1 year ago
openssh-release-notes.url ec728a8641 upgrade openssh server package v8.6_p1-r{2->3} (CVE-2021-41617) 11 months ago
rsnapshot.conf.example 0565874cd8 listen on port 2200 for consistency among personal projects (previously 2222) 1 year ago
sshd_config b648c76350 dockerfile: rename build argument OPENSSH_PACKAGE_VERSION to OPENSSH_SERVER_PACKAGE_VERSION for consistency 1 year ago

docker: openssh-server invoking mysqldump 💾 🐳

Create logical backups of mariadb and mysql databases via SSH.

Whenever a SSH client connects mysqldump will be executed.

Useful to fetch backups via rsnapshot. See rsnapshot.conf.example.

$ sudo docker run --rm --name mysqldump_ssh \
    -p 2200:2200 \
    -e SSH_CLIENT_PUBLIC_KEYS="$(cat ~/.ssh/id_*.pub)" \
    --tmpfs /home/dump/.ssh:mode=1777,size=16k \
    -e MYSQLDUMP_ARGS='--host=dbhost --user=dbuser --password=dbpass --all-databases' \
    --read-only --security-opt=no-new-privileges --cap-drop=ALL \
$ ssh -p 2200 -T dump@localhost
-- MariaDB dump 10.17  Distrib 10.4.10-MariaDB, for Linux (x86_64)
-- Host: database    Database: demo
-- ------------------------------------------------------

Git tags docker/* contain signed docker image digests:

⚠️ MYSQLDUMP_ARGS=--password=... leaks the password to other users on the same machine, if /proc is mounted with hidepid=0 (default).

Docker Compose 🐙

  1. git clone
  2. cd docker-mysqldump-sshd
  3. Adapt SSH_CLIENT_PUBLIC_KEYS and MYSQLDUMP_ARGS in docker-compose.yml.
  4. docker-compose up --build