No Description

dependabot[bot] deacabf238 build(deps): bump docker/setup-buildx-action from 1.5.1 to 1.6.0 2 weeks ago
.github deacabf238 build(deps): bump docker/setup-buildx-action from 1.5.1 to 1.6.0 2 weeks ago
CHANGELOG.md fbc6339e09 release v2.0.1 3 months ago
Dockerfile 20b722f461 build(deps): bump alpine from 3.14.1 to 3.14.2 3 weeks ago
Makefile affd28a1bd added makefile to facilitate building, tagging & pushing container images 5 months ago
README.md 09e42367e0 readme: update docker-compose section (amendment to commit 938ea0f6aa997ac715dc32617aca5fa6d331c618) 5 months ago
docker-compose.yml 938ea0f6aa authorize public keys in env var SSH_CLIENT_PUBLIC_KEYS (instead of mounting /home/dump/.ssh/authorized_keys) 5 months ago
entrypoint.sh 3019db1bdc entrypoint: unset no longer needed MYSQLDUMP_ARGS variable 5 months ago
mariadb-client-package-log.url 8093da022f upgrade alpine base image v3.12 -> v13.4 including openssh-server package upgrade v8.3_p1-r0 -> v8.4_p1-r3 & mariadb-client package upgrade v10.4.13-r0 -> v10.5.8-r0 (diff links below) 5 months ago
openssh-package-log.url 8093da022f upgrade alpine base image v3.12 -> v13.4 including openssh-server package upgrade v8.3_p1-r0 -> v8.4_p1-r3 & mariadb-client package upgrade v10.4.13-r0 -> v10.5.8-r0 (diff links below) 5 months ago
rsnapshot.conf.example 0565874cd8 listen on port 2200 for consistency among personal projects (previously 2222) 5 months ago
sshd_config b648c76350 dockerfile: rename build argument OPENSSH_PACKAGE_VERSION to OPENSSH_SERVER_PACKAGE_VERSION for consistency 5 months ago

README.md

docker: openssh-server invoking mysqldump 💾 🐳

Create logical backups of mariadb and mysql databases via SSH.

Whenever a SSH client connects mysqldump will be executed.

Useful to fetch backups via rsnapshot. See rsnapshot.conf.example.

$ sudo docker run --rm --name mysqldump_ssh \
    -p 2200:2200 \
    -e SSH_CLIENT_PUBLIC_KEYS="$(cat ~/.ssh/id_*.pub)" \
    --tmpfs /home/dump/.ssh:mode=1777,size=16k \
    -e MYSQLDUMP_ARGS='--host=dbhost --user=dbuser --password=dbpass --all-databases' \
    --read-only --security-opt=no-new-privileges --cap-drop=ALL \
    docker.io/fphammerle/mysqldump-sshd
$ ssh -p 2200 -T dump@localhost
-- MariaDB dump 10.17  Distrib 10.4.10-MariaDB, for Linux (x86_64)
--
-- Host: database    Database: demo
-- ------------------------------------------------------
[…]

Git tags docker/* contain signed docker image digests: https://github.com/fphammerle/docker-mysqldump-sshd/tags

⚠️ MYSQLDUMP_ARGS=--password=... leaks the password to other users on the same machine, if /proc is mounted with hidepid=0 (default).

Docker Compose 🐙

  1. git clone https://github.com/fphammerle/docker-mysqldump-sshd
  2. cd docker-mysqldump-sshd
  3. Adapt SSH_CLIENT_PUBLIC_KEYS and MYSQLDUMP_ARGS in docker-compose.yml.
  4. docker-compose up --build