Sen descrición

Fabian Peter Hammerle d3f3165c08 upgrade mariadb-client package from v10.6.11-r0 to v10.6.12-r0 (see links below) hai 1 ano
.github 0aa1cc4f00 build(deps): bump docker/setup-buildx-action from 2.2.1 to 2.4.0 (#39) hai 1 ano
CHANGELOG.md 306b9e3dc9 protect against SSH_CLIENT_PUBLIC_KEYS containing term "MYSQLDUMP_ARGS=" %!s(int64=2) %!d(string=hai) anos
Dockerfile d3f3165c08 upgrade mariadb-client package from v10.6.11-r0 to v10.6.12-r0 (see links below) hai 1 ano
Makefile affd28a1bd added makefile to facilitate building, tagging & pushing container images %!s(int64=3) %!d(string=hai) anos
README.md 09e42367e0 readme: update docker-compose section (amendment to commit 938ea0f6aa997ac715dc32617aca5fa6d331c618) %!s(int64=3) %!d(string=hai) anos
docker-compose.yml 938ea0f6aa authorize public keys in env var SSH_CLIENT_PUBLIC_KEYS (instead of mounting /home/dump/.ssh/authorized_keys) %!s(int64=3) %!d(string=hai) anos
entrypoint.sh 3019db1bdc entrypoint: unset no longer needed MYSQLDUMP_ARGS variable %!s(int64=3) %!d(string=hai) anos
mariadb-client-package-log.url e59d6833dc upgrade mariadb-client package from v10.6.10-r0 to v10.6.11-r0 (see below) %!s(int64=2) %!d(string=hai) anos
openssh-package-log.url 8cc2104857 upgrade openssh-server package from v9.0_p1-r2 to v9.1_p1-r1 (see below) %!s(int64=2) %!d(string=hai) anos
openssh-release-notes.url ec728a8641 upgrade openssh server package v8.6_p1-r{2->3} (CVE-2021-41617) %!s(int64=3) %!d(string=hai) anos
rsnapshot.conf.example 0565874cd8 listen on port 2200 for consistency among personal projects (previously 2222) %!s(int64=3) %!d(string=hai) anos
sshd_config 306b9e3dc9 protect against SSH_CLIENT_PUBLIC_KEYS containing term "MYSQLDUMP_ARGS=" %!s(int64=2) %!d(string=hai) anos
tini-package-log.url 5108de420e upgrade tini package from v0.19.0-r0 to v0.19.0-r1 (see below) %!s(int64=2) %!d(string=hai) anos

README.md

docker: openssh-server invoking mysqldump 💾 🐳

Create logical backups of mariadb and mysql databases via SSH.

Whenever a SSH client connects mysqldump will be executed.

Useful to fetch backups via rsnapshot. See rsnapshot.conf.example.

$ sudo docker run --rm --name mysqldump_ssh \
    -p 2200:2200 \
    -e SSH_CLIENT_PUBLIC_KEYS="$(cat ~/.ssh/id_*.pub)" \
    --tmpfs /home/dump/.ssh:mode=1777,size=16k \
    -e MYSQLDUMP_ARGS='--host=dbhost --user=dbuser --password=dbpass --all-databases' \
    --read-only --security-opt=no-new-privileges --cap-drop=ALL \
    docker.io/fphammerle/mysqldump-sshd
$ ssh -p 2200 -T dump@localhost
-- MariaDB dump 10.17  Distrib 10.4.10-MariaDB, for Linux (x86_64)
--
-- Host: database    Database: demo
-- ------------------------------------------------------
[…]

Git tags docker/* contain signed docker image digests: https://github.com/fphammerle/docker-mysqldump-sshd/tags

⚠️ MYSQLDUMP_ARGS=--password=... leaks the password to other users on the same machine, if /proc is mounted with hidepid=0 (default).

Docker Compose 🐙

  1. git clone https://github.com/fphammerle/docker-mysqldump-sshd
  2. cd docker-mysqldump-sshd
  3. Adapt SSH_CLIENT_PUBLIC_KEYS and MYSQLDUMP_ARGS in docker-compose.yml.
  4. docker-compose up --build