Merge remote-tracking branch 'origin/docker-filter'

Author: jeroenpeeters

Dockerfile

@@ -1,16 +1,13 @@
-FROM gliderlabs/alpine
+FROM node:9-onbuild as build
 
-WORKDIR /src
-ADD . .
-
-RUN apk --update add python make g++ nodejs \
-  && npm install \
-  && apk del make gcc g++ python \
-  && rm -rf /tmp/* /var/cache/apk/* /root/.npm /root/.node-gyp
+CMD ["npm", "start"]
 
+FROM alpine:3.6
+COPY --from=build /usr/src/app /usr/src/app
 
-# make coffee executable
-RUN chmod +x ./node_modules/coffee-script/bin/coffee
+RUN apk update \
+  && apk add nodejs nodejs-npm \
+  && rm -rf /tmp/* /var/cache/apk/* /root/.npm /root/.node-gyp
 
 # Connect to container with name/id
 ENV CONTAINER=
@@ -32,4 +29,5 @@ ENV HTTP_PORT=8022
 
 EXPOSE 22 8022
 
+WORKDIR /usr/src/app
 CMD ["npm", "start"]

README.md

@@ -5,7 +5,7 @@ Want to SSH into your container right away? Here you go:
 
     $ docker run -d -p 2222:22 \
       -v /var/run/docker.sock:/var/run/docker.sock \
-      -e CONTAINER=my-container -e AUTH_MECHANISM=noAuth \
+      -e FILTERS={\"name\":[\"my-container\"]} -e AUTH_MECHANISM=noAuth \
       jeroenpeeters/docker-ssh
 
     $ ssh -p 2222 localhost
@@ -44,19 +44,20 @@ message if you whish to contribute to this project.
 - [x] Execute single command
 - [x] HTTP API
 - [x] Web terminal
-- [ ] Customize the MOTD
 - [x] Simple user authentication; one user/password
 - [x] Authenticate users by username and password
 - [x] Authenticate users by username and public key
+- [x] Run commands as specific user
+- [x] Use Docker filter to target a container
+- [ ] Customize the MOTD
 - [ ] Secure copy implementation (SCP)
 - [ ] Secure FTP implementation (SFTP)
 - [ ] Access multiple containers
-- [x] Run commands as specific user
 
 # Add SSH capabilities to any container!
 Let's assume you have a running container with name 'web-server1'. Run the following command to start Docker-SSH:
 
-    docker run -e CONTAINER=web-server1 -e AUTH_MECHANISM=noAuth \
+    docker run -e FILTERS={\"name\":[\"web-server-1\"]} -e AUTH_MECHANISM=noAuth \
       --name sshd-web-server1 -p 2222:22  --rm \
       -v /var/run/docker.sock:/var/run/docker.sock \
       jeroenpeeters/docker-ssh
@@ -131,7 +132,7 @@ by setting `AUTH_USER` and `AUTH_PASSWORD`.
 
     $ docker run -d -p 2222:22 \
       -v /var/run/docker.sock:/var/run/docker.sock \
-      -e CONTAINER=my-container -e AUTH_MECHANISM=simpleAuth \
+      -e FILTERS={\"name\":[\"my-container\"]} -e AUTH_MECHANISM=simpleAuth \
       -e AUTH_USER=jeroen -e AUTH_PASSWORD=1234 \
       jeroenpeeters/docker-ssh
 
@@ -146,7 +147,7 @@ It is a single string with semicolon (;) separated user:password pairs.
 
     $ docker run -d -p 2222:22 \
       -v /var/run/docker.sock:/var/run/docker.sock \
-      -e CONTAINER=my-container -e AUTH_MECHANISM=multiUser \
+      -e FILTERS={\"name\":[\"my-container\"]} -e AUTH_MECHANISM=multiUser \
       -e AUTH_TUPLES="jeroen:thefather;luke:theforce" \
       jeroenpeeters/docker-ssh
 
@@ -162,7 +163,7 @@ The name of the authorized_keys file is configured by setting `AUTHORIZED_KEYS`.
     $ docker run -d -p 2222:22 \
       -v /var/run/docker.sock:/var/run/docker.sock \
       -v ./authorized_keys:/authorized_keys
-      -e CONTAINER=my-container -e AUTH_MECHANISM=publicKey \
+      -e FILTERS={\"name\":[\"my-container\"]} -e AUTH_MECHANISM=publicKey \
       -e AUTHORIZED_KEYS=/authorized_keys \
       jeroenpeeters/docker-ssh
 
@@ -175,6 +176,12 @@ By default the shell user will be the user from the USER directive in the Docker
 If you whish to override this you can specify `SHELL_USER` as an environment variable
 to Docker-SSH. **Note: This user MUST already exist in the container, otherwise Docker-SSH will fail.**
 
+# Docker Filter
+Docker-SSH uses the filter argument of `docker ps` to target a specific container. You should make sure
+that the filter matches the intended target container. If the filter matches multiple containers, the first
+one will be used. See [https://docs.docker.com/engine/api/v1.33/#operation/ContainerList](https://docs.docker.com/engine/api/v1.33/#operation/ContainerList). For backwards compatibility the `CONTAINER` 
+environment variable passed to Docker-SSH is now implemented as a filter on container name.
+
 # Server Identity and Security
 The SSH server needs an RSA/EC private key in order to secure the connection and identify itself to clients.
 The Docker-SSH container comes with a default RSA key that will be used. If you want, you can provide your own
@@ -188,7 +195,8 @@ argument in order to know for which container to provide SSH. Mounting the Docke
 
 Argument       | Default  | Description
 ---------------|----------|------------------------------------------------------
-CONTAINER      | None     | *name* or *id* of a running container
+FILTER         | None     | Docker filter to target a container
+CONTAINER      | None     | *name* of a running container. **deprecated**, use FILTER
 CONTAINER_SHELL| bash     | path to a shell.
 AUTH_MECHANISM | None     | name of the authentication mechanism, see [User Authentication](#user-authentication)
 KEYPATH        | ./id_rsa | path to a private key to use as server identity