Upload 2 files
Browse files- Dockerfile +28 -0
- entrypoint_wrapper.sh +54 -0
Dockerfile
ADDED
|
@@ -0,0 +1,28 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
# 基于 nkpro/chrome-novnc:latest 镜像
|
| 2 |
+
FROM nkpro/chrome-novnc:latest
|
| 3 |
+
|
| 4 |
+
# 切换到 root 用户以安装软件包
|
| 5 |
+
USER root
|
| 6 |
+
|
| 7 |
+
# 更新包列表并安装 openssh-client, sshpass, 和 autossh
|
| 8 |
+
# --no-install-recommends 减少镜像大小
|
| 9 |
+
# 清理 apt 缓存
|
| 10 |
+
RUN apt-get update && apt-get install -y --no-install-recommends \
|
| 11 |
+
openssh-client \
|
| 12 |
+
sshpass \
|
| 13 |
+
autossh \
|
| 14 |
+
&& rm -rf /var/lib/apt/lists/*
|
| 15 |
+
|
| 16 |
+
# 将包装脚本复制到镜像中
|
| 17 |
+
COPY entrypoint_wrapper.sh /entrypoint_wrapper.sh
|
| 18 |
+
|
| 19 |
+
# 使包装脚本可执行
|
| 20 |
+
RUN chmod +x /entrypoint_wrapper.sh
|
| 21 |
+
|
| 22 |
+
# 将包装脚本设置为新的入口点
|
| 23 |
+
# 基础镜像的 CMD 将作为参数传递给此脚本
|
| 24 |
+
ENTRYPOINT ["/entrypoint_wrapper.sh"]
|
| 25 |
+
|
| 26 |
+
# (可选) 如果基础镜像最后切换回非 root 用户,可以在这里切换回去
|
| 27 |
+
# 例如: USER 1000
|
| 28 |
+
USER 1000
|
entrypoint_wrapper.sh
ADDED
|
@@ -0,0 +1,54 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
#!/bin/bash
|
| 2 |
+
set -e # 如果任何命令失败,则立即退出
|
| 3 |
+
|
| 4 |
+
# --- 配置 SSH 隧道 ---
|
| 5 |
+
REMOTE_USER="abcuser"
|
| 6 |
+
REMOTE_HOST="www.ip188.net"
|
| 7 |
+
REMOTE_SSH_PORT="30002"
|
| 8 |
+
REMOTE_FORWARD_PORT="15900" # 远程服务器 (www.ip188.net) 上要监听的端口
|
| 9 |
+
LOCAL_PORT="5900" # 容器内部要暴露的端口 (VNC 默认端口)
|
| 10 |
+
PASSWORD="abc123456" # SSH 密码 (强烈建议使用 SSH 密钥代替!)
|
| 11 |
+
# --- 配置结束 ---
|
| 12 |
+
|
| 13 |
+
echo "正在启动 SSH 隧道 (后台)..."
|
| 14 |
+
echo "远程转发: ${REMOTE_HOST}:${REMOTE_FORWARD_PORT} -> 容器 localhost:${LOCAL_PORT}"
|
| 15 |
+
|
| 16 |
+
# 导出密码供 sshpass 使用
|
| 17 |
+
export SSHPASS="${PASSWORD}"
|
| 18 |
+
|
| 19 |
+
# 设置 AUTOSSH 环境变量
|
| 20 |
+
# AUTOSSH_GATETIME=0: 防止 autossh 在首次连接失败时立即退出
|
| 21 |
+
# AUTOSSH_POLL=60: 每 60 秒检查一次连接状态 (可选)
|
| 22 |
+
export AUTOSSH_GATETIME=0
|
| 23 |
+
# export AUTOSSH_POLL=60
|
| 24 |
+
|
| 25 |
+
# 使用 autossh 启动 SSH 隧道
|
| 26 |
+
# -M 0: 不使用监控端口,依靠 SSH 进程的退出状态来检测连接失败
|
| 27 |
+
# -f: autossh 在成功建立连接和认证后转入后台运行
|
| 28 |
+
# -N: SSH 选项 - 不执行远程命令,仅用于端口转发
|
| 29 |
+
# -R: SSH 选项 - 远程端口转发 (Server to Client)
|
| 30 |
+
# -o StrictHostKeyChecking=no: 首次连接时不提示确认主机密钥 (生产环境不推荐)
|
| 31 |
+
# -o UserKnownHostsFile=/dev/null: 不使用 known_hosts 文件 (生产环境不推荐)
|
| 32 |
+
# -o ServerAliveInterval=30: 每 30 秒发送一次心跳以保持连接
|
| 33 |
+
# -o ServerAliveCountMax=3: 允许 3 次心跳无响应后断开
|
| 34 |
+
# -o ExitOnForwardFailure=yes: 如果端口转发设置失败则退出
|
| 35 |
+
# sshpass -e: 使用 SSHPASS 环境变量中的密码
|
| 36 |
+
autossh -M 0 -f \
|
| 37 |
+
-o "ServerAliveInterval=30" \
|
| 38 |
+
-o "ServerAliveCountMax=3" \
|
| 39 |
+
-o "StrictHostKeyChecking=no" \
|
| 40 |
+
-o "UserKnownHostsFile=/dev/null" \
|
| 41 |
+
-o "ExitOnForwardFailure=yes" \
|
| 42 |
+
sshpass -e ssh \
|
| 43 |
+
-N \
|
| 44 |
+
-R ${REMOTE_FORWARD_PORT}:localhost:${LOCAL_PORT} \
|
| 45 |
+
-p ${REMOTE_SSH_PORT} \
|
| 46 |
+
${REMOTE_USER}@${REMOTE_HOST}
|
| 47 |
+
|
| 48 |
+
echo "SSH 隧道启动命令已发出。等待几秒钟..."
|
| 49 |
+
sleep 5 # 等待一下,让隧道有机会建立或失败
|
| 50 |
+
|
| 51 |
+
echo "隧道设置尝试完成。现在执行容器的原始命令..."
|
| 52 |
+
|
| 53 |
+
# 执行传递给此脚本的任何命令 (即 Dockerfile 中的 CMD)
|
| 54 |
+
exec "$@"
|