{"id":15753550,"url":"https://github.com/dmotte/docker-portmap-server-rootless","last_synced_at":"2025-03-31T07:42:08.405Z","repository":{"id":234009442,"uuid":"788163133","full_name":"dmotte/docker-portmap-server-rootless","owner":"dmotte","description":"🐳 Docker image that can be used for remote port forwarding (rootless version)","archived":false,"fork":false,"pushed_at":"2024-08-25T14:36:54.000Z","size":26,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-06T12:15:25.691Z","etag":null,"topics":["docker","docker-compose","docker-image","expose","forward","forwarding","openssh","port","port-forwarding","portmap","private-key","remote","rootless","server","ssh","ssh-server","sshd","tcp","tunnel"],"latest_commit_sha":null,"homepage":"https://hub.docker.com/r/dmotte/portmap-server-rootless","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dmotte.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-04-17T22:34:12.000Z","updated_at":"2024-08-25T14:36:35.000Z","dependencies_parsed_at":"2024-10-04T07:41:13.841Z","dependency_job_id":null,"html_url":"https://github.com/dmotte/docker-portmap-server-rootless","commit_stats":null,"previous_names":["dmotte/docker-portmap-server-rootless"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dmotte%2Fdocker-portmap-server-rootless","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dmotte%2Fdocker-portmap-server-rootless/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dmotte%2Fdocker-portmap-server-rootless/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dmotte%2Fdocker-portmap-server-rootless/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dmotte","download_url":"https://codeload.github.com/dmotte/docker-portmap-server-rootless/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246436052,"owners_count":20776960,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","docker-compose","docker-image","expose","forward","forwarding","openssh","port","port-forwarding","portmap","private-key","remote","rootless","server","ssh","ssh-server","sshd","tcp","tunnel"],"created_at":"2024-10-04T07:41:07.642Z","updated_at":"2025-03-31T07:42:08.377Z","avatar_url":"https://github.com/dmotte.png","language":"Shell","readme":"# docker-portmap-server-rootless\n\n![icon](icon-149.png)\n\n[![GitHub main workflow](https://img.shields.io/github/actions/workflow/status/dmotte/docker-portmap-server-rootless/main.yml?branch=main\u0026logo=github\u0026label=main\u0026style=flat-square)](https://github.com/dmotte/docker-portmap-server-rootless/actions)\n[![Docker Pulls](https://img.shields.io/docker/pulls/dmotte/portmap-server-rootless?logo=docker\u0026style=flat-square)](https://hub.docker.com/r/dmotte/portmap-server-rootless)\n\nThis is a :whale: **Docker image** containing an **OpenSSH server** that can be used for **remote port forwarding** only (rootless version). This image is almost equivalent to [dmotte/docker-portmap-server](https://github.com/dmotte/docker-portmap-server) but it runs as a **non-root user**.\n\nInspired by: https://www.golinuxcloud.com/run-sshd-as-non-root-user-without-sudo/\n\n\u003e :package: This image is also on **Docker Hub** as [`dmotte/portmap-server-rootless`](https://hub.docker.com/r/dmotte/portmap-server-rootless) and runs on **several architectures** (e.g. amd64, arm64, ...). To see the full list of supported platforms, please refer to the [`.github/workflows/main.yml`](.github/workflows/main.yml) file. If you need an architecture which is currently unsupported, feel free to open an issue.\n\n## Usage\n\n\u003e **Note**: this Docker image uses an **unprivileged user** to perform the remote port forwarding stuff. As a result, it will only be possible to use **port numbers \u003e 1024**. However this is not a problem at all, since you can still leverage the **Docker port exposure feature** to bind to any port you want on your host (e.g. `-p \"80:8080\"`).\n\nThe first things you need are **host keys** for the OpenSSH server and an **SSH key pair** for the client to be able to connect. See the usage example of [dmotte/docker-portmap-server](https://github.com/dmotte/docker-portmap-server) for how to get them.\n\nIn general, the use of this image is very similar to [dmotte/docker-portmap-server](https://github.com/dmotte/docker-portmap-server), but:\n\n- the **SSH key pairs** go directly into the root of the `/ssh-client-keys` volume instead of subdirectories (because we have only a single regular user inside the container)\n- if you want the container to generate missing keys, the related **volume(s) must be writable** by the `portmap` user of the container; otherwise, the generated keys won't be written to the volume(s). For example, to **change the owner** user of the root of an empty volume, you can do something like:\n\n```bash\ndocker volume create myvol\ndocker run --rm -v myvol:/v docker.io/library/busybox chown 100:101 /v\n```\n\n\u003e **Tip**: if you are using **Podman** and a **mounted directory** (bind mount) instead of a volume, this works too:\n\u003e\n\u003e ```bash\n\u003e podman unshare chown 100:101 mydir\n\u003e ```\n\nIn the `PERMIT_LISTEN` **environment variable** you need to specify [which ports can be bound](https://man.openbsd.org/sshd_config#PermitListen), separated by spaces. Example: `8001 8002 8003`\n\nFinally, you can start the server:\n\n```bash\ndocker run -it --rm \\\n -v \"$PWD/hostkeys:/ssh-host-keys\" \\\n -v \"$PWD/myclientkey.pub:/ssh-client-keys/myclientkey.pub:ro\" \\\n -p80:8080 -p2222:2222 \\\n -ePERMIT_LISTEN=8080 \\\n dmotte/portmap-server-rootless\n```\n\nSee [dmotte/docker-portmap-server](https://github.com/dmotte/docker-portmap-server) for further details on usage; it's very similar to this one.\n\nFor a more complex example, refer to the [`docker-compose.yml`](docker-compose.yml) file.\n\n### Environment variables\n\nList of supported **environment variables**:\n\n| Variable | Required | Description |\n| -------------------- | ---------------- | ---------------------------------------------------------------- |\n| `KEEPALIVE_INTERVAL` | No (default: 30) | Value for the `ClientAliveInterval` option of the OpenSSH server |\n| `PERMIT_LISTEN` | Yes | Value for the `PermitListen` option of the OpenSSH server |\n\n## Development\n\nIf you want to contribute to this project, you can use the following one-liner to **rebuild the image** and bring up the **Docker-Compose stack** every time you make a change to the code:\n\n```bash\ndocker-compose down \u0026\u0026 docker-compose up --build\n```\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdmotte%2Fdocker-portmap-server-rootless","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdmotte%2Fdocker-portmap-server-rootless","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdmotte%2Fdocker-portmap-server-rootless/lists"}