问题
I need to access a remote server from Bitbucket Pipelines. This remote server is available only to a specific host which has its IP address whitelisted. Here is what I want:
Pipelines <---> The gateway host <---> The remote server
I was trying to use sshutle
to setup an ssh-based VPN to forward all network traffic via the gateway host, but it looks like Pipelines don't allow containers to run VPN (see issue #12753).
What can I do to access the remote server?
回答1:
There is a solution if forwarding only http/https is enough for you. Use SSH to set up a socks5 proxy.
First, add Bitbucket's public SSH key to ~/.ssh/authorized_keys
on the gateway server. Open Repository --> Settings --> (Pipelines) SSH keys
and follow instructions on this page.
Then add these steps to the bitbucket-pipelines.yml
:
# Start in foreground (-fN), use compression (-C), set up port forwarding (-D)
ssh -fN -C -D 41337 user@server.foobar.com
export http_proxy='socks5://localhost:41337'
export https_proxy='socks5://localhost:41337'
Use curl
to check whether proxy works:
curl http://checkip.amazonaws.com
回答2:
You can also create SSH tunnel instead of proxy with one line, and you can put multiple ip addresses, this is what worked for me. It exposes 9200 and 5000 from server to your localhost
ssh -fN user@server -L *:9200:localhost:9200 -L *:5000:localhost:5000
来源:https://stackoverflow.com/questions/45309737/how-to-use-vpn-with-bitbucket-pipelines