Added mod for ssh tunneling

.travis.yml

@@ -4,16 +4,16 @@ language: shell
 
 branches:
   only:
-    - <baseimagename>-<modname> #replace variables, omit brackets
+    - openssh-server-ssh-tunnel
 
 services:
   - docker
 
 env:
   global:
-    - DOCKERHUB="linuxserver/mods" #don't modify
-    - BASEIMAGE="baseimagename" #replace
-    - MODNAME="modname" #replace
+    - DOCKERHUB="linuxserver/mods"
+    - BASEIMAGE="openssh-server"
+    - MODNAME="ssh-tunnel"
 
 jobs:
   include:
@@ -32,4 +32,4 @@ jobs:
         - echo $DOCKERPASS | docker login -u $DOCKERUSER --password-stdin
         # Push all of the tags
         - docker push ${DOCKERHUB}:${BASEIMAGE}-${MODNAME}-${TRAVIS_COMMIT}
-        - docker push ${DOCKERHUB}:${BASEIMAGE}-${MODNAME}
+        - docker push ${DOCKERHUB}:${BASEIMAGE}-${MODNAME}

Dockerfile.complex

@@ -1,21 +0,0 @@
-## Buildstage ##
-FROM lsiobase/alpine:3.9 as buildstage
-
-RUN \
- echo "**** install packages ****" && \
- apk add --no-cache \
-	curl && \
- echo "**** grab rclone ****" && \
- mkdir -p /root-layer && \
- curl -o \
-	/root-layer/rclone.deb -L \
-	"https://downloads.rclone.org/v1.47.0/rclone-v1.47.0-linux-amd64.deb"
-
-# copy local files
-COPY root/ /root-layer/
-
-## Single layer deployed image ##
-FROM scratch
-
-# Add files from buildstage
-COPY --from=buildstage /root-layer/ /

README.md

@@ -1,15 +1,35 @@
 # Docker mod for openssh-server
 
-This mod adds rsync to openssh-server, to be installed/updated during container start.
+This mod adds ssh tunnelling to openssh-server, by enabling tcp forwarding during container start.
 
-In openssh-server docker arguments, set an environment variable `DOCKER_MODS=linuxserver/mods:openssh-server-rsync`
+In openssh-server docker arguments, set an environment variable `DOCKER_MODS=linuxserver/mods:openssh-server-ssh-tunnel`
 
-# Mod creation instructions
+Note: `GatewayPorts` is set to `clientspecified`, this moves the responsibility to define the gateway host of the port to the client that opens the tunnel, e.g. `*:8080` to forward 8080 to all connection, default is localhost only.
+In addition it is still necessary to expose the same port on the container level, using either the `--expose` (only to other containers) or the `--port` (expose on host level/internet) run options (or the counterparts in docker-compose).
 
-* Ask the team to create a new branch named `<baseimagename>-<modname>`. Baseimage should be the name of the image the mod will be applied to. The new branch will be based on the `template` branch.
-* Fork the repo, checkout the template branch.
-* Edit the `Dockerfile` for the mod. `Dockerfile.complex` is only an example and included for reference; it should be deleted when done.
-* Inspect the `root` folder contents. Edit, add and remove as necessary.
-* Edit this readme with pertinent info, delete thse instructions.
-* Finally edit the `travis.yml`. Customize the build branch,and the vars for `BASEIMAGE` and `MODNAME`
-* Submit PR against the branch created by the team
+Example:
+
+When creating the container with the following setup:
+```
+version: '2'
+services:
+  ssh-tunnel:
+    image: linuxserver/openssh-server
+    environment:
+      - PUBLIC_KEY_FILE=/config/id_rsa.pub
+      - TCP_FORWARDING=true
+      - DOCKER_MODS=linuxserver/mods:openssh-server-ssh-tunnel
+    volumes:
+      - ./id_rsa.pub:/config/id_rsa.pub
+    expose:
+      - 30000
+    ports:
+      - 2222:2222
+```
+
+It's possible to expose the clients port 8080 through the containers port 30000 like this:
+```
+ssh -R *:30000:localhost:8080 example.com -p 2222
+```
+
+Port 30000 will then only be available to other containers (e.g. a web server acting as a reverse proxy), when using `ports` instead of `expose` the port would be accessible from the host (and the network it resides in, e.g. the internet). The client command can be automated using autossh.

root/etc/cont-init.d/99-ssh-tunnel-config

@@ -0,0 +1,6 @@
+#!/usr/bin/with-contenv bash
+
+# allow tcp forwarding within openssh settings
+sed -i '/^AllowTcpForwarding/c\AllowTcpForwarding yes' /etc/ssh/sshd_config
+sed -i '/^GatewayPorts/c\GatewayPorts clientspecified' /etc/ssh/sshd_config
+echo "TcpForwarding is enabled"

root/etc/cont-init.d/99-vpn-config

@@ -1,27 +0,0 @@
-#!/usr/bin/with-contenv bash
-
-# Determine if setup is needed
-if [ ! -f /usr/local/lib/python***/dist-packages/sshuttle ] && \
-[ -f /usr/bin/apt ]; then
-  ## Ubuntu
-  apt-get update
-  apt-get install --no-install-recommends -y \
-    iptables \
-    openssh-client \
-    python3 \
-    python3-pip 
-  pip3 install sshuttle
-fi
-if [ ! -f /usr/lib/python***/site-packages/sshuttle ] && \
-[ -f /sbin/apk ]; then
-  # Alpine
-  apk add --no-cache \
-    iptables \
-    openssh \
-    py3-pip \
-    python3 
-  pip3 install sshuttle
-fi
-
-chown -R root:root /root
-chmod -R 600 /root/.ssh

root/etc/services.d/sshvpn/run

@@ -1,3 +0,0 @@
-#!/usr/bin/with-contenv bash
-
-sshuttle --dns --remote root@${HOST}:${PORT} 0/0 -x 172.17.0.0/16