Add possibility to forward custom ports

[matteocarnelos]

Important

Since the maintainer of this repository is no longer actively maintaining it, I'm hosting a custom-built image with this feature added at ghcr.io/matteocarnelos/dockerpi.

If you wish to use this feature before it gets merged (if it will ever get merged at all), replace all instances of lukechilds/dockerpi with ghcr.io/matteocarnelos/dockerpi.

I've added the possibility to forward custom ports (besides the SSH one) by setting the environment variable HOSTFWD.

This is particularly useful when using applications with a web interface (Grafana, InfluxDB, RaspAP,...) inside the emulated Raspberry Pi, or when using protocols such as MQTT, FTP,....

Usage

Add one or more entries in the standard QEMU format (protocol::hostip:hostport-guestip:guestport) separated by spaces.

Example using the docker run command to expose the MQTT port from the Raspberry Pi to the Container (-e part) and from the Container to the Host (-p part):

docker run -it -e HOSTFWD=tcp::1883-:1883 -p 1883:1883 lukechilds/dockerpi 

Example using the docker-compose.yml file to achieve the same as above:

services:
  dockerpi:
    image: lukechilds/dockerpi
    ports:
     - "1883:1883"
    environment:
     - HOSTFWD=tcp::1883-:1883

[lukechilds]

Thanks, this is really useful!

I think we should remove the hardcoded SSH forwarding in favour of this method so users that want SSH can enable it manually.

Also could you add a small note to the readme documenting this feature?

[matteocarnelos]

Thanks for the review! I've done as you suggested.
Please feel free to edit the README section if needed, I don't have a great english.

[auphofBSF]

This is great, thanks @matteocarnelos , saves many rebuilds, however in using , can I suggest for being explicit and clear , renaming HOSTFWD in -e HOSTFWD=tcp::5022-:22 to be PI_HOSTFWD or QEMU_HOSTFWD or so that it is explicit and clear what is being forwarded.
Can you also please provide sample of how to open multiple ports ie 5678 and 22

[matteocarnelos]

That makes sense, I'll rename the variable to QEMU_HOSTFWD. Thanks for the suggestion.

To open multiple ports is necessary to put the entries separated by spaces. So, in your example:

docker run -it -e QEMU_HOSTFWD="tcp::5678-:5678 tcp::22-:22" -p 5678:5678 -p 22:22 lukechilds/dockerpi 

services:
  dockerpi:
    image: lukechilds/dockerpi
    ports:
     - "5678:5678"
     - "22:22"
    environment:
     - QEMU_HOSTFWD=tcp::5678-:5678 tcp::22-:22

[auphofBSF]

thanks @matteocarnelos , could you add that multiple port explanation to the readme, it super useful

[matteocarnelos]

@auphofBSF done👍

[jpretori]

@matteocarnelos I've been trying to get this working by cloning your repo and building the docker image from there. The build works fine and I can get Docker going, however the ssh service isn't starting during boot. When I login with pi/raspberry and run service --status-all, I get among a list of other things: [ - ] ssh

When I then try to start it up without sudo I get an authentication error (even if I feed it raspberry as the root password when it asks). If I try to start it with sudo, it seems to start and servicectl says the service is up... But ss reports nobody listening on port 22, and of course when I try to ssh in from my laptop it just times out after a while.

Not sure what I'm missing here. I've got some technical background from long ago... but not much to do with networking, SSH or Linux services. So not sure how to proceed to debug / help. I'm at your disposal, if you want to send me some things to try.

Things for reference in case they're useful. First, the Docker commandline I used to run the container. I'm not interested in MQTT, just SSH.

$ docker run -v /home/johan/pihole:/sdcard -e QEMU_HOSTFWD="tcp::5022-172.17.0.2:22" -p 5022:5022 -it lukechilds/dockerpi:latest pi3

I also tried this, the only difference is that I removed the IP address from the QEMU_HOSTFWD argument:

$ docker run -v /home/johan/pihole:/sdcard -e QEMU_HOSTFWD="tcp::5022-:22" -p 5022:5022 -it lukechilds/dockerpi:latest pi3

Here's my terminal contents where I started the service and checked its status. I split it into blocks to make it easier to read.

pi@raspberrypi:~$ systemctl status ssh.service
● ssh.service - OpenBSD Secure Shell server
   Loaded: loaded (/lib/systemd/system/ssh.service; disabled; vendor preset: ena
   Active: inactive (dead)
     Docs: man:sshd(8)
           man:sshd_config(5)

pi@raspberrypi:~$ sudo service ssh start

pi@raspberrypi:~$ systemctl status ssh.service
● ssh.service - OpenBSD Secure Shell server
   Loaded: loaded (/lib/systemd/system/ssh.service; disabled; vendor preset: ena
   Active: active (running) since Sun 2021-09-05 20:38:23 BST; 4s ago
     Docs: man:sshd(8)
           man:sshd_config(5)
  Process: 905 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
 Main PID: 906 (sshd)
    Tasks: 1 (limit: 1103)
   Memory: 1.9M
   CGroup: /system.slice/ssh.service
           └─906 /usr/sbin/sshd -D

Sep 05 20:38:22 raspberrypi systemd[1]: Starting OpenBSD Secure Shell server...
Sep 05 20:38:23 raspberrypi sshd[906]: Server listening on 0.0.0.0 port 22.
Sep 05 20:38:23 raspberrypi sshd[906]: Server listening on :: port 22.
Sep 05 20:38:23 raspberrypi systemd[1]: Started OpenBSD Secure Shell server.

pi@raspberrypi:~$ ss | grep 22
u_str ESTAB 0      0                                     * 12294              * 0                                                                               
pi@raspberrypi:~$

[jpretori]

Er, nevermind. I just had to start sshd, and figure out how to use SSH.

[LazeMSS]

Will this be merged anytime soon?

[LazeMSS]

@lukechilds do you plan on merging this?

[matteocarnelos]

Since @lukechilds doesn't seem to be maintaining this repo anymore, if you need this feature, you can use my custom-built image.

[LazeMSS]

Since @lukechilds doesn't seem to be maintaining this repo anymore, if you need this feature, you can use my custom-built image.

Great thanks. Will you publish under a different container name ie?

[matteocarnelos]

Will you publish under a different container name ie?

Don't think so, at least for now.
The namespace and registry host differ, though: ghcr.io/matteocarnelos/dockerpi.

[robertsLando]

@matteocarnelos Any clue why whatever I try to connect via ssh I get this error? kex_exchange_identification: read: Connection reset by peer.

I tried both using the main image and yours using custom forwarding, no way

P.S: curious to see we are 'neighbors' and we attended the same university :)

Update: Seems the reason is ssh is not enabled by default, need to enable the service using sudo systemctl enable ssh once logged in. I think another way coud be edit the base image and add a .ssh file inside /boot partition

[matteocarnelos]

@robertsLando I can confirm that's the problem.

In my custom image it would be ok to have SSH disabled by default since the SSH port is not forwarded by default and you might not need it. However, in the original image you want it enabled since the SSH port is forwarded by default and thus SSH must be available.

PS: È proprio piccolo il mondo! 😉