Complexity is the worst enemy of security.
--- Bruce Schneier
A simple docker SSL tunnel client. It opens an stunnel connection and routes the traffic of containers through the tunnel.
First, start the stunnel container. Your ssl and crt file must be available at the
/stunnel/config/config.ssl path in the container. Note that to connect using anything
other than the host's localhost, you must add the network to advertise too:
docker run \
--cap-add NET_ADMIN \
--e LOCAL_LAN=192.168.1.0/24 \
--volume /home/me/stunnelConfiguration/:/stunnel/config \
--name stunnel dheaps/stunnel:latest
Now, use the SSL tunnel by launching a container with the container:<stunnel container name>". This replaces the container's network stack with the stunnel
container's network stack.
docker run \
--network "container:stunnel" \
-it \
alpine
For more advanced use cases, a docker-compose.yml file is recommended. See the
examples/ folder to see how to expose a service attached to the
SSL tunnel container and how to configure a firewall so only outbound traffic through
the tunnel is allowed.