Why sFTP into persistent volumes
Sometimes you need to provision a bunch of static files.
Our Serverless Containers platform support persistent volumes, which is a great way of ensuring that your containers have access to files like assets, secrets, and more. We recently received a question how to provision static assets like images, since we don't provide direct access to the persistent volumes.
One way to do this is through sFTP; that's an FTP connection over SSH, which means that it's very secure and can be set-up with a simple OpenSSH server. However, since our platform currently only allows HTTP and HTTPS ingresses, it's not possible to expose this SSH server to the outside world.
This is where the tool ngrok comes in; ngrok is an application that builds reverse connections and it can be used to create secure connections between different machines. In our case of enabling sFTP, we have built two containers: one for SSH, and one for ngrok.
Step 1: Creating your ngrok account
In order to use ngrok, you need to sign up to the ngrok service at ngrok.io. If you want to be using TCP ports (such as SSH in this case), they will also need a valid credit card which is used to prevent abuse. It will not be charged however. Once you have an account, you should look for the auth token as that is required for communication from the container.
Step 2: Deploying the containers
We have two containers in our container registry: one for sshd, one for ngrok. If you would like to build them yourself, you can look at the sources.
The images links are:
- registry.gitlab.com/tilaa-cloud/ngrok-sftp/ngrok:1.0 for the ngrok container, and
- registry.gitlab.com/tilaa-cloud/ngrok-sftp/sshd:1.0 for the ssd container.
Deploying the containers could not be simpler. In the cloud portal, deploy one container named "sshd". Make sure you set the required environment variable FTP_PASSWORD, make sure you mount a persistent volume to the home directory of the user (/home/ftp by default), and make sure you open port 22. This container will then be able to access the persistent volume through SSH.
Next, deploy the ngrok container with the name "ngrok" with the environment variable NGROK_AUTHTOKEN. By default it will connect to the hostname "sshd". A single replica is more than enough for this use case.
Step 3: Connecting to sFTP through ngrok
Once both containers have started, you can see the hostname and port to connect to in either the ngrok dashboard or the logs of the ngrok container. Use your favourite sFTP client (like filezilla, which works on every OS), fill out the details that are visible in the dashboard and connect. If all is configured correctly, you should be able to login to your SSH container, which will allow you to place files on your Persistent Volumes!
If you're running into issues following this how to, don't hesitate to reach out to us - we will gladly troubleshoot your issue. Don't forget to scale your containers back to 0 if you no longer need them.
Comments
Article is closed for comments.