The suSSHi Proxy component requires configuration with the right parameters. This configuration can be downloaded from the suSSHi Chef UI and used in different ways:
A JSON configuration file mapped into the container (bind mount).
A JSON configuration file stored in docker secrets.
An environment variable storing the Base64 encoded JSON configuration.
This allows us to use different methods to run the container.
6.2.1. Bind Mount
Now we are ready to deploy the suSSHi Proxy container at the edge of our cloud environment by copying the downloaded configuration to a local filesystem, config store or container file system and mapping it in the proxy container to one of the following default paths within the container:
A Docker Compose file may look like this:
version: '3.5' services: susshi-proxy: container_name: 'susshi-proxy' image: 'registry.susshi.io/susshi-proxy:21.05' restart: always ports: - "<external_ip>:22:22" volumes: - /opt/wasabi/susshi/config:/opt/wasabi/susshi/config
Of course, you can also map it to another location and start the container using the -f option.
6.2.2. Docker Secret
Another option is to add the JSON configuration file as a secret named
susshi-proxyd.json to Docker and mount the
secret into the container:
version: '3.5' services: susshi-proxy: container_name: 'susshi-proxy' image: 'registry.susshi.io/susshi-proxy:21.05' restart: always ports: - "<external_ip>:22:22" secrets: - susshi-proxyd.json secrets: susshi-proxyd.json: file: /path/to/susshi-proxyd.json
The secret is mapped in the container file system under
Since the suSSHi Proxy container expects a file named
/run/secrets/susshi-proxyd.json, you must also name the
6.2.3. Environment Variable
You can simply download the JSON configuration as a single-lined Base64-encoded (RFC 4648) string.
This string can than be added as environment variable called
PROXY_CONFIG to the container.
version: '3.5' services: susshi-proxy: container_name: 'susshi-proxy' image: 'registry.susshi.io/susshi-proxy:19.01' restart: always ports: - "<external_ip>:22:22" env_file: - ./.proxy-env
You can also provide the Base64-encoded string as variable under the
environment key of the service definition.
This is especially useful in environments where you want to run the container without any configuration file at all.