ecsta icon indicating copy to clipboard operation
ecsta copied to clipboard
verified publisher icon fujiwara

Allow binding to public 0.0.0.0 address

Open stephenh opened this issue 10 months ago • 1 comments

I'm running ecsta from within docker/docker-compose, to allow a separate docker-compose service to connect through ecsta to our dev database.

I.e. docker compose up backend-dev boots up the backend-dev service, which is the local backend code but with environment variables of DB_HOST/DB_PORT set to the ecsta service that is also running within docker-compose.

I have this working, but since ecsta only binds to localhost, when ran inside a docker container, nothing from the outside (even other docker services) could connect to it's --local-port.

I was able to use socat to bind to 0.0.0.0:port, have it forward to the localhost:port which ecsta was listening on, and then from there the traffic goes out to the ECS remote port:

#!/bin/bash
set -e

echo "Starting socat to forward 0.0.0.0:$LOCAL_PORT to localhost:$SOCAT_PORT..."
socat TCP-LISTEN:$LOCAL_PORT,bind=0.0.0.0,reuseaddr,fork TCP:localhost:$SOCAT_PORT &

echo "Starting ecsta port forwarding..."
ecsta portforward --region $ECS_REGION --cluster $ECS_CLUSTER --family $ECS_FAMILY --container $ECS_CONTAINER --local-port $SOCAT_PORT --remote-port $REMOTE_PORT

So I'm all set, but just from a simplicity perspective, a command line flag like --public or --local-address=0.0.0.0 would let me remove the socat workaround from our setup.

Thanks for the great tool!

stephenh avatar Feb 21 '25 17:02 stephenh

This could be a separate issue, but just mentioning here b/c of "while running in docker" relation, but initially ecsta was panicing with this error:

$ docker compose up ecsta
[+] Running 1/1
 ✔ Container graphql-service-ecsta-1  Recreated                                                                           0.1s
Attaching to ecsta-1
WARN[0000] could not start menu, an error occurred while starting.
ecsta-1  | Starting socat to forward 0.0.0.0:5432 to localhost:5432...
ecsta-1  | Starting ecsta port forwarding...
ecsta-1  | 2025/02/21 16:22:13 INFO running in non-interactive mode (tty is not available)
ecsta-1  | panic: runtime error: invalid memory address or nil pointer dereference
ecsta-1  | [signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x4ed284]
ecsta-1  |
ecsta-1  | goroutine 72 [running]:
ecsta-1  | io.copyBuffer({0x0, 0x0}, {0xdf7060, 0xc0003a0350}, {0x0, 0x0, 0x0})
ecsta-1  | 	/opt/hostedtoolcache/go/1.23.3/x64/src/io/io.go:431 +0x1c4
ecsta-1  | io.Copy(...)
ecsta-1  | 	/opt/hostedtoolcache/go/1.23.3/x64/src/io/io.go:388
ecsta-1  | os.genericWriteTo(0xc0003241d0?, {0x0, 0x0})
ecsta-1  | 	/opt/hostedtoolcache/go/1.23.3/x64/src/os/file.go:275 +0x4f
ecsta-1  | os.(*File).WriteTo(0xc0003241d0, {0x0, 0x0})
ecsta-1  | 	/opt/hostedtoolcache/go/1.23.3/x64/src/os/file.go:253 +0x9c
ecsta-1  | io.copyBuffer({0x0, 0x0}, {0xdf70e0, 0xc0003241d0}, {0x0, 0x0, 0x0})
ecsta-1  | 	/opt/hostedtoolcache/go/1.23.3/x64/src/io/io.go:411 +0x9d
ecsta-1  | io.Copy(...)
ecsta-1  | 	/opt/hostedtoolcache/go/1.23.3/x64/src/io/io.go:388
ecsta-1  | github.com/fujiwara/ecsta.(*Ecsta).runSessionManagerPlugin.func3()
ecsta-1  | 	/home/runner/work/ecsta/ecsta/exec.go:136 +0x2f
ecsta-1  | created by github.com/fujiwara/ecsta.(*Ecsta).runSessionManag

And I was able to work around it by adding tty: true to the docker-compose file:

  ecsta:
    build:
      context: .
      dockerfile: ./ecsta.dockerfile
    volumes:
      - ~/.aws:/root/.aws:ro
    # escta stack traces without a tty available
    tty: true

So nothing blocking for me, but just mentioning as a fwiw. Thanks!

stephenh avatar Feb 21 '25 17:02 stephenh

@stephenh I'm sorry for the late response.

ecsta v0.7.0 supports the --public CLI option to listen for all addresses. Please try it!

fujiwara avatar Jun 06 '25 17:06 fujiwara

Just had a chance to try this out @fujiwara and it worked great! Thank you!

Here's our ecsta.dockerfile if anyone else wants to do the same approach:

FROM --platform=linux/amd64 public.ecr.aws/amazonlinux/amazonlinux:2023

RUN curl "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/linux_64bit/session-manager-plugin.rpm" -o "session-manager-plugin.rpm" && \
    dnf install -y ./session-manager-plugin.rpm

RUN dnf update -y && \
    dnf install -y tar gzip && \
    dnf clean all

# Download and install ecsta (from GitHub releases)
RUN curl -L -o /tmp/ecsta.tar.gz https://github.com/fujiwara/ecsta/releases/download/v0.7.0/ecsta_0.7.0_linux_amd64.tar.gz \
    && tar xvf /tmp/ecsta.tar.gz -C /usr/local/bin \
    && chmod +x /usr/local/bin/ecsta \
    && rm /tmp/ecsta.tar.gz

ENV AWS_PROFILE=...
ENV ECS_REGION=...
ENV ECS_CLUSTER=...
ENV ECS_FAMILY=...
ENV ECS_CONTAINER=psql
ENV LOCAL_PORT=5432
ENV REMOTE_PORT=5432

EXPOSE 5432

CMD /usr/local/bin/ecsta portforward --region $ECS_REGION --cluster $ECS_CLUSTER --family $ECS_FAMILY --container $ECS_CONTAINER --local-port $LOCAL_PORT --remote-port $REMOTE_PORT --public

stephenh avatar Jun 20 '25 17:06 stephenh