Connecting to Lxd Container Remotely

Hello @bobj I have two questions regarding dhis2-tools:

  • Connecting to postgres remotely, given that it’s hosted in one of the lxd containers. Am using Azure Linux VMs, and would like to redirect my data pipelines to the postgres container.
  • Secondly, can you deploy a war file to an existing database i.e in a situation where I have migrated a database into my lxd containers.

Thanks

HI @mykbitz .

For the first question I am assuming that you have a server in Azure and you would like to connect an instance in your computer to that server? I don’t really understand what do you mean with your data pipelines. Anyway, if that would be the case you have several options but for simplicity and security I would perform the following

  1. Ensure you can SSH to the server
  2. Make sure you can access the SQL container from withing the host (I think this is by default in the firewall configuration and not only from the DHIS2 container)
  3. Connect to the SSH server by using portforwarding (How to Use SSH Port Forwarding {Ultimate Guide}) probably you will end up with something like $> ssh -L 5432:localhost:5432 you@server (This can also be achieved by putty if you need to)
  4. As from that moment your local connections will be passed to the remote server. So you can have access with any SQL administration software or you could have your DHIS2 instance pointing there. The connection will remain as long as you don’t close the tunnel.

Your second question is not clear to me.

Cheers.

Thanks @jaime.bosque this was helpful. However, since am defining the connection from Azure Data Factorys’ linked service (does not have an option for ssh tunneling), I opted for a network address translation and it worked fine, the data pipelines can pull directly from the container.

As for the second question - We have always used the native way of installing DHIS2, however, with the development of dhis2-tools, I find containerization very useful. Therefore, wanted to migrated data into the containers. I found a workaround nonetheless.

Then this question might be better replied by @bobj . But I don’t see a reason why not to do so. There is even an option to do so with the recommended tools: GitHub - bobjolliffe/dhis2-tools-ng: Next generation dhis2-tools

Also, and just from the security perspective, by having enabled the NAT you might have exposed your database connection to the outside world so I would make changes in the configuration file and/or firewall configuration to allow connections from only specific addresses.