A proxy sidecar for moving security with MSSQL out of your services.
You connect to the proxy with any username / password combination and the proxy injects the correct login credentials.
$ docker run -p 1433:1433 -e MSSQLPROXY_PROXIES="0.0.0.0:1433=username:password@mssql-server:1433" -d dajudge/mssqlproxy:0.0.2MSSQLPROXY_PROXIES is a comma-separated list of proxy definitions where each proxy definition looks like this:
<bindAddress>:<bindPort>=<username>:<password>@<serverHostname>:<serverPort>
Fields:
bindAddress: the local address to listen onbindPort: the local port to listen onusername: the username to use for logging in to the MSSQL serverpassword: the password to use for logging into the MSQQL serverserverHostname: the hostname of the MSSQL serverserverPort: the port of the MSSQL server
Start a MSSQL server instance with the password MyPassword100 (runs on port 1433):
$ docker run -e ACCEPT_EULA=y -e SA_PASSWORD=MyPassword100 --net host -d mcr.microsoft.com/mssql/server:2017-CU8-ubuntuStart a mssqlproxy on port 51433:
$ docker run --net host -e MSSQLPROXY_PROXIES="0.0.0.0:51433=sa:MyPassword100@localhost:1433" -d dajudge/mssqlproxy:0.0.2Talk to the MSSQL server via the proxy with invalid credentials:
$ docker run --rm --net host -it mcr.microsoft.com/mssql-tools /opt/mssql-tools/bin/sqlcmd -S tcp:localhost,51433 -U sa -P wrong
1> select @@version
2> go
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Microsoft SQL Server 2017 (RTM-CU8) (KB4338363) - 14.0.3029.16 (X64)
Jun 13 2018 13:35:56
Copyright (C) 2017 Microsoft Corporation
Developer Edition (64-bit) on Linux (Ubuntu 16.04.4 LTS)
(1 rows affected)
1> exit- Improved handling of various protocol versions.
- Strong server certificate verification (waiting for a feature in r2dbc-mssql).