Appendix - Setting up an SSH tunnel to a remote database

To allow FlexDeploy to deploy to a database instance on the Oracle cloud without having to open up the database ports via the firewall, an ssh tunnel can be established from an internal server.  This ssh tunnel can then be configured to talk to the database listener via the ssh tunnel.  To accomplish this, on a server on the local network that will serve as the endpoint to connect to the cloud database:

  

Step-by-step guide

  1. -Setup the SSH to communicate from the internal endpoint to the cloud instance
    1. Create an .ssh directory:   mkdir /home/oracle/.ssh/id_rsa
    2. Populate the id_rsa file with the private key
    3. Make sure permissions on the directory and file are 600:   chmod -R 600 /home/oracle/.ssh
  2. Start the SSH tunnel as a background process:
    1. Change LOCALPORT to the port that FlexDeploy will connect to on the endpoint
    2. Change CLOUD_INSTANCE to the public DNS name or IP Address of the cloud instance
    3. Change CLOUD_DB_PORT to the listener port of the database on the cloud
    4. Run the command from the linux prompt:  ssh -i /home/oracle/.ssh/id_rsa -f -L LOCALPORT:CLOUD_INSTANCE:CLOUD_DB_PORT oracle@CLOUD_INSTANCE -N

EXAMPLE:

ssh -i /home/oracle/.ssh/id_rsa -f -L 1621: oc-129-144-43-94.compute.oraclecloud.com:1521 oracle@oc-129-144-43-94.compute.oraclecloud.com -N

  

  1. Now configure FlexDeploy:
  2. Setup an endpoint to the server that you created the ssh tunnel on.
  3. Configure the Database plugin to point to a JDBC URL of localhost:1621:dbt03 on the endpoint that you set up.
  4. Localhost will cause it to use the ssh tunnel on the current endpoint.
  5. The port of 1621 is automatically forwarded via the ssh tunnel to the cloud instance’s port 1521.
  6. The database dbt03 resides on the cloud instance.