Remote debugging a php application inside a kubernetes pod could be difficult. Most often our IDE is behind a NAT router that prevents direct communication between the pod and the IDE. In this case, out best bet is to deploy a DBGp proxy server on the NAT machine that connects our IDE with the pod. But not all XDebug clients support it - there is no SublimeText package or VIM plugin that supports DBGp proxy. Even worse is you don’t have control to configure the NAT machine and install the proxy server.

We urge all users upgrade to official release firmware when available.Thanks for your interests.Please read the Release Note carefully before updating firmware or installing software. Zyxel nwd2205. Reminder:NBG6615:To upgrade the firmware NBG6615 V1.00(ABMV.3)C0 or later, make sure to upgrade V1.00(ABMV.2)C0 firmware in advance.GS1900 Series:Please understand you are downloading beta firmware for immediately security patch. Also, please be aware Zyxel is not responsible for damages if firmware, software, or other files are not installed according to the Release Note instructions.

In the Services tool window, select the Images node and click. Select the Docker registry and specify the repository and tag (name and version of the image, for example, php-71-apache-xdebug-26:latest). When you click OK, PhpStorm runs the docker pull command. For more information, see the docker pull command reference.

Reverse port-forwarding with an SSH tunnel between the remote & local machine would be the solution in situations like this. But we cannot SSH into a kubernetes pod.

Kubernetes supports port-forwarding but that only works one way i.e. it’ll forward ports from local to the pod. But we need the other way around - run a server locally and listen to it in the pod. There is an open issue to have a support for this. Until they add the feature we need to find another way.

ngrok could expose our local network to internet by creating a secure tunnel between a public endpoint and a locally running network service. ngrok TCP tunnels allow you to expose any networked service that runs over TCP. To start a TCP tunnel:

After running the command, we’ll see an status like following:

You can find the public endpoint that exposes our local XDebug client running on port 9000. Now we need to copy this endpoint and put it in our php.ini and deploy the php application again:

It’s better to load these values from environment variables. Before starting the server, replace the php.ini settings with corresponding environment variables. A sample docker start script would like following:

We can also change these settings using ini_set() from within code, but I didn’t try if that works.

Now start debugging and if you have enabled remote logging, you’ll see logs like following:

This is a simple ssh-tunnel container for easily connecting to other containers / servers elsewhere via a --link-edtunnel container. This tunnel will use your local SSH-agent to connect to the endpoint thus no need to push your ~/.ssh/ files intothe image.

The full syntax for starting an image from this container:

Mac support:Please be aware that with the launch of the Docker for Mac Beta this currently doesnt work on Mac. Please see this note

• you would like to have a tunnel port 3306 on server example.com locally exposed as 3306

  docker run -d --name tunnel_mysql -v $SSH_AUTH_SOCK:/ssh-agent kingsquare/tunnel *:3306:localhost:3306 me@example.com

• you would like to have a tunnel port 3306 on server example.com locally exposed on the host as 3308

  docker run -d -p 3308:3306 --name tunnel_mysql -v $SSH_AUTH_SOCK:/ssh-agent kingsquare/tunnel *:3306:localhost:3306 me@example.com

This method allows for using this image as an ambassador to other (secure) servers:

use the links in another container via exposed port 2222:

• 2017-01-27

  • Update image to use the alpine:3.5
  • Use autossh instead of simple ssh for extra stability of the tunnel
  • Provided sample Makefile to automate the build process -- onunix-like systems you can use make command to build docker image andcontainer.

  SSH_CMD='*:6379:localhost:6379 martin@172.17.0.1' make build-container

  • The assumption is, that local ssh-agent holds the required identityfiles. Another solution may be to generate new ssh key (ssh-keygen)and use the ssh -i option to provide the identity directly.

• 2016-09-13

  Thanks to @phlegx we now have a seperate tag for reversed tunnels (remote -> local)This adds the following tags to this repo:

  • kingsquare/tunnel:latest (the -L option)
  • kingsquare/tunnel:forward
  • kingsquare/tunnel:l

  and the reverse option: (the -R option)

  • kingsquare/tunnel:reverse
  • kingsquare/tunnel:r

  Thanks @ignar for bringing this container back to my attention :)

• 2015-11-10

  Thanks to @ignar I took another look at the dockerfile and have updated it to use AlpineLinuxThis results in a much smaller image (<8mb) and is still just as fast and functional.Thanks @ignar for bringing this container back to my attention :)