My stack is composed of 5 containers and only one of them is publicly accessible, all the others are private (database, caches, misc services, etc). I am trying to access one of the private ones, which I would obviously like to keep private. The SSH tunnel would be the icing on the cake because it would allow me to use a local GUI management tool rather than SSHing to the node and be limited to the CLI.
But reasons aside, this is something that should be possible since Docker has options to map ports and bind to localhost, which the Docker Cloud interface apparently doesn’t allow for some unknown reason.
The workaround I am currently using is to manually SSH to the node then manually run a TCP proxy container there (currently using demandbase/docker-tcp-proxy) with a port mapped and bound to localhost. This allows access to the private container both from the node and remotely using an SSH tunnel.