If you bind port forwarding to unix domain socket, it is convenient because you can bring it into the docker container through volume mount. Below, mysql is taken as an example.
ssh -o StreamLocalBindUnlink=yes -fNL /tmp/sock/db.sock:$DB_HOST:3306 bastion
Stepping stone server as well as bastion
You can remove the fN option if you don't need it.
If you add -o StreamLocalBindUnlink = yes, even if a unix domain socket already exists in the specified path, it will be overwritten and forwarded.
Start the container with --volume / tmp / sock: / tmp / sock.
mysql --socket /tmp/sock/db.sock -u ...
https://qiita.com/toritori0318/items/193df8f749a9c4bda883 It's a pity that I can't access it from the browser (I don't use the browser inside the container, but it's annoying to switch between binding to the port and binding to the unix domain socket)