SSH无法在traefik的docker上使用Gitea [英] SSH not working using Gitea on docker with traefik
问题描述
我已经在traefik(v2.3)作为反向代理的docker(docker-compose)上安装了gitea.我正在尝试设置ssh,但是它失败了,无论是SSH进入还是(主要)执行git clone和push.
I have installed gitea on docker (docker-compose) with traefik (v2.3) as reverse proxy. I'm trying to set up ssh but it's failing, both to SSH into and (mainly) to perform git clone and push.
我知道
<user>@<domain>: Permission denied (publickey).
我尝试在docker-compose文件中为traefik容器指定端口
I have tried specifying ports in the docker-compose file for the traefik container
ports:
- "22:22"
在gitea的docker-compose中,我具有以下标签:
and in the docker-compose for gitea I have the following labels:
# SSH
- "traefik.http.routers.gitea_ssh.rule=HOST(`gitea.localhost`)"
- "traefik.http.routers.gitea_ssh.entrypoints=ssh"
- "traefik.http.routers.gitea_ssh.service=gitea_ssh"
# Services
- "traefik.http.services.gitea_ssh.loadbalancer.server.port=22"
我对http和https具有类似的设置,http重定向到https.
I have similar setup for http and https, http is redirected to https.
入口点在traefik.yml中定义为:22"
Entrypoints is defined in traefik.yml as ":22"
但是这不起作用.我认为信号流会像这样:
This however doesn't work. I figured signal flow would go like this:
ssh request -> server port 1234 -> docker port 22 -> traefik redirects -> gitea container port 22
我已将公钥上传到
通过此设置获得的ssh连接请求响应为:
The response I get with this setup for ssh connection request is:
<login on computer>:/ <user>$ ssh -v <address to gitea>
OpenSSH_8.1p1, LibreSSL 2.7.3
debug1: Reading configuration data /<Path to config>/config
debug1: /<Path to config>/config line 12: Applying options for <address to gitea>
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 47: Applying options for *
debug1: Connecting to <address to gitea> port 1234.
debug1: Connection established.
debug1: identity file /<Path to private key>/private-key type 0
debug1: identity file /<Path to private key>/private-key-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.1
debug1: kex_exchange_identification: banner line 0: HTTP/1.1 400 Bad Request
debug1: kex_exchange_identification: banner line 1: Content-Type: text/plain; charset=utf-8
debug1: kex_exchange_identification: banner line 2: Connection: close
debug1: kex_exchange_identification: banner line 3:
kex_exchange_identification: Connection closed by remote host
当我尝试访问git clone时:
And when I try to access git clone:
<login on computer>:/ <user>$ git clone git@<address to gitea>:<path to repo>.git
Cloning into 'some-repo'...
kex_exchange_identification: Connection closed by remote host
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
推荐答案
我没有通过traefik代理ssh的第一手经验,但是我之前看过这篇文章:
I don't have first hand experience with proxying ssh via traefik but i've looked at this article before:
https://www.georglutz.de/blog/2020/06/20/homeassistant-with-traefik-and-ssh/
并且推荐它是有意义的,因为它是相同的设置.
and makes sense to recommend it, since it's the same setup.
我会指出您错误地使用了http路由器,您需要一个tcp.
and i would point out that you're wrongly using the http router, you need the tcp one.
我使用Gitea,建议将SSH暴露在其他端口上.特拉菲克只会给你开销.
I use Gitea and I would advise just exposing SSH, on a different port; Traefik will only give you overhead.
这篇关于SSH无法在traefik的docker上使用Gitea的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!