SSH 无法在 docker 上使用 Gitea 与 traefik 一起工作

编程问答 2022-05-24

问题描述

我已经使用 traefik (v2.3) 作为反向代理在 docker (docker-compose) 上安装了 gitea。我正在尝试设置 ssh,但它失败了,无论是通过 SSH 连接还是(主要是)执行 git clone 和 push。

我明白

<user>@<domain>: Permission denied (publickey).

我尝试在 docker-compose 文件中为 traefik 容器指定端口

ports:
  - "22:22"

在 gitea 的 docker-compose 中,我有以下标签

  # SSH
  - "traefik.http.routers.gitea_ssh.rule=HOST(`gitea.localhost`)"
  - "traefik.http.routers.gitea_ssh.entrypoints=ssh"
  - "traefik.http.routers.gitea_ssh.service=gitea_ssh"
  # Services
  - "traefik.http.services.gitea_ssh.loadbalancer.server.port=22"

我对 http 和 https 有类似的设置,http 被重定向到 https。

入口点在 traefik.yml 中定义为 ":22"

然而这不起作用。我认为信号流会像这样:

ssh request -> server port 1234 -> docker port 22 -> traefik redirects -> gitea container port 22

我已将公钥上传

我对 ssh 连接请求的此设置得到的响应是:

<login on computer>:/ <user>$ ssh -v <address to gitea>
OpenSSH_8.1p1,LibreSSL 2.7.3
debug1: Reading configuration data /<Path to config>/config
debug1: /<Path to config>/config line 12: Applying options for <address to gitea>
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 47: Applying options for *
debug1: Connecting to <address to gitea> port 1234.
debug1: Connection established.
debug1: identity file /<Path to private key>/private-key type 0
debug1: identity file /<Path to private key>/private-key-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.1
debug1: kex_exchange_identification: banner line 0: HTTP/1.1 400 Bad Request
debug1: kex_exchange_identification: banner line 1: Content-Type: text/plain; charset=utf-8
debug1: kex_exchange_identification: banner line 2: Connection: close
debug1: kex_exchange_identification: banner line 3: 
kex_exchange_identification: Connection closed by remote host

当我尝试访问 git clone 时:

<login on computer>:/ <user>$ git clone git@<address to gitea>:<path to repo>.git
cloning into 'some-repo'...
kex_exchange_identification: Connection closed by remote host
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

解决方法

我没有通过 traefik 代理 ssh 的第一手经验,但我之前看过这篇文章:

https://www.georglutz.de/blog/2020/06/20/homeassistant-with-traefik-and-ssh/

推荐它是有意义的,因为它是相同的设置。

我要指出您错误地使用了 http 路由器,您需要使用 tcp 路由器。

我使用 Gitea,我建议只在不同的端口上公开 SSH; Traefik 只会给你带来开销。

dockerdocker-composegiteasshsshtraefik