fix(gitea): ensure SSH access is working

2022-04-23 10:20:23 +01:00 · 2022-04-23 10:20:23 +01:00 · 0f8c243682
commit 0f8c243682
parent 842472e8f4
7 changed files with 10 additions and 10 deletions
--- a/files/compose/docker-compose.yaml
+++ b/files/compose/docker-compose.yaml
@ -33,7 +33,7 @@ services:
      published: 443
      protocol: "tcp"
      mode: "host"
-    - target: 22
+    - target: ${TRAEFIK_EXTERNAL_SSH_PORT}
      published: ${TRAEFIK_EXTERNAL_SSH_PORT}
      protocol: "tcp"
      mode: "host"
@ -68,7 +68,6 @@ services:
        GITEA_BIN: "${GITEA_BIN}"
        GITEA_DATA_CONTAINER_DIR: "${GITEA_DATA_CONTAINER_DIR}"
        GITEA_TMP: "${GITEA_TMP}"
-        GITEA_VERSION: "${GITEA_VERSION}"
      context: "./gitea"
    expose:
    - "${GITEA_SSH_PORT}"
--- a/files/gitea/Dockerfile
+++ b/files/gitea/Dockerfile
@ -18,7 +18,8 @@ RUN apk --no-cache add \
    gettext \
    git \
    curl \
-    gnupg
+    gnupg \
+    openssh-keygen

 RUN addgroup -S -g ${FLOW_GID} flow && \
    adduser -S -H -D -h ${GITEA_HOME} -s /bin/bash -u ${FLOW_UID} -G flow git && \
--- a/files/gitea/app.ini
+++ b/files/gitea/app.ini
@ -26,8 +26,10 @@ HTTP_ADDR               = ${GITEA_CONTAINER_IPV4_ADDRESS}
 HTTP_PORT               = ${GITEA_HTTP_PORT}
 ROOT_URL                = https://${GITEA_DOMAIN}
 DISABLE_SSH             = false
+START_SSH_SERVER        = true
 SSH_DOMAIN              = ${GITEA_DOMAIN}
-SSH_PORT                = ${GITEA_SSH_PORT}
+SSH_PORT                = ${TRAEFIK_EXTERNAL_SSH_PORT}
+SSH_LISTEN_HOST         = ${GITEA_CONTAINER_IPV4_ADDRESS}
 SSH_LISTEN_PORT         = ${GITEA_SSH_PORT}
 BUILTIN_SSH_SERVER_USER = git
 LFS_START_SERVER        = false
--- a/files/gitea/dynamic_git.yaml
+++ b/files/gitea/dynamic_git.yaml
@ -17,7 +17,7 @@ tcp:
  routers:
    gitSSH:
      entryPoints:
-      - "ssh"
+      - "gitSSH"
      rule: "HostSNI(`*`)"
      service: "gitSSH"
  services:
--- a/files/scripts/bootstrap.sh
+++ b/files/scripts/bootstrap.sh
@ -133,7 +133,7 @@ export GITEA_SECRET_CONTAINER_DIR="/flow/gitea/secret"

 export TRAEFIK_DOCKER_DIR="${DOCKER_ROOT}/traefik"
 export TRAEFIK_CHECK_NEW_VERSION="${TRAEFIK_CHECK_NEW_VERSION:-true}"
-export TRAEFIK_EXTERNAL_SSH_PORT="${TRAEFIK_EXTERNAL_SSH_PORT:-22}"
+export TRAEFIK_EXTERNAL_SSH_PORT="${TRAEFIK_EXTERNAL_SSH_PORT:-2222}"
 export TRAEFIK_LOG_LEVEL="${TRAEFIK_LOG_LEVEL:-info}"
 export TRAEFIK_SEND_ANONYMOUS_USAGE="${TRAEFIK_SEND_ANONYMOUS_USAGE:-false}"
 export TRAEFIK_VERSION="${TRAEFIK_VERSION:-v2.6.3}"
--- a/files/traefik/Dockerfile
+++ b/files/traefik/Dockerfile
@ -10,6 +10,4 @@ ADD dynamic_dashboard.yaml /tmp/

 RUN chmod +x /entrypoint.sh

-EXPOSE 22 80 443
-
 CMD ["--configfile=/flow/traefik/traefik.yaml"]
--- a/files/traefik/traefik.yaml
+++ b/files/traefik/traefik.yaml
@ -17,8 +17,8 @@ entryPoints:
          permanent: true
  https:
    address: "${TRAEFIK_CONTAINER_IP}:443"
-  ssh:
-    address: "${TRAEFIK_CONTAINER_IP}:22"
+  gitSSH:
+    address: "${TRAEFIK_CONTAINER_IP}:${TRAEFIK_EXTERNAL_SSH_PORT}"
 providers:
  file:
    watch: true