Problems with docker-compose example in the README.md
MattMacGillivray opened this issue · 9 comments
Reading the ssh key file seems to fail as specified in the example, because it refers to the id_rsa file directly.
volumes:
- /etc/autossh/id_rsa:/id_rsa
It works if you map the volume to the directory containing the id_rsa file, and specify the path via SSH_KEY_FILE as an environment variable.
environment:
SSH_KEY_FILE: /ssh/id_rsa
volumes:
- /etc/autossh=:/ssh
Default SSH_MODE environment variable doesn't work with a for a strict proxy (no login). Must set it to:
SSH_MODE: -Ng -L
Can you write another full example with explanation for the cheap seats?
I learn best by example, and others may as well.
I believe that using a volume to map a single file does not work on Docker on Mac OS X, which may be what @qmnonic is encountering. Docker on Mac OS X runs the containers within a virtual machine, so the volume mapping is more limited. (That was my experience with it, in any case.)
Perhaps the entry point could look for /ssh/id_rsa and /ssh/known_hosts before /id_rsa and /known_hosts so a config directory could be supplied as a volume on /ssh instead of individual config files.
I'm on OSX. Mounting works for me. :/
[May 07 16:14] [jnovack@jnovack-macpro ~/Source/docker-autossh]$ docker run -it -v ~/.ssh/id_rsa:/id_rsa --entrypoint=/bin/sh jnovack/autossh
/ # md5sum /id_rsa
c7d923196a8d5efe5bcabcaa65077b4c /id_rsa
/ # exit
±{master} Staged: 0 | UnStaged: 0
[May 07 16:15] [jnovack@jnovack-macpro ~/Source/docker-autossh]$ md5 ~/.ssh/id_rsa
MD5 (/Users/jnovack/.ssh/id_rsa) = c7d923196a8d5efe5bcabcaa65077b4c
Same Mistake in Synology DSM. qmnonic's solution worked fine!
@jimwins @Klaas-Lindi can you help me understand more of how you are trying to use it and your full commandline/environment variables? I'm still not understanding the problem. Can you frame your argument using local/remote/target/source variables as described in the Description section of the readme so I may better understand? Or feel free to draw a detailed diagram.
By adding an additional "-N" to to the SSH_MODE, it makes me think that there's a fundamental misunderstanding of what is happening. -N is already there, it doesn't need to be added again.
@jnovack ok, so my setup is as following:
Translation from German to english:
Variable -> variable
Wert -> value
Datei/Ordner -> file/folder
Mount-Pfad -> mounting path
the path to my id_rsa file is: / . . . /docker/.ssh/id_rsa
Edit: I use the docker-app for Synology DSM
Edit: "SSH_MODE: -Ng -L" doesn't work for me. As you can see above, I use SSH_MODE: -R
Translation from German to english:
Variable -> variable
I love German humor :)
For your safety, please edit your images to pull out your internet reachable IP address (SSH_HOSTNAME), especially since you allow root access. For the purposes of this conversation you can use 203.0.113.1, a fake address, as your internet reachable IP address.
There seems to be multiple issues which need addressing. Let's deal with them separately so there is no confusion.
** Version **
First, Which Docker version are you running on the Synology? Docker for Synology version 18.09.0-0506 was just released 7 days ago. Can you upgrade and try that?
SSH_MODE
From the documentation, I spell out the following:
- local - THIS docker container.
- target - The endpoint and ultimate destination of the tunnel.
- remote - The 'middle-man', or proxy server you are tunnelling through to get to your target.
- source - The initial endpoint you are starting from that does not have access to the target endpoint, but does have access to the remote endpoint.
Is SSH_TUNNEL_HOST your Synology DSM, the target? I'm guessing you are trying to tunnel Plex, considering you have a Synology and using port 32400? In that case, yes, it's the difference between local port forwarding and remote port forwarding.
ID_RSA
This has to be related to your Synology version. Can you please upgrade your version of Docker and retry?
** Version **
First, Which Docker version are you running on the Synology? Docker for Synology version 18.09.0-0506 was just released 7 days ago. Can you upgrade and try that?
I've just installed the latest tag today... If there is any way to get an even later version, I'm sadly not aware of getting it :/
Is SSH_TUNNEL_HOST your Synology DSM, the target? I'm guessing you are trying to tunnel Plex, considering you have a Synology and using port 32400? In that case, yes, it's the difference between local port forwarding and remote port forwarding.
SSH_TUNNEL_HOST is my local DSM's IP address.
Actually, the setting I've sent to you works fine. I have the following situation:
My apartment is hosted by a company that hired an external company for providing internet to us. This company blocks every request that comes from outside the network, so I have to tunnel through their firewall via reverse proxy.
Everything that is involved in this process is running on the latest version (Sep. 18th, 2019)
Edit: The reason for my answer to this thread is that I've encountered many problems with getting the setup that I have today. It is some kind of a documentation (for me and everyone else).
My apartment is hosted by a company that hired an external company for providing internet to us. This company blocks every request that comes from outside the network, so I have to tunnel through their firewall via reverse proxy.
Yes, this is exactly why you have to -R rather than -L. I'm considering this a special circumstance, and since it is not default, that's exactly why SSH_MODE is exposed as an environment variable.
Do you mind opening a new issue with just the id_rsa issue, so as to not muddy this thread?