Failing to specify an ssh endpoint for docker provider

coolnodje · February 17, 2021, 3:49pm

I feel dumb as this should be straightforward but I can't find any match for this error:
I'm simply trying to replace the default docker provider endpoint in a docker-compose.yml command: section from

- --providers.docker.endpoint=unix:///var/run/docker.sock

to

- --providers.docker.endpoint="ssh://user@192.168.0.135"

and I get this error:

msg="Failed to create a client for docker, error: parse \"\\\"ssh://user@192.168.0.135\\\"\": first path segment in URL cannot contain colon" providerName=docker

And if I don't quote the ssh string as in

- --providers.docker.endpoint=ssh://user@192.168.0.135

I get this error:

exec: \"ssh\": executable file not found in $PATH" providerName=docker

What am I doing wrong here?

cakiwi · February 18, 2021, 3:04am

Hi @coolnodje

I didn't know you could do that with traefik.

Based on the second error you are missing ssh.
If you're using the traefik container ssh is not installed, you could try building your own and add openssh-client.

coolnodje · February 18, 2021, 11:23am

hum, that's right, the ssh binary should be available from the Traefik docker container.
This is the 1st method advised by traefik documentation to secure the traefik install.

I would have expected the ssh binary to be readily available then, but since the traefik image is based on Alpine, it takes an extra step to make ssh available.

Based on this I got it working, by manually connecting to the Traefik container, then apk add openssh then creating a private/pub key, adding the private to the container and the public to the docker host .ssh/authorized_keys.

It's really nice to see this working but it'd be way too convoluted to automate this for me.

So I guess until Traefik offers a solution to implement this easily I'll have to keep the default Unix socket solution, and secure the Traefik dashboard/api with an IP whitelisting middleware

cakiwi · February 18, 2021, 1:11pm

In your position I would make an image downstream. The overhead being to do this when you want the next version.

> cat Dockerfile
FROM traefik:v2.4
RUN apk -u add openssh-client

> docker build -t mytraefik .

To be fair to the docs it says:

Expose the Docker socket over TCP or SSH, instead of the default Unix socket file.

But I agree with your sentiment, traefik documentation supports a docker socket via ssh buts lacks the dependency to connect.

Looks like some of the functionality was merged but comments on the PR show the same issue you experienced.

github.com/traefik/traefik

Support docker ssh daemon endpoint

opened 09:50PM - 14 Mar 19 UTC

frejonb

kind/proposal area/provider/docker

### Do you want to request a *feature* or report a *bug*? Feature ### Sugges…tion Docker supports connecting to a daemon via ssh from 18.09: https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-socket-option Implementing this would solve the security issues of mounting the Unix socket, as well as being able to run on worker. ### What did you expect to see? Support for ssh protocol ### What did you see instead? Only TCP or Unix

Topic		Replies	Views
Traefik fails to serve https endpoint inside docker Traefik v2 docker , letsencrypt-acme	3	1567	June 19, 2020
Traefik, keycloak, docker-compose flutter neither redirect or ssl works Traefik v2 docker	1	724	March 5, 2024
Moving from docker compose to Traefik.yml Traefik v3 (latest) docker , file , letsencrypt-acme	14	1730	August 24, 2024
Scp/ssh with Traefik? Traefik v2 docker	1	298	August 11, 2023
Field not found, node provider Traefik v2 docker , file	7	9356	June 6, 2023

Failing to specify an ssh endpoint for docker provider

Related topics