Failing to specify an ssh endpoint for docker provider

I feel dumb as this should be straightforward but I can't find any match for this error:
I'm simply trying to replace the default docker provider endpoint in a docker-compose.yml command: section from

- --providers.docker.endpoint=unix:///var/run/docker.sock


- --providers.docker.endpoint="ssh://user@"

and I get this error:

msg="Failed to create a client for docker, error: parse \"\\\"ssh://user@\\\"\": first path segment in URL cannot contain colon" providerName=docker

And if I don't quote the ssh string as in

- --providers.docker.endpoint=ssh://user@

I get this error:

exec: \"ssh\": executable file not found in $PATH" providerName=docker

What am I doing wrong here?

Hi @coolnodje

I didn't know you could do that with traefik.

Based on the second error you are missing ssh.
If you're using the traefik container ssh is not installed, you could try building your own and add openssh-client.

hum, that's right, the ssh binary should be available from the Traefik docker container.
This is the 1st method advised by traefik documentation to secure the traefik install.

I would have expected the ssh binary to be readily available then, but since the traefik image is based on Alpine, it takes an extra step to make ssh available.

Based on this I got it working, by manually connecting to the Traefik container, then apk add openssh then creating a private/pub key, adding the private to the container and the public to the docker host .ssh/authorized_keys.

It's really nice to see this working but it'd be way too convoluted to automate this for me.

So I guess until Traefik offers a solution to implement this easily I'll have to keep the default Unix socket solution, and secure the Traefik dashboard/api with an IP whitelisting middleware

In your position I would make an image downstream. The overhead being to do this when you want the next version.

> cat Dockerfile
FROM traefik:v2.4
RUN apk -u add openssh-client

> docker build -t mytraefik .

To be fair to the docs it says:

Expose the Docker socket over TCP or SSH, instead of the default Unix socket file.

But I agree with your sentiment, traefik documentation supports a docker socket via ssh buts lacks the dependency to connect.

Looks like some of the functionality was merged but comments on the PR show the same issue you experienced.

1 Like