-
Notifications
You must be signed in to change notification settings - Fork 4
Docker Troubleshooting
There are various reasons why the SSH tunnel will not be established, but assuming the basics have been walked thorough (firewall port, keys etc etc) here are some things to check:
The bluesky and admin users on the server need to have restrictive permissions on their own ~/.ssh folders. Because we are passing a directory into docker the permissions can be messed up if care is not taken. Ideally we would look to have each folder with 755 and the authorized_keys file within it: 600. Both should be owned by the user itself.
An example view from outside the container:
admin.ssh:
total 12
drwxr-xr-x 2 1000 root 4096 Mar 31 19:46 .
drwxr-xr-x 6 root root 4096 Feb 19 2018 ..
-rw------- 1 1000 root 352 Mar 31 19:46 authorized_keys
bluesky.ssh:
total 56
drwxr-xr-x 2 1001 root 4096 Sep 13 15:16 .
drwxr-xr-x 6 root root 4096 Feb 19 2018 ..
-rw------- 1 1001 root 46289 Sep 13 15:16 authorized_keys
Within the container view:
/home/admin/.ssh:
total 12
drwxr-xr-x 2 admin root 4096 Mar 31 15:46 .
drwxr-xr-x 4 root root 4096 Aug 24 11:01 ..
-rw------- 1 admin root 352 Mar 31 15:46 authorized_keys
/home/bluesky/.ssh:
total 56
drwxr-xr-x 2 bluesky root 4096 Sep 14 08:58 .
drwxr-xr-x 4 root root 4096 Aug 24 11:01 ..
-rw------- 1 bluesky root 46289 Sep 14 08:58 authorized_keys
You may be running out of resources over time depending on what you are hosting on and how many tunnels you have. I host ~ 200+ tunnels on a 1GB Digital Ocean droplet. My server would start dropping connections after a day or two - restarting the container worked. Digital Ocean for example does not provide any swap space by default on the type of droplet I was using. The following script can be run once on a Ubuntu instance to set the swap space to 512MB. This has resolved my issues. Please take care with this - you may want to modify and verify that you don't already have swap in pace beforehand
#!/bin/bash
fallocate -l 512M /swapfile
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile
echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab
sysctl vm.swappiness=10
echo 'vm.swappiness=10' | sudo tee -a /etc/sysctl.conf
sysctl vm.vfs_cache_pressure=50
echo 'vm.vfs_cache_pressure=50' | sudo tee -a /etc/sysctl.conf
The following command can be run on the server running docker to send an email test. The output of the command should give you a clue on why it may be failing.
docker exec -it bluesky /usr/local/bin/BlueSky/Server/emailHelper.sh test test