Fix SSH tunnel Docker build for Dokploy deployment

Changes:
- Fix Dockerfile COPY path from ../secrets to secrets/ (Docker doesn't allow parent directory access)
- Create ssh-tunnel/secrets/ directory structure with comprehensive README
- Add .dockerignore for ssh-tunnel to optimize build context
- Add DOKPLOY_DEPLOYMENT.md with complete deployment guide including:
  * SSH key configuration options (repository, secrets manager, BuildKit)
  * Environment variables setup
  * Step-by-step deployment instructions
  * Troubleshooting section
  * Security best practices
- Update .gitignore to allow secrets/README.md files for documentation

This resolves the Dokploy build failure: "failed to calculate checksum of ref... /secrets/roa_oracle_server: not found"

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

ssh-tunnel/.dockerignore

@@ -0,0 +1,68 @@
+# SSH Tunnel Docker Build - Ignore Patterns
+
+# Documentation (not needed in container)
+README_SSH_KEY.md
+docs/
+*.md
+!secrets/README.md
+
+# Git files
+.git/
+.gitignore
+.gitattributes
+
+# Development and test files
+*.test
+*.tmp
+*.temp
+*.log
+*.bak
+*.swp
+*.swo
+*~
+
+# IDE files
+.vscode/
+.idea/
+*.sublime-*
+
+# SSH files that should NOT be in the image
+# (only roa_oracle_server should be copied)
+secrets/*_test*
+secrets/*.pub
+secrets/*.pem
+secrets/*.key
+secrets/known_hosts
+secrets/config
+
+# Backup files
+*.backup
+*.orig
+*.old
+
+# OS files
+.DS_Store
+Thumbs.db
+._*
+
+# Python cache (if any scripts generate them)
+__pycache__/
+*.pyc
+*.pyo
+*.pyd
+.Python
+
+# Temporary files
+temp/
+tmp/
+*.pid
+
+# Build artifacts
+*.tar
+*.tar.gz
+*.zip
+
+# Keep only what's needed for the build:
+# - Dockerfile (implicit)
+# - ssh_tunnel_docker.sh
+# - secrets/roa_oracle_server

ssh-tunnel/Dockerfile

@@ -18,7 +18,10 @@ RUN mkdir -p /home/tunnel/.ssh && \
     chown -R tunnel:tunnel /home/tunnel
 
 # Copy SSH key and set permissions (before switching to non-root user)
-COPY ../secrets/roa_oracle_server /home/tunnel/.ssh/roa_oracle_server
+# For production deployment (Dokploy/Docker), the SSH key should be:
+# 1. Placed in ssh-tunnel/secrets/roa_oracle_server before build, OR
+# 2. Provided via BuildKit secrets (see DOKPLOY_DEPLOYMENT.md)
+COPY secrets/roa_oracle_server /home/tunnel/.ssh/roa_oracle_server
 RUN chown tunnel:tunnel /home/tunnel/.ssh/roa_oracle_server && \
     chmod 600 /home/tunnel/.ssh/roa_oracle_server
 

ssh-tunnel/secrets/README.md

@@ -0,0 +1,109 @@
+# SSH Tunnel Secrets Directory
+
+This directory contains the SSH private key required for the SSH tunnel to connect to the Oracle database server.
+
+## Required File
+
+**File**: `roa_oracle_server`
+**Type**: SSH private key (RSA or ED25519)
+**Permissions**: 600 (read/write for owner only)
+
+## Setup Instructions
+
+### For Development (Local)
+
+If you already have the SSH key:
+```bash
+# Copy the SSH key to this directory
+cp /path/to/your/roa_oracle_server ./ssh-tunnel/secrets/
+
+# Set proper permissions
+chmod 600 ./ssh-tunnel/secrets/roa_oracle_server
+```
+
+### For Deployment (Dokploy/Production)
+
+#### Option 1: Manual File Upload (Simple)
+1. Before deploying, place the SSH key file in this directory
+2. Commit to your private repository (ensure the repo is private!)
+3. Deploy via Dokploy
+
+#### Option 2: Using Dokploy Secrets (Recommended)
+1. In Dokploy UI, go to your application settings
+2. Navigate to "Secrets" or "Environment Files" section
+3. Create a new secret named `SSH_KEY`
+4. Paste the contents of your SSH private key
+5. Update `docker-compose.yml` to mount this secret (see DOKPLOY_DEPLOYMENT.md)
+
+#### Option 3: Using Docker BuildKit Secrets (Most Secure)
+```bash
+# During build, pass the secret
+docker buildx build \
+  --secret id=ssh_key,src=/path/to/roa_oracle_server \
+  -t roa2web/ssh-tunnel:latest \
+  -f ssh-tunnel/Dockerfile \
+  ssh-tunnel/
+```
+
+## Security Notes
+
+⚠️ **IMPORTANT**:
+- This directory is **gitignored** by default to prevent accidental commits
+- **NEVER** commit the actual SSH private key to a public repository
+- Use secure methods (secrets management, encrypted storage) for production
+- Ensure proper file permissions (600) on the SSH key file
+
+## Generating a New SSH Key (if needed)
+
+If you need to generate a new SSH key pair:
+
+```bash
+# Generate ED25519 key (recommended, more secure and faster)
+ssh-keygen -t ed25519 -f ./ssh-tunnel/secrets/roa_oracle_server -C "roa2web-tunnel"
+
+# OR generate RSA key (if ED25519 not supported)
+ssh-keygen -t rsa -b 4096 -f ./ssh-tunnel/secrets/roa_oracle_server -C "roa2web-tunnel"
+
+# Set proper permissions
+chmod 600 ./ssh-tunnel/secrets/roa_oracle_server
+chmod 644 ./ssh-tunnel/secrets/roa_oracle_server.pub
+
+# Add the public key to the remote server's authorized_keys
+# (You'll need to manually add it to the server)
+cat ./ssh-tunnel/secrets/roa_oracle_server.pub
+```
+
+## Testing the SSH Connection
+
+Before building the Docker image, test the SSH connection:
+
+```bash
+ssh -i ./ssh-tunnel/secrets/roa_oracle_server \
+    -p 22122 \
+    roa2web@83.103.197.79 \
+    "echo 'SSH connection successful'"
+```
+
+## Troubleshooting
+
+### "Permission denied (publickey)" Error
+- Verify the SSH key is in the correct format
+- Check that the public key is added to the remote server's `~/.ssh/authorized_keys`
+- Ensure proper permissions on the key file (600)
+
+### "No such file or directory" During Docker Build
+- Make sure the file is named exactly `roa_oracle_server` (no extension)
+- Verify the file exists in `ssh-tunnel/secrets/` directory
+- Check that you're building from the repository root
+
+### Docker Build Fails with "COPY failed"
+- Ensure the build context includes the secrets directory
+- Verify the Dockerfile COPY path is correct: `COPY secrets/roa_oracle_server ...`
+- Check that the file is not empty
+
+## Support
+
+For more information about SSH tunnel setup and deployment, see:
+- `../README_SSH_KEY.md` - SSH key setup guide
+- `DOKPLOY_DEPLOYMENT.md` - Dokploy deployment guide (root directory)
+- `DEPLOYMENT_GUIDE.md` - General deployment guide (root directory)