Fix SSH tunnel Docker build for Dokploy deployment

Changes: - Fix Dockerfile COPY path from ../secrets to secrets/ (Docker doesn't allow parent directory access) - Create ssh-tunnel/secrets/ directory structure with comprehensive README - Add .dockerignore for ssh-tunnel to optimize build context - Add DOKPLOY_DEPLOYMENT.md with complete deployment guide including: * SSH key configuration options (repository, secrets manager, BuildKit) * Environment variables setup * Step-by-step deployment instructions * Troubleshooting section * Security best practices - Update .gitignore to allow secrets/README.md files for documentation This resolves the Dokploy build failure: "failed to calculate checksum of ref... /secrets/roa_oracle_server: not found" 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-26 21:36:46 +02:00
parent c56f832e81
commit 702ca9fa3d
5 changed files with 1101 additions and 1 deletions
--- a/ssh-tunnel/secrets/README.md
+++ b/ssh-tunnel/secrets/README.md
@@ -0,0 +1,109 @@
+# SSH Tunnel Secrets Directory
+
+This directory contains the SSH private key required for the SSH tunnel to connect to the Oracle database server.
+
+## Required File
+
+**File**: `roa_oracle_server`
+**Type**: SSH private key (RSA or ED25519)
+**Permissions**: 600 (read/write for owner only)
+
+## Setup Instructions
+
+### For Development (Local)
+
+If you already have the SSH key:
+```bash
+# Copy the SSH key to this directory
+cp /path/to/your/roa_oracle_server ./ssh-tunnel/secrets/
+
+# Set proper permissions
+chmod 600 ./ssh-tunnel/secrets/roa_oracle_server
+```
+
+### For Deployment (Dokploy/Production)
+
+#### Option 1: Manual File Upload (Simple)
+1. Before deploying, place the SSH key file in this directory
+2. Commit to your private repository (ensure the repo is private!)
+3. Deploy via Dokploy
+
+#### Option 2: Using Dokploy Secrets (Recommended)
+1. In Dokploy UI, go to your application settings
+2. Navigate to "Secrets" or "Environment Files" section
+3. Create a new secret named `SSH_KEY`
+4. Paste the contents of your SSH private key
+5. Update `docker-compose.yml` to mount this secret (see DOKPLOY_DEPLOYMENT.md)
+
+#### Option 3: Using Docker BuildKit Secrets (Most Secure)
+```bash
+# During build, pass the secret
+docker buildx build \
+  --secret id=ssh_key,src=/path/to/roa_oracle_server \
+  -t roa2web/ssh-tunnel:latest \
+  -f ssh-tunnel/Dockerfile \
+  ssh-tunnel/
+```
+
+## Security Notes
+
+⚠️ **IMPORTANT**:
+- This directory is **gitignored** by default to prevent accidental commits
+- **NEVER** commit the actual SSH private key to a public repository
+- Use secure methods (secrets management, encrypted storage) for production
+- Ensure proper file permissions (600) on the SSH key file
+
+## Generating a New SSH Key (if needed)
+
+If you need to generate a new SSH key pair:
+
+```bash
+# Generate ED25519 key (recommended, more secure and faster)
+ssh-keygen -t ed25519 -f ./ssh-tunnel/secrets/roa_oracle_server -C "roa2web-tunnel"
+
+# OR generate RSA key (if ED25519 not supported)
+ssh-keygen -t rsa -b 4096 -f ./ssh-tunnel/secrets/roa_oracle_server -C "roa2web-tunnel"
+
+# Set proper permissions
+chmod 600 ./ssh-tunnel/secrets/roa_oracle_server
+chmod 644 ./ssh-tunnel/secrets/roa_oracle_server.pub
+
+# Add the public key to the remote server's authorized_keys
+# (You'll need to manually add it to the server)
+cat ./ssh-tunnel/secrets/roa_oracle_server.pub
+```
+
+## Testing the SSH Connection
+
+Before building the Docker image, test the SSH connection:
+
+```bash
+ssh -i ./ssh-tunnel/secrets/roa_oracle_server \
+    -p 22122 \
+    roa2web@83.103.197.79 \
+    "echo 'SSH connection successful'"
+```
+
+## Troubleshooting
+
+### "Permission denied (publickey)" Error
+- Verify the SSH key is in the correct format
+- Check that the public key is added to the remote server's `~/.ssh/authorized_keys`
+- Ensure proper permissions on the key file (600)
+
+### "No such file or directory" During Docker Build
+- Make sure the file is named exactly `roa_oracle_server` (no extension)
+- Verify the file exists in `ssh-tunnel/secrets/` directory
+- Check that you're building from the repository root
+
+### Docker Build Fails with "COPY failed"
+- Ensure the build context includes the secrets directory
+- Verify the Dockerfile COPY path is correct: `COPY secrets/roa_oracle_server ...`
+- Check that the file is not empty
+
+## Support
+
+For more information about SSH tunnel setup and deployment, see:
+- `../README_SSH_KEY.md` - SSH key setup guide
+- `DOKPLOY_DEPLOYMENT.md` - Dokploy deployment guide (root directory)
+- `DEPLOYMENT_GUIDE.md` - General deployment guide (root directory)