# SSH Tunnel Secrets Directory This directory contains the SSH private key required for the SSH tunnel to connect to the Oracle database server. ## Required File **File**: `roa_oracle_server` **Type**: SSH private key (RSA or ED25519) **Permissions**: 600 (read/write for owner only) ## Setup Instructions ### For Development (Local) If you already have the SSH key: ```bash # Copy the SSH key to this directory cp /path/to/your/roa_oracle_server ./ssh-tunnel/secrets/ # Set proper permissions chmod 600 ./ssh-tunnel/secrets/roa_oracle_server ``` ### For Deployment (Dokploy/Production) #### Option 1: Manual File Upload (Simple) 1. Before deploying, place the SSH key file in this directory 2. Commit to your private repository (ensure the repo is private!) 3. Deploy via Dokploy #### Option 2: Using Dokploy Secrets (Recommended) 1. In Dokploy UI, go to your application settings 2. Navigate to "Secrets" or "Environment Files" section 3. Create a new secret named `SSH_KEY` 4. Paste the contents of your SSH private key 5. Update `docker-compose.yml` to mount this secret (see DOKPLOY_DEPLOYMENT.md) #### Option 3: Using Docker BuildKit Secrets (Most Secure) ```bash # During build, pass the secret docker buildx build \ --secret id=ssh_key,src=/path/to/roa_oracle_server \ -t roa2web/ssh-tunnel:latest \ -f ssh-tunnel/Dockerfile \ ssh-tunnel/ ``` ## Security Notes ⚠️ **IMPORTANT**: - This directory is **gitignored** by default to prevent accidental commits - **NEVER** commit the actual SSH private key to a public repository - Use secure methods (secrets management, encrypted storage) for production - Ensure proper file permissions (600) on the SSH key file ## Generating a New SSH Key (if needed) If you need to generate a new SSH key pair: ```bash # Generate ED25519 key (recommended, more secure and faster) ssh-keygen -t ed25519 -f ./ssh-tunnel/secrets/roa_oracle_server -C "roa2web-tunnel" # OR generate RSA key (if ED25519 not supported) ssh-keygen -t rsa -b 4096 -f ./ssh-tunnel/secrets/roa_oracle_server -C "roa2web-tunnel" # Set proper permissions chmod 600 ./ssh-tunnel/secrets/roa_oracle_server chmod 644 ./ssh-tunnel/secrets/roa_oracle_server.pub # Add the public key to the remote server's authorized_keys # (You'll need to manually add it to the server) cat ./ssh-tunnel/secrets/roa_oracle_server.pub ``` ## Testing the SSH Connection Before building the Docker image, test the SSH connection: ```bash ssh -i ./ssh-tunnel/secrets/roa_oracle_server \ -p 22122 \ roa2web@83.103.197.79 \ "echo 'SSH connection successful'" ``` ## Troubleshooting ### "Permission denied (publickey)" Error - Verify the SSH key is in the correct format - Check that the public key is added to the remote server's `~/.ssh/authorized_keys` - Ensure proper permissions on the key file (600) ### "No such file or directory" During Docker Build - Make sure the file is named exactly `roa_oracle_server` (no extension) - Verify the file exists in `ssh-tunnel/secrets/` directory - Check that you're building from the repository root ### Docker Build Fails with "COPY failed" - Ensure the build context includes the secrets directory - Verify the Dockerfile COPY path is correct: `COPY secrets/roa_oracle_server ...` - Check that the file is not empty ## Support For more information about SSH tunnel setup and deployment, see: - `../README_SSH_KEY.md` - SSH key setup guide - `DOKPLOY_DEPLOYMENT.md` - Dokploy deployment guide (root directory) - `DEPLOYMENT_GUIDE.md` - General deployment guide (root directory)