roa2web-service-auto/ssh-tunnel/secrets

SSH Tunnel Secrets Directory

This directory contains the SSH private key required for the SSH tunnel to connect to the Oracle database server.

Required File

File: roa_oracle_server Type: SSH private key (RSA or ED25519) Permissions: 600 (read/write for owner only)

Setup Instructions

For Development (Local)

If you already have the SSH key:

# Copy the SSH key to this directory
cp /path/to/your/roa_oracle_server ./ssh-tunnel/secrets/

# Set proper permissions
chmod 600 ./ssh-tunnel/secrets/roa_oracle_server

For Deployment (Dokploy/Production)

Option 1: Manual File Upload (Simple)

1. Before deploying, place the SSH key file in this directory
2. Commit to your private repository (ensure the repo is private!)
3. Deploy via Dokploy

Option 2: Using Dokploy Secrets (Recommended)

1. In Dokploy UI, go to your application settings
2. Navigate to "Secrets" or "Environment Files" section
3. Create a new secret named SSH_KEY
4. Paste the contents of your SSH private key
5. Update docker-compose.yml to mount this secret (see DOKPLOY_DEPLOYMENT.md)

Option 3: Using Docker BuildKit Secrets (Most Secure)

# During build, pass the secret
docker buildx build \
  --secret id=ssh_key,src=/path/to/roa_oracle_server \
  -t roa2web/ssh-tunnel:latest \
  -f ssh-tunnel/Dockerfile \
  ssh-tunnel/

Security Notes

⚠️ IMPORTANT:

• This directory is gitignored by default to prevent accidental commits
• NEVER commit the actual SSH private key to a public repository
• Use secure methods (secrets management, encrypted storage) for production
• Ensure proper file permissions (600) on the SSH key file

Generating a New SSH Key (if needed)

If you need to generate a new SSH key pair:

# Generate ED25519 key (recommended, more secure and faster)
ssh-keygen -t ed25519 -f ./ssh-tunnel/secrets/roa_oracle_server -C "roa2web-tunnel"

# OR generate RSA key (if ED25519 not supported)
ssh-keygen -t rsa -b 4096 -f ./ssh-tunnel/secrets/roa_oracle_server -C "roa2web-tunnel"

# Set proper permissions
chmod 600 ./ssh-tunnel/secrets/roa_oracle_server
chmod 644 ./ssh-tunnel/secrets/roa_oracle_server.pub

# Add the public key to the remote server's authorized_keys
# (You'll need to manually add it to the server)
cat ./ssh-tunnel/secrets/roa_oracle_server.pub

Testing the SSH Connection

Before building the Docker image, test the SSH connection:

ssh -i ./ssh-tunnel/secrets/roa_oracle_server \
    -p 22122 \
    roa2web@83.103.197.79 \
    "echo 'SSH connection successful'"

Troubleshooting

"Permission denied (publickey)" Error

• Verify the SSH key is in the correct format
• Check that the public key is added to the remote server's ~/.ssh/authorized_keys
• Ensure proper permissions on the key file (600)

"No such file or directory" During Docker Build

• Make sure the file is named exactly roa_oracle_server (no extension)
• Verify the file exists in ssh-tunnel/secrets/ directory
• Check that you're building from the repository root

Docker Build Fails with "COPY failed"

• Ensure the build context includes the secrets directory
• Verify the Dockerfile COPY path is correct: COPY secrets/roa_oracle_server ...
• Check that the file is not empty

Support

For more information about SSH tunnel setup and deployment, see:

• ../README_SSH_KEY.md - SSH key setup guide
• DOKPLOY_DEPLOYMENT.md - Dokploy deployment guide (root directory)
• DEPLOYMENT_GUIDE.md - General deployment guide (root directory)