Subscribe
caddy

GOGS: How to set up an SSH key when using Docker

Phil

2 min read
GOGS: How to set up an SSH key when using Docker

Connecting to Git via SSH improves development quality-of-life via username & password prompt liberation. The gist is to replace the standard username and password prompt in git with public-key-encryption. There are a number of security benefits to moving credentials to SSH in Git in addition to the QoL improvements.

I don't plan to go into how to set up Gogs with Docker as it is fairly straightforward, but I can be coerced if there is interest.

Read on to configure Gogs for SSH key auth when hosting inside of Docker.

Create the container

docker run --name gogs -d -p 10022:22 -v /path/to/gogs:/data gogs/gogs

Port forwarding using the -p flag is required for this configuration. It doesn't matter what port you use to forward as long as it is open in the firewall and mapped to 22 in the container configuration

The Goggles, they do nothing!
Goggles_Large by TeacherPouch LLC / CC BY-SA-NC 3.0

Gogs Config

There are a few settings to update in the Gogs config file.

[server]
DOMAIN       = gogs.mydomain.com
HTTP_PORT    = 3000
ROOT_URL     = https://gogs.mydomain.com
DISABLE_SSH  = false
SSH_PORT     = 10022

These settings help put together the clone URL you see when navigating through projects in Gogs.

Set up an SSH Key

Next you need an SSH key. This is easy to set up in Linux and Github has a great reference - GitHub - Generating an SSH Key

Add key to Gogs

After generating the SSH key for your machine, open the id_rsa.pub file in a text editor and copy its contents. Paste the contents into Gogs under profile -> your settings -> SSH Keys -> Add Key.

Once a key has been added to your profile, you can select SSH as an option for cloning from your repositories

Pressing the SSH button will produce SSH-based git clone URL

Gotcha - Forward SSH port 22

I thought I could be clever and handle the port forwarding in Caddy rather than through Docker. I omitted the -p flag above for port 22. Eventually I ran into a non-descriptive error when attempting SSH connections through what I thought was Gogs.

Error: Permission denied (publickey)

I finally realized that the SSH service is running natively on my server and intercepting incoming packets on that port before they even get to Caddy. Any port forwarding for :22 was immediately getting squashed - and it is a good thing because I could have caused a lot of problems with connecting to my server.

Caddy Config

The caddy configuration is very simple. Just forward traffic on port 80 to the default port for the Gogs container. You can lookup the IP for the Gogs container using docker inspect. Apparently you can also create aliases for other containers rather than referencing by IP but I haven't gotten that far yet.

gogs.mydomain.com {
  proxy / 172.17.0.6:3000
}

Feel free to ask questions or leave comments below. Hope this is helpful!

PD

Sign up for more like this.

Enter your email
Subscribe