Traefik about holepunch-server HOT 5 CLOSED

You said the binary is missing.. you mentioned armv7 and we previously discussed #9

IIRC not found errors can also arise when trying to run binaries for non-compatible architectures. Seeing as the image with tag 20210312_0738_8f5e8775 is the first with ARM support, did you try to run the correct image? You also mention :latest, but the :latest tag also doesn't exist (I don't currently use that tag).

Anyways, seems like this issue is resolved. I'll close it for now but we can continue discussion and reopen if there's still an issue..

from holepunch-server.

This should work with a reverse proxy in front of it. In fact, that's been my exact use case also (though I'm not using Traefik).

I'd check:

• that Traefik uses port 80 to talk to holepunch-server.
• try checking if you can curl https://holepunch-server-hostname/_ssh , you should get some error relating to your request not asking for websocket
• then repeat that same for directly talking to holepunch-server (without reverse proxy in front of it)
• if that does not work, try checking for Traefik logs

from holepunch-server.

Which Proxy do you use? can you provide me your docker-compose as an example?

from holepunch-server.

My docker-compose file wouldn't help because I'm using Edgerouter which is a loadbalancer I built myself (yes, I know how crazy it sounds). Edgerouter is probably not usable for anyone else than me right now, but it started with Traefik-compatible annotations.

I'm confident holepunch-server works with Traefik, because that's what I used with holepunch-server before building Edgerouter. Basically my loadbalancer layer is using traefik.frontend.rule with value of HostRegexp:{[^.]+}.punch.example.com. This is what would be in your docker-compose file in some form or another.

Then if you have an SSH client (OpenSSH or holepunch-client) providing reverse tunnel in the container port 8080, then https://8080.punch.example.com/ should be accessible from internet, provided that your loadbalancer is redirecting *.punch.example.com traffic to right container IP's port 80. The holepunch-server container itself reverse proxies TCP traffic (on top of WebSocket) from HTTP 80 to the port 8080 based on the subdomain match.

Have you assigned wildcard certificate to *.holepunch.something.com?

Make sure your loadbalancer is not stripping away the Host: header. Traefik seems to do the right thing by default.

Did all the checks pass that I asked about? What exactly are you trying to do? Specifically, you haven't mentioned any error messages or troubleshooting steps that have failed? Is plain HTTP working but HTTPS not? Does it work without loadbalancer, or is the trouble present only when behind a loadbalancer?

from holepunch-server.

seems like I had some issues with docker on armv7.
finally i solved it by: (running traefik in another docker-compose instance)

version: "3.5"

services:
  holepunch:
    image: holepunch-server:latest
    environment:
      SSH_HOSTKEY: "somthing"
      CLIENT_PUBKEY: "something else"
    restart: always
    ports:
      - "5050:5050"
      - "2222:2222"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.hp.rule=Host(`home.host.com`)"
      - "traefik.http.routers.hp.entrypoints=http"
      - "traefik.http.routers.hp.tls.certResolver=le"

      - "traefik.http.routers.api.rule=Host(`api.home.host.com`)"
      - "traefik.http.routers.api.service=api"
      - "traefik.http.routers.api.entrypoints=https"
      - "traefik.http.routers.api.tls.certResolver=le"
      - "traefik.http.services.api.loadbalancer.server.port=5050"
      - "traefik.http.routers.api.tls=true"
    networks:
      - backend
      - frontend

networks:
  frontend:
    name: frontend
    external: true
  backend:
    name: backend
    driver: bridge

Somehow i could not use your docker image on dockerhub as the binary is missing. I just did some workaround by
(latest alpine got some issues with armv7....)

FROM alpine:3.12

RUN apk update
RUN apk add openssh wget

RUN wget https://github.com/function61/holepunch-server/releases/download/20210312_0738_8f5e8775/holepunch-server_linux-arm
RUN mv holepunch-server_linux-arm holepunch-server
RUN chmod +x holepunch-server
ENTRYPOINT ["./holepunch-server", "server", "--http-reverse-proxy", "--sshd-websocket","--sshd-tcp","0.0.0.0:2222"]

from holepunch-server.