From b318345fdf3b397dc47dee6450cda64fc4bfbe5e Mon Sep 17 00:00:00 2001 From: Ryan Moon Date: Sat, 4 Apr 2026 10:04:42 -0500 Subject: [PATCH] =?UTF-8?q?fix:=20use=20haproxy=20to=20strip=20PROXY=20pro?= =?UTF-8?q?tocol=20before=20sshd=20=E2=80=94=20nginx=20sends=20PROXY=20hea?= =?UTF-8?q?ders=20on=20all=20TCP?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Dockerfile.devpod | 2 +- entrypoint-devpod.sh | 26 ++++++++++++++++++++++++-- 2 files changed, 25 insertions(+), 3 deletions(-) diff --git a/Dockerfile.devpod b/Dockerfile.devpod index e31753d..4951615 100644 --- a/Dockerfile.devpod +++ b/Dockerfile.devpod @@ -8,7 +8,7 @@ ENV PATH="/root/.bun/bin:$PATH" RUN apt-get update && apt-get install -y --no-install-recommends \ curl wget git openssh-server ca-certificates gnupg \ build-essential unzip jq tmux zsh ripgrep \ - postgresql-client redis-tools \ + postgresql-client redis-tools haproxy \ && rm -rf /var/lib/apt/lists/* # Bun diff --git a/entrypoint-devpod.sh b/entrypoint-devpod.sh index 1a8d78d..3f069aa 100644 --- a/entrypoint-devpod.sh +++ b/entrypoint-devpod.sh @@ -41,12 +41,34 @@ if [ ! -f /root/.gitconfig ]; then EOF fi -# Allow root login via SSH key +# Allow root login via SSH key, listen on internal port 2222 echo "PermitRootLogin yes" >> /etc/ssh/sshd_config +echo "Port 2222" >> /etc/ssh/sshd_config -# Start SSH daemon +# Start SSH daemon on internal port 2222 /usr/sbin/sshd +# Start haproxy on port 22 to accept PROXY protocol from nginx and forward to sshd:2222 +cat > /etc/haproxy/haproxy.cfg <<'EOF' +global + daemon + maxconn 256 + +defaults + mode tcp + timeout connect 5s + timeout client 60s + timeout server 60s + +frontend ssh + bind *:22 accept-proxy + default_backend sshd + +backend sshd + server local 127.0.0.1:2222 +EOF +haproxy -f /etc/haproxy/haproxy.cfg + # Start code-server exec code-server \ --bind-addr 0.0.0.0:8080 \