From 7c52065aaeff25f87a299856f44b0a57cbc957ac Mon Sep 17 00:00:00 2001 From: Michael Schiemer Date: Wed, 5 Nov 2025 12:12:42 +0100 Subject: [PATCH] feat(traefik): add TCP routing for Gitea SSH port 2222 - Add TCP entrypoint 'gitea-ssh' on port 2222 in static config - Create TCP router configuration for routing SSH traffic to Gitea - Use Gitea container IP (172.23.0.2) since Traefik runs in host network mode - Routes git.michaelschiemer.de:2222 through Traefik instead of direct VPN access --- .../stacks/traefik/dynamic/gitea-ssh.yml | 20 +++++++++++++++++++ deployment/stacks/traefik/traefik.yml | 4 ++++ 2 files changed, 24 insertions(+) create mode 100644 deployment/stacks/traefik/dynamic/gitea-ssh.yml diff --git a/deployment/stacks/traefik/dynamic/gitea-ssh.yml b/deployment/stacks/traefik/dynamic/gitea-ssh.yml new file mode 100644 index 00000000..c26f5327 --- /dev/null +++ b/deployment/stacks/traefik/dynamic/gitea-ssh.yml @@ -0,0 +1,20 @@ +# TCP Router Configuration for Gitea SSH +# Routes SSH traffic on port 2222 to Gitea container + +tcp: + routers: + gitea-ssh: + entryPoints: + - gitea-ssh + rule: "HostSNI(`*`)" + service: gitea-ssh-service + + services: + gitea-ssh-service: + loadBalancer: + servers: + # Gitea container SSH service + # Note: Using container IP from traefik-public network + # Traefik runs in host network mode, so we need the actual container IP + # IP address: 172.23.0.2 (traefik-public network) + - address: "172.23.0.2:22" diff --git a/deployment/stacks/traefik/traefik.yml b/deployment/stacks/traefik/traefik.yml index 2b1870ba..1ac54d38 100644 --- a/deployment/stacks/traefik/traefik.yml +++ b/deployment/stacks/traefik/traefik.yml @@ -30,6 +30,10 @@ entryPoints: sans: - "*.michaelschiemer.de" + # TCP entrypoint for Gitea SSH + gitea-ssh: + address: ":2222" + # Certificate Resolvers certificatesResolvers: letsencrypt: