Add a private key to your ssh agent from a variable.

Fri, 10 Nov 2017 12:47:00 +0000

I always have a hard time remembering how to add an ssh key (ssh-add) from an environment variable containing the private key. “In a variable!?” You may exclaim, don’t worry it’s typically a ‘secret’ variable on a continous integration system that supports masking sensitive variable key/values. I wouldn’t recommend doing this unless you’re certain the value of your variable is not going to accidently leak in plain text .

To redirect the contents of the environment variable into ssh-add instead of a real file simply use:

eval $(ssh-agent -s) 
ssh-add <(echo "$PRIVATE_KEY") 

# List out your new key's fingerprint
ssh-add -l

# Don't forget to cleanup your agent after you're done using it if you're not on an ephemeral build server.
ssh-agent -k

The more general lesson here is <(echo "$VAR") is good for redirecting variables instead of a file incases where a good old pipe | just won’t work.

Traefik default server catch all rule

Fri, 03 Nov 2017 21:00:00 +0000

Yesterday I found myself testing out traefik for the first time after this forum request piqued my interest, mainly as a replacement for my jwilder/nginx-proxy reverse proxy. In order to block ads with my pi-hole image traefik’s reverse proxy needed a critical feature, a defaut site / server…which I found surprisingly not well documented! So here we are documenting it on my new blog.

This stack overflow post looked promising at first, but really the poster was reqesting a simple www+non www rule. I needed default host functionality similar to nginx or apache webservers’ concept of default servers: a low priority catch all server that unmatched domain requests will be directed to.

After I gave up googling I turned to the docs. This is what I ended up trying that worked for me to have a true ‘default host’ that got rid of the default 404 everything behavior traefik ships with:

    # from my docker-compose.yaml service block
    labels:
      - "traefik.frontend.rule=HostRegexp:{catchall:.*}"
      - "traefik.frontend.priority=1"

If you don’t speak regex .* translates to any character for any length. The HostRegexp just follows traefik’s (and go’s) rules for regex which requires this style {name:<regex>}

The priority setting is critical! Without it all my other docker containers’ traefik proxies stopped working and the catchall took top priority. Priority 1 was the lowest integer that worked for me while other containers had no priority set. Setting priority to 0 just causes the the catchall regex to become top priority again.

After getting traefik, pi-hole, and another web container plexpy working together I decied to convert all my other containers over and will try runnig traefik as my new simple single host docker home servers’ reverse proxy for now. Hopefully it works out, if it goes well I may start recommending it to others in my docker READMEs.

Tech Junk Trunk

Add a private key to your ssh agent from a variable.

Traefik default server catch all rule