eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions
blumeops/containers/nettest/test-connectivity.sh
Erich Blume 1184b4de1d Add Caddy layer4 for Forgejo SSH (#56) 
## Summary
- Add layer4 TCP proxy configuration to Caddyfile template for SSH services
- Configure Forgejo SSH on port 2222 → localhost:2200
- Switch HTTPS from port 8443 (testing) to 443 (production)
- Requires Caddy rebuilt with `github.com/mholt/caddy-l4` plugin

## What This Enables
Git+SSH access via `forge.ops.eblu.me:2222` is now accessible from:
- Tailnet clients (gilbert)
- Docker containers on indri
- Kubernetes pods in minikube

This solves the DNS resolution issues where containers couldn't reach Tailscale MagicDNS names.

## Testing Done
- [x] Caddy rebuilt with layer4 plugin
- [x] Validated Caddyfile syntax
- [x] Cleared `svc:forge` from tailscale serve
- [x] Verified HTTPS works: `curl https://forge.ops.eblu.me`
- [x] Verified SSH works: `ssh -p 2222 forgejo@forge.ops.eblu.me`
- [x] Verified git clone works via new endpoint
- [x] Verified minikube pods can reach both HTTPS and SSH endpoints

## Deployment
Caddy is already running with the new config on indri. This PR captures the ansible changes.

## Next Steps
- Update zk docs with new git remote format
- Migrate registry and other services to Caddy
- Retire tailscale_services ansible role

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Reviewed-on: https://forge.tail8d86e.ts.net/eblume/blumeops/pulls/56
2026-01-25 11:37:23 -08:00

115 lines
3.2 KiB
Bash
Raw Blame History

#!/bin/ash
# shellcheck shell=dash
# Network connectivity test script for blumeops
# Tests access to tailnet services from within the container
set -e
echo "========================================"
echo "BlumeOps Network Connectivity Test"
echo "========================================"
echo ""
echo "Timestamp: $(date -Iseconds)"
echo "Hostname: $(hostname)"
echo ""
# Test targets
FORGE_HOST="forge.ops.eblu.me"
REGISTRY_HOST="registry.ops.eblu.me"
test_dns() {
local host="$1"
echo "--- DNS: $host ---"
if nslookup "$host" 2>/dev/null; then
echo "DNS: OK"
return 0
else
echo "DNS: FAILED"
return 1
fi
}
test_https() {
local url="$1"
local name="$2"
echo ""
echo "--- HTTPS: $name ---"
echo "URL: $url"
# Try to fetch with verbose output
http_code=$(curl -s -o /dev/null -w "%{http_code}" --max-time 10 "$url" 2>&1) || true
if [ "$http_code" = "200" ] || [ "$http_code" = "401" ] || [ "$http_code" = "302" ]; then
echo "HTTP Status: $http_code"
echo "Result: OK (service reachable)"
return 0
elif [ -n "$http_code" ] && [ "$http_code" != "000" ]; then
echo "HTTP Status: $http_code"
echo "Result: OK (service reachable, status $http_code)"
return 0
else
echo "HTTP Status: $http_code"
echo "Result: FAILED (could not connect)"
return 1
fi
}
test_registry_api() {
local host="$1"
echo ""
echo "--- Registry API: $host ---"
# Try to query the registry API
response=$(curl -sf --max-time 10 "https://$host/v2/_catalog" 2>/dev/null) || true
if [ -n "$response" ]; then
echo "Response: $response"
repo_count=$(echo "$response" | jq -r '.repositories | length' 2>/dev/null) || repo_count="unknown"
echo "Repository count: $repo_count"
echo "Result: OK"
return 0
else
echo "Result: FAILED (no response from /v2/_catalog)"
return 1
fi
}
echo "========================================"
echo "Testing DNS Resolution"
echo "========================================"
dns_ok=0
test_dns "$FORGE_HOST" && dns_ok=$((dns_ok + 1)) || true
echo ""
test_dns "$REGISTRY_HOST" && dns_ok=$((dns_ok + 1)) || true
echo ""
echo "========================================"
echo "Testing HTTPS Connectivity"
echo "========================================"
https_ok=0
test_https "https://$FORGE_HOST" "Forgejo" && https_ok=$((https_ok + 1)) || true
test_https "https://$REGISTRY_HOST/v2/" "Zot Registry" && https_ok=$((https_ok + 1)) || true
echo ""
echo "========================================"
echo "Testing Registry API"
echo "========================================"
api_ok=0
test_registry_api "$REGISTRY_HOST" && api_ok=1 || true
echo ""
echo "========================================"
echo "Summary"
echo "========================================"
echo "DNS tests passed: $dns_ok/2"
echo "HTTPS tests passed: $https_ok/2"
echo "Registry API: $([ $api_ok -eq 1 ] && echo 'OK' || echo 'FAILED')"
echo ""
if [ "$dns_ok" -eq 2 ] && [ "$https_ok" -eq 2 ] && [ "$api_ok" -eq 1 ]; then
echo "OVERALL: ALL TESTS PASSED"
exit 0
else
echo "OVERALL: SOME TESTS FAILED"
exit 1
fi
Reference in a new issue View git blame Copy permalink