I have gitea setup in docker with traefik as a reverse proxy, running gitea on gitea.domain.xyz which works great, traefik also forwards the SSH traffic from port 222 on my pi to port 22 in the docker, this part all seems to work fine, I’m not certain if this is relevant but I thought I’d say this for context.
So it works locally, but not using my domain name.
This isn’t a problem per se, as I don’t yet want to access my gitea outside of my local network yet, but I wanted to understand what’s going on here.
Why does it work with hostname.local and not gitea.domain.xyz?
How does the computer I’m doing the git clone on actually know my pi as hostname.local, it’s not in the /etc/hosts file? (I feel like I should know this as I set it up at some point but I really don’t remember!)
Do you have a DNS A (or AAAA if IPv6) record setup on gitea.domain.xyz pointing to the local IP of your Pi? My guess is there is no record setup, so it is not able to resolve to an IP. These can typically be configured at your domain registrar’s website, or your outside DNS provider if you configured one.
Your computer knows how to resolve .local addresses thanks to mDNS (see here for more info).
Yes I have the records setup ok on my domain, as I host a bunch of web services already on my pi via the same domain, I can ping the domain from the same command line just fine.
Ah that’s enlightening about mDNS, I didn’t know that was a thing, and I’ve never stopped to wonder how hostname.local resolved before now. I knew my pi knew it’s own hostname but didn’t know how my laptop also knew the pi’s hostname!
What I think is happening is that the gitea container (listening for SSH on port 222 via traefik) is blanking requests for SSH seen to come from outside my local network (when I use gitea.domain.xyz) and allowing SSH seen to come from inside my local network (hostname.local).
I’m just not sure which stage along the chain is blocking this.
Only way SSH could know if you are coming from inside/outside local network is if the IPs are different. Is gitea.domain.xyz pointing to your external WAN IP and you are trying to access from LAN? If so, you will need NAT reflection/hairpinning/loopback setup (goes by a few names) in addition to port forward setup on your router to access otherwise it will be blocked by the router.
Some helpful commands to diagnose what the domains are resolving to:
Thanks for your comment, your questioning led me to the real culprit. I hadn’t forwarded port 222 through my router to my pi, which I have done for port 80 and 443, I really shouldn’t have missed that!
