1 minute read

During Build 2017, Microsoft announced bunch of new features for App Service on Linux. One of those features announced was support for SSH support directly into the web worker instance. Based on my previous article about building a custom image for ASL, I have updated the HHVM image both on GitHub and Docker hub to have SSH support as well.

At the moment App Service on Linux is going to have an issue with connecting to the SSH due to the worker's IP address being unknown to Kudu in certain image scenarios. The ASL team has been made aware of this issue and already have a fix ready, so it is probably just a matter of days until it is deployed and works completely.

Enabling your image is really simple, you just have to follow the steps they provide and you are all set.

Comments

Erik Forsberg

Hi Honza!

First off, thanks for your posts - they have been way more helpful than the official docs.

I am, however, running into some issues trying to build my own image, based on the official php:7.2-fpm image. The issue I’m having right now is when I attempt to add SSH support to my image. This is the important parts of my current Dockerfile (I hope this comes out alright in the comment):

FROM php:7.2-fpm

Install dependencies

RUN apt-get update && apt-get install -y
[…] &&
apt-get clean && rm -rf /var/lib/apt/lists/* &&
docker-php-ext-install
[…] &&
docker-php-ext-configure gd
[…] &&
docker-php-ext-install gd

Add Azure SSH config

COPY init_container.sh /bin/ RUN echo “root:Docker!” | chpasswd
&& apt update
&& apt-get install -y –no-install-recommends openssh-server
&& chmod 755 /bin/init_container.sh COPY sshd_config /etc/ssh/

Expose ports and start php-fpm server

EXPOSE 2222 9000

CMD [“/bin/init_container.sh”]

This is my init_container.sh:

#!/bin/bash service ssh start touch /home/LogFiles/node_${WEBSITE_ROLE_INSTANCE_ID}out.log echo “$(date) Container started” >> /home/LogFiles/node${WEBSITE_ROLE_INSTANCE_ID}_out.log

/usr/local/sbin/php-fpm

As you can probably tell, I’ve took chunks from your repo to try and adapt to my config, but something seems to be off.

The image builds alright but when I try to run it, I’m just getting the following error from my container: “/usr/local/bin/docker-php-entrypoint: 9: exec: /bin/init_container.sh: not found”.

If I run “docker run my_image ls -Al /bin/”, I can see that init_container.sh is there, and the file permissions look like everything else in /bin/.

Do you have any idea what could be the issue here?

Thanks! Erik

Jan Hajek

I am on my phone but to me it seems okay. I run it with ENTRYPOINT command. My PHP image is available here: https://github.com/hajekj/hajekjnet-php maybe you can check it out before I get to a PC today.

Jan Hajek

Also I set 777 permissions in my image. Honestly, I haven’t used the HHVM image for quite some time, so maybe something changed in Docker. The image of hajekjnet-php is something that powers my blog, so it should work 100% since it was last built a month or so ago.

Erik Forsberg

Thanks for your quick reply!

I tried setting 777 and just running it with ENTRYPOINT but to no avail.

Also, it seems like your PHP image doesn’t have the Azure SSH settings, am I right?

Erik Forsberg

That would be amazing, thanks a lot! Four days into trying to get this working on Azure, almost about to give up.. :)

Erik Forsberg

It seems I have finally found the solution to this problem. Changing the line endings from CRLF to LF seems to have done the trick (thanks to https://forums.docker.com/t/standard-init-linux-go-175-exec-user-process-caused-no-such-file/20025/8).

The issue now seems to be running “az webapp create-remote-connection […]” as I keep getting “Timeout Error, Unable to establish a connection”.

I’ve also tried WebSSH on Kudu, but my docker logs gives me this: Host from file: 172.16.1.7 DEBUG: Local ident: ‘SSH-2.0-ssh2js0.1.16’ on.error - Error: connect ECONNREFUSED 172.16.1.7:2222

Any idea?

Jan Hajek

Oh wow, that was a simple fix! Good to know!

Regarding the connection, I can see everything working fine for me with the setup. I am sorry, I am quite overwhelmed with work now, but I will try to take a look at it.

Are you running multiple instances in the App Service Plan?

Jan Hajek

By the way, this might come in handy - https://github.com/Azure-App-Service it is the official Microsoft images repo which has everything configured so you may want to start there.

Erik Forsberg

No worries, I very much appreciate any response whatsoever!

No, the App Service Plan is just running one instance. I’ll go through the PHP repos again to see if there’s anything I missed. Thanks!

Erik Forsberg

Hi again, I figured I’d let you know how things have gone so far.

By looking at Azure’s PHP image and the Django sample (https://github.com/Azure-Samples/docker-django-webapp-linux) I’ve managed to get my image with working SSH on port 2222, although only locally. When I put it up on Azure, I can’t create a tunnel with “az webapp create-remote-connection […]” (error message “WARNING - Remote debugging may not be setup properly. Reponse content: FAILURE:2222:Unable to connect to WebApp”) nor connect using WebSSH on Kudu (error message “connect ECONNREFUSED xxx.xxx.xxx.xxx:2222”).

I feel like I’ve soon tried all the tricks and “hacks” people have come up with to try and get SSH working on their containers on the entire web.

Did you run docker-compose on Azure with a working SSH image?

To submit comments, go to GitHub Discussions.