Merge pull request #38 from Dstack-TEE/libressl

Fix libressl tls tunnel problem for ssh

Author: h4x3rotab

ssh-over-tproxy/README.md ssh-over-gateway/README.mdssh-over-tproxy/README.md renamed to ssh-over-gateway/README.md

@@ -1,6 +1,6 @@
-# SSH Over TPROXY Example
+# SSH Over Gateway Example
 
-This guide illustrates how to set up an SSH server within a tapp and access it using a public tproxy endpoint.
+This guide illustrates how to set up an SSH server within a tapp and access it using a public dstack-gateway endpoint.
 
 ## Installation Steps
 
@@ -11,9 +11,9 @@ This guide illustrates how to set up an SSH server within a tapp and access it u
    Add the following configuration block to your `~/.ssh/config` file:
    ```
    Host my-tee-box
-       ProxyCommand openssl s_client -quiet -connect <app-id>-1022.<tproxy-serv-domain>:443
+       ProxyCommand openssl s_client -quiet -connect <app-id>-1022.<dstack-serv-domain>:443
    ```
-   Be sure to replace `<app-id>` with your tapp's application ID and `<tproxy-serv-domain>` with your tproxy server's domain.
+   Be sure to replace `<app-id>` with your tapp's application ID and `<dstack-serv-domain>` with your dstack-gateway server's domain.
    Change the 443 to the port of the dstack-gateway if not using the default one.
    Example ProxyCommand: `ProxyCommand openssl s_client -quiet -connect c3c0ed2429a72e11e07c8d5701725968ff234dc0-1022.dstack-prod5.phala.network:443`
 
@@ -22,3 +22,14 @@ This guide illustrates how to set up an SSH server within a tapp and access it u
    ```
    ssh root@my-tee-box
    ```
+
+> [!WARNING]  
+> macOS users may encounter connection timeout problem when connecting to the tls endpoint. That's
+> because the `openssl` shipped with the OS is LibraSSL and the syntax is slightly different. You
+> can confirm your `openssl` version by `openssl version`.
+>
+> There's a simple fix. Install [homebrew](https://brew.sh/) and install OpenSSL:
+>
+> `brew install openssl`
+>
+> Then the connection should be good.

ssh-over-tproxy/docker-compose.yaml ssh-over-gateway/docker-compose.yamlssh-over-tproxy/docker-compose.yaml renamed to ssh-over-gateway/docker-compose.yaml

@@ -55,6 +55,7 @@ For dstack apps using dev OS images, SSH access is available through the CVM. Co
 ```bash
 Host my-dstack-app
     HostName <your-app-id>-22.<the-dstack-gateway-domain>
+    User root
     Port 443
     ProxyCommand openssl s_client -quiet -connect %h:%p
 ```
@@ -63,9 +64,19 @@ Change the 443 to the port of the dstack-gateway if not using the default one.
 
 2. Connect:
 ```bash
-ssh root@my-dstack-app
+ssh my-dstack-app
 ```
 
+> [!WARNING]  
+> macOS users may encounter connection timeout problem when connecting to the tls endpoint. That's
+> because the `openssl` shipped with the OS is LibraSSL and the syntax is slightly different. You
+> can confirm your `openssl` version by `openssl version`.
+>
+> There's a simple fix. Install [homebrew](https://brew.sh/) and install OpenSSL:
+>
+> `brew install openssl`
+>
+> Then the connection should be good.
 ## TCP Port Forwarding Options
 
 ### Using socat (Unix-like systems)