toolshed/abra
4
3
Fork 21
Code Issues 38 Pull Requests 4 Packages Releases 42 Activity

My computer gets locked out from the server #743

New Issue
Open
opened 2025-12-30 22:29:08 +00:00 by jeppebundsgaard · 2 comments
jeppebundsgaard commented 2025-12-30 22:29:08 +00:00
Copy Link

This is a very weird problem, but I am pretty confident that it is related to abra. It has happned a few times, each time when I was deploying an app. The deployment halts, and after that, I cannot get in contact with the server from this computer. Not via abra, and not via ssh, either.
The strange thing is that I can connect when behind a VPN or from my mobile phone (even on wifi, I have just found out). And from this computer I can connect to other servers.

I have done all kinds of tests of ip-tables, fail2ban, sshguard and more. The problem is not the typical firewalls on the server. I also contacted Hetzner to ask them if it was something in between my computer and the server. I ran MTR-tests following this guide: https://docs.hetzner.com/cloud/servers/network-diagnosis-and-report-to-hetzner. They showed that the problem is at the server (which is maybe strange, given I can access from my phone on wifi, (so it is not the ip that gets locked out ...)).

After some time (hours at least), I get access again from this computer.

So my question is now: might abra be doing something that can end up prohibiting ssh-access from the specific computer that runs abra, to the specific server?

I am on Ubuntu 25.10.

Hope someone can point me in the right direction.

This is a very weird problem, but I am pretty confident that it is related to abra. It has happned a few times, each time when I was deploying an app. The deployment halts, and after that, I cannot get in contact with the server from this computer. Not via abra, and not via ssh, either. The strange thing is that I can connect when behind a VPN or from my mobile phone (even on wifi, I have just found out). And from this computer I can connect to other servers. I have done all kinds of tests of ip-tables, fail2ban, sshguard and more. The problem is not the typical firewalls on the server. I also contacted Hetzner to ask them if it was something in between my computer and the server. I ran MTR-tests following this guide: [https://docs.hetzner.com/cloud/servers/network-diagnosis-and-report-to-hetzner](https://docs.hetzner.com/cloud/servers/network-diagnosis-and-report-to-hetzner). They showed that the problem is at the server (which is maybe strange, given I can access from my phone on wifi, (so it is not the ip that gets locked out ...)). After some time (hours at least), I get access again from this computer. So my question is now: might abra be doing something that can end up prohibiting ssh-access from the specific computer that runs abra, to the specific server? I am on Ubuntu 25.10. Hope someone can point me in the right direction.
👀 1
decentral1se commented 2026-01-01 15:02:58 +00:00
Owner
Copy Link

@jeppebundsgaard weird! if you run with --debug you can share us some logs? I think abra does make repeated connections to the server (via SSH) for accessing the daemon which could be getting interpreted as spam? Without some logs or further information, it's hard to help further...

@jeppebundsgaard weird! if you run with `--debug` you can share us some logs? I think `abra` does make repeated connections to the server (via SSH) for accessing the daemon which could be getting interpreted as spam? Without some logs or further information, it's hard to help further...
decentral1se added the
question
 label 2026-01-01 17:43:51 +00:00
jeppebundsgaard commented 2026-01-10 09:49:20 +00:00
Author
Copy Link

It doesn't happen at once - so I need to go a little back and forth. But now it happened again:

abra app deploy git.xn--folkefderation-vqb.dk --force --debug

DEBU <cli/run.go:137> abra version: 0.12.0-beta, commit: db7c4042, lang: en
DEBU <app/app.go:295> collecting metadata from 3 servers: coopcloud.xn--folkefderation-vqb.dk, fynsland.com, xn--folkefderation-vqb.dk
DEBU <git/read.go:130> no /home/jeppe/.gitignore exists, skipping reading gitignore paths
DEBU <git/read.go:52> git status: /home/jeppe/.abra/recipes/forgejo: clean
DEBU <app/app.go:41> loaded app git.xn--folkefderation-vqb.dk: {name: git.xn--folkefderation-vqb.dk, recipe: {name: forgejo, version : 5.0.1+13.0.3-rootless, dirty: false, dir: /home/jeppe/.abra/recipes/forgejo, git url: https://git.coopcloud.tech/coop-cloud/forgejo.git, ssh url: ssh://git@git.coopcloud.tech:2222/coop-cloud/forgejo.git, compose: /home/jeppe/.abra/recipes/forgejo/compose.yml, readme: /home/jeppe/.abra/recipes/forgejo/README.md, sample env: /home/jeppe/.abra/recipes/forgejo/.env.sample, abra.sh: /home/jeppe/.abra/recipes/forgejo/abra.sh}, domain: git.xn--folkefderation-vqb.dk, env map[COMPOSE_FILE:compose.yml:compose.mariadb.yml:compose.smtp.yml DOMAIN:git.xn--folkefderation-vqb.dk ENABLE_BACKUPS:true GITEA_ALLOWED_USER_VISIBILITY_MODES:limited,private GITEA_ALLOW_ONLY_EXTERNAL_REGISTRATION:true GITEA_APP_NAME:Folkeføderations Gitter GITEA_AUTO_WATCH_NEW_REPOS:false GITEA_DEFAULT_ALLOW_CREATE_ORGANIZATION:false GITEA_DEFAULT_KEEP_EMAIL_PRIVATE:true GITEA_DEFAULT_ORG_VISIBILITY:limited GITEA_DEFAULT_USER_VISIBILITY:limited GITEA_DISABLE_GRAVATAR:false GITEA_DISABLE_REGISTRATION:false GITEA_DISABLE_REGULAR_ORG_CREATION:true GITEA_DOMAIN:git.xn--folkefderation-vqb.dk GITEA_ENABLE_FEDERATED_AVATAR:true GITEA_ENABLE_NOTIFY_MAIL:true GITEA_ENABLE_OPENID_SIGNIN:true GITEA_ENABLE_OPENID_SIGNUP:true GITEA_ENABLE_PUSH_CREATE_ORG:false GITEA_ENABLE_PUSH_CREATE_USER:false GITEA_ENABLE_USER_HEATMAP:false GITEA_LANDING_PAGE:organizations GITEA_LFS_START_SERVER:false GITEA_MAILER_ADDR:mail.bundsgaard.net GITEA_MAILER_FROM:folke@xn--folkefderation-vqb.dk GITEA_MAILER_PORT:465 GITEA_MAILER_PROTOCOL:smtps GITEA_MAILER_USER:folke@xn--folkefderation-vqb.dk GITEA_REPO_UPLOAD_ALLOWED_TYPES:/ GITEA_REPO_UPLOAD_ENABLED:true GITEA_REPO_UPLOAD_MAX_FILES:5 GITEA_REPO_UPLOAD_MAX_SIZE:50 GITEA_REQUIRE_SIGNIN_VIEW:true GITEA_SHOW_USER_EMAIL:false GITEA_SMTP_MAILER_ENABLED:1 GITEA_SSH_ENABLED:1 GITEA_SSH_PORT:2222 LETS_ENCRYPT_ENV:production SECRET_DB_PASSWORD_VERSION:v1 SECRET_DB_ROOT_PASSWORD_VERSION:v1 SECRET_INTERNAL_TOKEN_VERSION:v1 SECRET_JWT_SECRET_VERSION:v1 SECRET_LFS_JWT_SECRET_VERSION:v1 SECRET_SECRET_KEY_VERSION:v1 SECRET_SMTP_PASSWORD_VERSION:v1 TYPE:forgejo:5.0.1+13.0.3-rootless], server coopcloud.xn--folkefderation-vqb.dk, path /home/jeppe/.abra/servers/coopcloud.xn--folkefderation-vqb.dk/git.xn--folkefderation-vqb.dk.env}
DEBU <internal/validate.go:106> validated git.xn--folkefderation-vqb.dk as app argument
DEBU <git/read.go:130> no /home/jeppe/.gitignore exists, skipping reading gitignore paths
DEBU <git/read.go:52> git status: /home/jeppe/.abra/recipes/forgejo: clean
DEBU <git/branch.go:99> successfully checked out refs/heads/main in /home/jeppe/.abra/recipes/forgejo
DEBU <recipe/git.go:278> fetched latest git changes for forgejo
DEBU <recipe/git.go:50> ensuring env version 5.0.1+13.0.3-rootless
DEBU <recipe/git.go:151> read 1.0.0+1.14.5-rootless, 1.1.0+1.15.0-rootless, 1.1.1+1.15.3-rootless, 1.1.2+1.15.6-rootless, 1.1.3+1.15.10-rootless, 1.2.0+1.16.3-rootless, 1.2.1+1.16.8-rootless, 1.3.0+1.17.2-rootless, 1.3.1+1.17.3-rootless, 2.0.0+1.18.0-rootless, 2.0.1+1.18.2-rootless, 2.1.0+1.18.5-rootless, 2.1.2+1.19.3-rootless, 2.10.0+1.22.1-rootless, 2.10.1+1.22.2-rootless, 2.11.0+1.22.2-rootless, 2.2.0+1.19.3-rootless, 2.3.0+1.20.1-rootless, 2.3.1+1.20.1-rootless, 2.3.2+1.20.3-rootless, 2.3.3+1.20.5-rootless, 2.4.0+1.21.0-rootless, 2.5.0+1.21.1-rootless, 2.5.1+1.21.4-rootless, 2.5.2+1.21.5-rootless, 2.6.0+1.21.5-rootless, 2.6.1+1.21.10-rootless, 2.6.2+1.21.10-rootless, 2.7.0+1.21.11-rootless, 2.8.0+1.21.11-rootless, 2.9.0+1.22.0-rootless, 2.9.1+1.22.0-rootless, 3.0.0+1.22.2-rootless, 3.0.1+1.22.3-rootless, 3.0.2+1.22.6-rootless, 3.0.3+1.22.6-rootless, 3.1.0+1.23.0-rootless, 3.1.1+1.23.1-rootless, 3.2.0+1.23.1-rootless, 3.3.0+1.23.1-rootless, 3.3.1+1.23.8-rootless, 3.4.0+1.24.2-rootless, 3.5.0+1.24.2-rootless, 3.5.1+1.24.2-rootless, 3.5.2+1.24.2-rootless, 4.0.0+12.0.2-rootless, 4.0.1+12.0.2-rootless, 4.0.2+12.0.2-rootless, 5.0.0+13.0.2-rootless, 5.0.1+13.0.3-rootless, 5.0.2+13.0.4-rootless as tags for recipe forgejo
DEBU <recipe/git.go:178> successfully checked forgejo out to 5.0.1+13.0.3-rootless in /home/jeppe/.abra/recipes/forgejo
DEBU <client/client.go:111> created client for coopcloud.xn--folkefderation-vqb.dk
DEBU <commandconn/commandconn.go:49> commandconn: starting ssh with [-- coopcloud.xn--folkefderation-vqb.dk docker system dial-stdio]
FATA connection timed out for coopcloud.xn--folkefderation-vqb.dk

This is what happens when I connect via ssh:
ssh coopcloud -v

debug1: OpenSSH_10.0p2 Ubuntu-5ubuntu5, OpenSSL 3.5.3 16 Sep 2025
debug1: Reading configuration data /home/jeppe/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/20-systemd-ssh-proxy.conf
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to coopcloud [46.62.202.209] port 22.
debug1: connect to address 46.62.202.209 port 22: Connection timed out
ssh: connect to host coopcloud port 22: Connection timed out

Then I connect to VPN, and now I get access:

...
DEBU <client/client.go:111> created client for coopcloud.xn--folkefderation-vqb.dk
DEBU <commandconn/commandconn.go:49> commandconn: starting ssh with [-- coopcloud.xn--folkefderation-vqb.dk docker system dial-stdio]
DEBU <app/deploy.go:94> checking whether git_xn--folkefderation-vqb_dk is already deployed
...

And ssh as well:
ssh coopcloud -v

debug1: OpenSSH_10.0p2 Ubuntu-5ubuntu5, OpenSSL 3.5.3 16 Sep 2025
debug1: Reading configuration data /home/jeppe/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/ssh_config.d/20-systemd-ssh-proxy.conf
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to coopcloud [46.62.202.209] port 22.
debug1: Connection established.
...

It doesn't happen at once - so I need to go a little back and forth. But now it happened again: `abra app deploy git.xn--folkefderation-vqb.dk --force --debug` > DEBU <cli/run.go:137> abra version: 0.12.0-beta, commit: db7c4042, lang: en > DEBU <app/app.go:295> collecting metadata from 3 servers: coopcloud.xn--folkefderation-vqb.dk, fynsland.com, xn--folkefderation-vqb.dk > DEBU <git/read.go:130> no /home/jeppe/.gitignore exists, skipping reading gitignore paths > DEBU <git/read.go:52> git status: /home/jeppe/.abra/recipes/forgejo: clean > DEBU <app/app.go:41> loaded app git.xn--folkefderation-vqb.dk: {name: git.xn--folkefderation-vqb.dk, recipe: {name: forgejo, version : 5.0.1+13.0.3-rootless, dirty: false, dir: /home/jeppe/.abra/recipes/forgejo, git url: https://git.coopcloud.tech/coop-cloud/forgejo.git, ssh url: ssh://git@git.coopcloud.tech:2222/coop-cloud/forgejo.git, compose: /home/jeppe/.abra/recipes/forgejo/compose.yml, readme: /home/jeppe/.abra/recipes/forgejo/README.md, sample env: /home/jeppe/.abra/recipes/forgejo/.env.sample, abra.sh: /home/jeppe/.abra/recipes/forgejo/abra.sh}, domain: git.xn--folkefderation-vqb.dk, env map[COMPOSE_FILE:compose.yml:compose.mariadb.yml:compose.smtp.yml DOMAIN:git.xn--folkefderation-vqb.dk ENABLE_BACKUPS:true GITEA_ALLOWED_USER_VISIBILITY_MODES:limited,private GITEA_ALLOW_ONLY_EXTERNAL_REGISTRATION:true GITEA_APP_NAME:Folkeføderations Gitter GITEA_AUTO_WATCH_NEW_REPOS:false GITEA_DEFAULT_ALLOW_CREATE_ORGANIZATION:false GITEA_DEFAULT_KEEP_EMAIL_PRIVATE:true GITEA_DEFAULT_ORG_VISIBILITY:limited GITEA_DEFAULT_USER_VISIBILITY:limited GITEA_DISABLE_GRAVATAR:false GITEA_DISABLE_REGISTRATION:false GITEA_DISABLE_REGULAR_ORG_CREATION:true GITEA_DOMAIN:git.xn--folkefderation-vqb.dk GITEA_ENABLE_FEDERATED_AVATAR:true GITEA_ENABLE_NOTIFY_MAIL:true GITEA_ENABLE_OPENID_SIGNIN:true GITEA_ENABLE_OPENID_SIGNUP:true GITEA_ENABLE_PUSH_CREATE_ORG:false GITEA_ENABLE_PUSH_CREATE_USER:false GITEA_ENABLE_USER_HEATMAP:false GITEA_LANDING_PAGE:organizations GITEA_LFS_START_SERVER:false GITEA_MAILER_ADDR:mail.bundsgaard.net GITEA_MAILER_FROM:folke@xn--folkefderation-vqb.dk GITEA_MAILER_PORT:465 GITEA_MAILER_PROTOCOL:smtps GITEA_MAILER_USER:folke@xn--folkefderation-vqb.dk GITEA_REPO_UPLOAD_ALLOWED_TYPES:*/* GITEA_REPO_UPLOAD_ENABLED:true GITEA_REPO_UPLOAD_MAX_FILES:5 GITEA_REPO_UPLOAD_MAX_SIZE:50 GITEA_REQUIRE_SIGNIN_VIEW:true GITEA_SHOW_USER_EMAIL:false GITEA_SMTP_MAILER_ENABLED:1 GITEA_SSH_ENABLED:1 GITEA_SSH_PORT:2222 LETS_ENCRYPT_ENV:production SECRET_DB_PASSWORD_VERSION:v1 SECRET_DB_ROOT_PASSWORD_VERSION:v1 SECRET_INTERNAL_TOKEN_VERSION:v1 SECRET_JWT_SECRET_VERSION:v1 SECRET_LFS_JWT_SECRET_VERSION:v1 SECRET_SECRET_KEY_VERSION:v1 SECRET_SMTP_PASSWORD_VERSION:v1 TYPE:forgejo:5.0.1+13.0.3-rootless], server coopcloud.xn--folkefderation-vqb.dk, path /home/jeppe/.abra/servers/coopcloud.xn--folkefderation-vqb.dk/git.xn--folkefderation-vqb.dk.env} > DEBU <internal/validate.go:106> validated git.xn--folkefderation-vqb.dk as app argument > DEBU <git/read.go:130> no /home/jeppe/.gitignore exists, skipping reading gitignore paths > DEBU <git/read.go:52> git status: /home/jeppe/.abra/recipes/forgejo: clean > DEBU <git/branch.go:99> successfully checked out refs/heads/main in /home/jeppe/.abra/recipes/forgejo > DEBU <recipe/git.go:278> fetched latest git changes for forgejo > DEBU <recipe/git.go:50> ensuring env version 5.0.1+13.0.3-rootless > DEBU <recipe/git.go:151> read 1.0.0+1.14.5-rootless, 1.1.0+1.15.0-rootless, 1.1.1+1.15.3-rootless, 1.1.2+1.15.6-rootless, 1.1.3+1.15.10-rootless, 1.2.0+1.16.3-rootless, 1.2.1+1.16.8-rootless, 1.3.0+1.17.2-rootless, 1.3.1+1.17.3-rootless, 2.0.0+1.18.0-rootless, 2.0.1+1.18.2-rootless, 2.1.0+1.18.5-rootless, 2.1.2+1.19.3-rootless, 2.10.0+1.22.1-rootless, 2.10.1+1.22.2-rootless, 2.11.0+1.22.2-rootless, 2.2.0+1.19.3-rootless, 2.3.0+1.20.1-rootless, 2.3.1+1.20.1-rootless, 2.3.2+1.20.3-rootless, 2.3.3+1.20.5-rootless, 2.4.0+1.21.0-rootless, 2.5.0+1.21.1-rootless, 2.5.1+1.21.4-rootless, 2.5.2+1.21.5-rootless, 2.6.0+1.21.5-rootless, 2.6.1+1.21.10-rootless, 2.6.2+1.21.10-rootless, 2.7.0+1.21.11-rootless, 2.8.0+1.21.11-rootless, 2.9.0+1.22.0-rootless, 2.9.1+1.22.0-rootless, 3.0.0+1.22.2-rootless, 3.0.1+1.22.3-rootless, 3.0.2+1.22.6-rootless, 3.0.3+1.22.6-rootless, 3.1.0+1.23.0-rootless, 3.1.1+1.23.1-rootless, 3.2.0+1.23.1-rootless, 3.3.0+1.23.1-rootless, 3.3.1+1.23.8-rootless, 3.4.0+1.24.2-rootless, 3.5.0+1.24.2-rootless, 3.5.1+1.24.2-rootless, 3.5.2+1.24.2-rootless, 4.0.0+12.0.2-rootless, 4.0.1+12.0.2-rootless, 4.0.2+12.0.2-rootless, 5.0.0+13.0.2-rootless, 5.0.1+13.0.3-rootless, 5.0.2+13.0.4-rootless as tags for recipe forgejo > DEBU <recipe/git.go:178> successfully checked forgejo out to 5.0.1+13.0.3-rootless in /home/jeppe/.abra/recipes/forgejo > DEBU <client/client.go:111> created client for coopcloud.xn--folkefderation-vqb.dk > DEBU <commandconn/commandconn.go:49> commandconn: starting ssh with [-- coopcloud.xn--folkefderation-vqb.dk docker system dial-stdio] > FATA connection timed out for coopcloud.xn--folkefderation-vqb.dk This is what happens when I connect via ssh: `ssh coopcloud -v` > debug1: OpenSSH_10.0p2 Ubuntu-5ubuntu5, OpenSSL 3.5.3 16 Sep 2025 > debug1: Reading configuration data /home/jeppe/.ssh/config > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Reading configuration data /etc/ssh/ssh_config.d/20-systemd-ssh-proxy.conf > debug1: /etc/ssh/ssh_config line 21: Applying options for * > debug1: Connecting to coopcloud [46.62.202.209] port 22. > debug1: connect to address 46.62.202.209 port 22: Connection timed out > ssh: connect to host coopcloud port 22: Connection timed out Then I connect to VPN, and now I get access: > ... > DEBU <client/client.go:111> created client for coopcloud.xn--folkefderation-vqb.dk > DEBU <commandconn/commandconn.go:49> commandconn: starting ssh with [-- coopcloud.xn--folkefderation-vqb.dk docker system dial-stdio] > DEBU <app/deploy.go:94> checking whether git_xn--folkefderation-vqb_dk is already deployed > ... And ssh as well: `ssh coopcloud -v` > debug1: OpenSSH_10.0p2 Ubuntu-5ubuntu5, OpenSSL 3.5.3 16 Sep 2025 > debug1: Reading configuration data /home/jeppe/.ssh/config > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Reading configuration data /etc/ssh/ssh_config.d/20-systemd-ssh-proxy.conf > debug1: /etc/ssh/ssh_config line 21: Applying options for * > debug1: Connecting to coopcloud [46.62.202.209] port 22. > debug1: Connection established. > ...
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
Something is not working
build
go build related issues
ci/cd
Building things with CI/CD
critical fix
https://docs.coopcloud.tech/federation/resolutions/passed/010/
design
UI/UX
documentation
Documenting all the things
duplicate
This issue or pull request already exists
easy-first-issue
Something for new people to get stuck into. We hope it's easy!
enhancement
New feature
help wanted
Need some help
i10n
Everything to do with localisation
i18n
Everything to do with internationalisation
installer
Everything to do with the install script.
invalid
Something is wrong
question
More information is needed
release
Release management
release-candidate
Related to the new release candidate
security
Security related
test
Unit/integration testing
wontfix
This won't be fixed
No Label
question
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
3wordchant aadil abra-bot ammaratef45 Apfelwurm carla cas coopcloud cyrnel decentral1se fauno iexos jade jmakdah2 joe-irving kawaiipunk knoflook kolaente lambdabundesverband linnealovespie moritz notplants p4u1 pharaohgraphy renovate-bot ripclap simon sixsmith trav val yksflip
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: toolshed/abra#743
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?