Add instructions to run in docker

[frostming]

I don't know which container registry you prefer, I choose GitHub packages in the PR.

[frostming]

So for saving users' trouble, I suggest that we commit the ssh keys in git, so users can just start a docker, then ssh into it (always).

If I understand correctly the .ssh/id_rsa must be exposed to the client for connecting, right? So user must prepare three parts: 1) a docker container, 2) a config file 3) the private key?

[laixintao]

If I understand correctly the .ssh/id_rsa must be exposed to the client for connecting, right?

Yes

So user must prepare three parts: 1) a docker container, 2) a config file 3) the private key?

Yes, but by default, users can use the default config (and we should keep it runnable always) and dev_datadir/.ssh/id_rsa to ssh in. so (2) and (3) can be provider by us by default. (maybe including -v dev_datadir:dev_datadir in docker start command?

[frostming]

(maybe including -v dev_datadir:dev_datadir in docker start command?

Yes, but since dev_datadir can't be auto-generated before starting the server, this directory must be prepared by the users.

It would be better if there are no manual steps except for a config file.

Maybe we can let users prepare the private key and paste the public key to the authorized_key themselves. No room for automation here because this information must be provided by the users. No need to mount dev_datadir, the contents of this directory should be all lobbyboy-generated. Or alternatively, use a default password for connection instead of key pairs.

[laixintao]

Or alternatively, use a default password for connection instead of key pairs.

I prefer this, commit default username/password and key pairs to repo, in dev_datadir. https://github.com/lobbyboy-ssh/lobbyboy/tree/main/dev_datadir . Since the main goal of the readme is only a quick taste, not a secure, complete setup.

So one can start it with a single docker command without configuring anything.

But we must warn user to change default credentials before deploying them to production.

[frostming]

Just added a default password to the config template and remove the built-in authorized key.

But the warning message cannot be printed on the client-side, I didn't find a better way for doing this.

[laixintao]

But the warning message cannot be printed on the client-side, I didn't find a better way for doing this.

Yes, but I don't think this will be a problem.

Since the warning should be printed to stderr when lobbyboy starts (there is no "client" to print, when the server just started, right?)

[laixintao]

looks good to me now! no private keys builtin, very well

🍨