Doker reverse proxy port 22 (ssh)

I know, that this forum might not address reverse proxy configurations, but as many users are probably going to run a similar setup, I wanted to post this question here.

I set up a docker container running gitlab and mapping port 443 -> 443, 0.0.0.0:2222->22, :::2222->22 and 127.0.0.1:8080->80.

With nginx I have set up a reverse proxy:

server {
    server_name gitlab.<mydomain>;
    client_max_body_size 256M;

    location / {
            proxy_pass http://localhost:8080;

            proxy_read_timeout 3600s;
            proxy_http_version 1.1;
            # Websocket connection
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
    }

    listen [::]:443 ssl; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate ...; # managed by Certbot
    ssl_certificate_key ...; # managed by Certbot
    include ...; # managed by Certbot
    ssl_dhparam ...; # managed by Certbot

}

server {
    listen 80;
    listen [::]:80;

    server_name gitlab.<mydomain>;

    if ($host = gitlab.<mydomain>) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    return 404; # managed by Certbot
}

Now I also want to be able to clone via ssh with the gitlab.<mydomain> address, but still be able to ssh onto my server via the <mydomain> address.

Does anyone of you know a setup/ configuration, which achieves my above described setup?

Hi,

As far as I see there aren’t any problems with that. SSH to the container is on port 2222 redirected to port 22 inside the container. Therefore, to SSH to the server where the container is running, use port 22.

But I cannot clone any repository. When I attempt to clone a repository I get:

$ git clone git@gitlab.<mydomain>:<username>/<repo>.git
Cloning into '<repo>'...
git@gitlab.<mydomain>: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

I have full access to the repository and I added the ssh key of my machine with which I’m trying to clone to the GitLab keys.
The only way to clone the repo is by cloning via HTTP(S) and entering my credentials each time (which I would like to circumvent).

Since your Docker instance is using port 2222 for ssh, then you need to make sure that it’s working properly like this:

ssh -T git@gitlab.mydomain -p 2222

if you get a message like my example below:

ssh -T git@gitlab.mydomain.com -p 2222
Welcome to GitLab, @iwalker!

then that means your SSH key is working fine. Now, to address for failure, unless you have configured a .ssh/config file then your git command is going to connect on port 22 which doesn’t go to your gitlab instance. So then you need to add to .ssh/config this:

HOST gitlab.mydomain.com
HOSTNAME gitlab.mydomain.com
PORT 2222

then when you use your git clone command, it will read the config info from the .ssh/config file and allow you to connect.

See more on all this from the Gitlab docs: Use SSH keys to communicate with GitLab | GitLab