SSH clone Not working when Cloudflare proxy is enabled

Hii, I have just setup gitlab self hosted on a baremetal server using docker container. I am also using Nginx as a reverse proxy. I am sharing my docker-compose and nginx file (please see the images named gitlab-1 and gitlab-2)

This setup was working fine, in the DNS Only mode of cloudflare, with lets encrypt certificate. I was able to clone both with HTTPS and SSH

  • git clone **git clone ssh://

But after I enabled the cloudflare proxy with cloudflare certs and full end to end encryption. I could not clone. Everything is working fine, but I cannot clone

I cannot clone with this ::
git clone ssh:// (after cloudflare proxy is enabled - i cannot clone like this - earlier i can)
It keeps blinking for a long time and then gives the error.
Cloning into ‘myproject1’…
ssh: connect to host port 2224: Network is unreachable
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

However, I can easily clone when i use IP instead of domain
git clone ssh://git@xx.xx.xx.xx:2224/pcompany/myproject1.git (again, i can clone with IP even after the Cloudflare proxy is enabled)

Why is this happening. And I know that this is happening after I enabled cloudflare proxy.

Please suggest me a workaround for this

Few things to note:
1- we are using cloudflare free plan
2- We want to use the proxy mode
I am using because I cant show real domain
4- can we use another domain for ssh with proxy enabled, and try to proxy request to 2224 port somehow, does gitlab support it

One solution that i found is: SSH over HTTPS
I am sharing new docker compose (check gitlab-3 image)

My idea here is - to clone using
git clone ssh://git@xx.xx.xx.xx:443/pcompany/myproject1.git
and then nginx will listen to the request, and somehow proxy pass to port 2224

Is this correct? if not then what can I do

Hi @priyanshi

it stopped working, because Cloudflare proxy does not work with SSH. They have another (paid) product (Spectrum) to proxy TCP connections.

You can give it a try and tunnel SSH over HTTP, but I am not sure if git supports that.

1 Like