I recently installed Gitlab via the docker image on one of my servers. I set it up such that the host server has SSH running on port 8022 so that traffic meant for gitlab is forwarded to the gitlab container without having to remap ports in gitlab. But, I cannot push/pull/fetch from the hosted repositoryand I cannot SSH into the container. I am always seeing ‘Connection refused’.
Given that I can see SSHD running in the container (docker exec into the container and run lsod | grep sshd), I would expect that I should be able to access it via ssh.
Here’s a screenshot of attempting to manually SSH in to the container with debug. It doesn’t say much to me, but perhaps it does to someone else:
I’ve attempted a number of things. I’ve attempted different ports, I’ve changed the ‘gitlab_shell_ssh_port’ in the gitlab.rb, I’ve added various different ssh keys to my account… all result in ‘connection refued’.
since ports syntax is HOST_PORT:CONTAINER_PORT you are mapping port 8082 on host to port 22 in container. If you want to forward port 22 on host to nginx container you need to specify it as - "22:22" or simply - "22". Otherwise you should specify -p 8082 when trying to SSH to GitLab.
I don’t know why you are opening port 8082 on Nginx container. Do you need to pass SSH traffic through Nginx?
Well I’ll be… It worked. Well kinda, I still can’t ssh…but my repository is working now, locally. I think something is blocking port 22 further down the line as I still can’t access it from my main domain (something like gitlab.example.io vs my local domain of gitlab.lan). But I can investigate that further elsewhere. I suspect it’s just a security configuration in the AWS box I’m using to re-route traffic around port 80/443 since those are blocked as well.
edit: Spoke to soon. Can only access it from one computer. Added another user for another machine. generated an SSH key and still failed:
$ git clone git@gitlab.lan:home/home-security.git
Cloning into ‘home-security’…
ssh: connect to host gitlab.lan port 22: Connection refused
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
ERROR: for gitlab-ce Cannot start service web: driver failed programming external connectivity on endpoint gitlab-ce (4828f2b611dd53da9cae36be4b50d90f4a6527a0076e70fbeaf437007853142b): Error starting userland proxy: listen tcp4
0.0.0.0:22: bind: address already in use
ERROR: for web Cannot start service web: driver failed programming external connectivity on endpoint gitlab-ce (4828f2b611dd53da9cae36be4b50d90f4a6527a0076e70fbeaf437007853142b): Error starting userland proxy: listen tcp4 0.0.0.0:22: bind: address already in use
I have the docker-compose container inside a VM that uses port 22 already for SSH but that VM is inside a XEN host, where I redirect the external port 22822 to 22 inside the VM, so the VM does not know anything aboutt he external port outside
I don’t know what should I reply here. You know port 22 is already taken by SSH so it cannot be taken by Docker for GitLab. So use another port for it.
I have the same issue and I manage to get clone with ssh to work on a custom port 8022 (using docker 20:8022)
The trick is to put ssh:// in front of the url: git clone ssh://git@192.168.2.174:8022/lwinkler/test-lw.git
I now have the issue that I don’t know how to set that this URL is displayed when a user clicks on the clone button.
You just have to set gitlab_rails[‘gitlab_shell_ssh_port’] = <your_port_num>. After gitlab-ctl reconfigure & restart, the ssh:// prefix will be automatically populated when you click the clone button.
