Docker-gitlab: Best practice for making gitlab ssh port available externally
Hi,
I've gotten gitlab running inside of docker now and was able to backup from my old gitlab vm and restore it into the new docker container. I am now at the point where the docker gitlab instance is listening to port 22 on it's private IP.
I am looking for any information on the best way to expose that through the public host interface?
Thank you!
Jeff
jwthomp
All 6 comments
I am currently solving this by using haproxy and have moved the main host ssh daemon off to another port.
jwthomp
on 5 Apr 2014
@jwthomp Currently there are 2 ways you can do this.
- As you have done, you can change the port number of the host ssh server and forward connections to port 22 to the container using the option
-p 22:22in the docker run command. There is no need to use haproxy. - Forward some other port on the host to port 22 of the container and use the GITLAB_SHELL_SSH_PORT configuration option to specify the forwarded port to the gitlab application so that the clone urls reflect this.
For example, add -p 10022:22 -e "GITLAB_SHELL_SSH_PORT=10022" to the docker run command. Now you will notice that the ssh clone urls in the gitlab server will change to the form ssh://[email protected]:10022/docker/docker-gitlab.git.
Make your pick.
sameersbn
on 5 Apr 2014
@jwthomp
Another way I have investigated in is creating a virtual macvlan interface on the docker host. This way you can assign a hwaddr to the interface, which allows your host to get the IP for the interface via DHCP (you can of course also just assign a static IP address).
You then basically just forward requests on the virtual interface to your gitlab container's external IP address. I also added a DNS entry, which points to the virtual interface, e.g. gitlab.example.com. This lets you use gitlab without changing the docker host's ssh port.
I planned on writing a tutorial on this method but http://blog.codeaholics.org/2013/giving-dockerlxc-containers-a-routable-ip-address/ outlines it pretty well. It should get you through the whole process.
mbrgm
on 5 Apr 2014
@jwthomp @mbrgm thats pretty sweet. Note that once https://github.com/dotcloud/docker/pull/4441 makes its way into docker master you will not require any extra setup. Just adding --net host to the docker run command will have the desired effect.
The feature is already added and is currently being tested and syntax is being finalized, so i think its only a couple of weeks away from landing into the master. As the saying goes "keep your eyes peeled"
sameersbn
on 6 Apr 2014
closing this issue.
sameersbn
on 6 Apr 2014
In my specific situation, where docker-gitlab is run inside the boot2docker-vm(host os is rhel 6.4, the kernel (2.6.32) is too old to run recent version of docker), the only workaround that I came up with is to configure iptables to forward git(ssh) connections. refer to http://stackoverflow.com/a/14637461/1994490 for details.
uwydoc
on 7 Apr 2015
Related issues
pmoralesp
路
3Comments
cyklodev
路
3Comments
GJRTimmer
路
4Comments
globalcitizen
路
4Comments
STOIE
路
4Comments
Most helpful comment
@jwthomp Currently there are 2 ways you can do this.
-p 22:22in the docker run command. There is no need to use haproxy.For example, add
-p 10022:22 -e "GITLAB_SHELL_SSH_PORT=10022"to the docker run command. Now you will notice that the ssh clone urls in the gitlab server will change to the form ssh://[email protected]:10022/docker/docker-gitlab.git.Make your pick.