Docker-gitlab: SSH configuration in host with multiple services

Created on 22 Jun 2015 · 6Comments · Source: sameersbn/docker-gitlab

Hi to all,
This is not really an issue, but I didn't know how to share this config.

I installed the image in a server already managing different services, and exposing ssh to different users for different purposes. I have no way to manage dns records for this machine, so I wanted to have a 'proxy' for SSH to forward requests made to the git user to the embedded SSH server in the image.

Instead I ended up with a different (possibly simpler) solution. The idea is:

have your container mount its volume data at /home/git/data:/home/git/data;
every new ssh key will be stored in /home/git/data/.ssh/authorized_keys and its entries will contain the command /home/git/gitlab-shell/bin/gitlab-shell key-x

So if you create in /home/git/gitlab-shell/bin/gitlab-shell a script like this:

#!/bin/bash
docker exec -i gitlab_gitlab_1 sh -c \
 "SSH_CONNECTION='$SSH_CONNECTION' SSH_ORIGINAL_COMMAND='$SSH_ORIGINAL_COMMAND' /home/git/gitlab-shell/bin/gitlab-shell $1"

Assuming that gitlab_gitlab_1 is the name of your gitlab container, this calls the command gitlab-shell into the container from the outside, using your host ssh server, only on the git user.
The only remaining bit is to link your .ssh/authorized_keys to the one manager by gitlab.

I just implemented this solution and it works. It allowed me to expose gitlab without arranging a different machine and having a single server exposing ssh to many users.

Are there other simpler solutions out there?

wontfix

Source

innuendonh

👍1

Most helpful comment

An update: I am having issues with this setup regarding file permissions.
What I suspect is that docker exec runs gitlab-shell as root, creating some files owned by root in the objects directory.
I am testing a little modification of the setup currently:

#!/bin/bash
docker exec -i -u git gitlab_gitlab_1 sh -c \
 "SSH_CONNECTION='$SSH_CONNECTION' SSH_ORIGINAL_COMMAND='$SSH_ORIGINAL_COMMAND' /home/git/gitlab-shell/bin/gitlab-shell $1"

Which means that I force the command to use the gituser instead of the default one (root).

EDIT: I actually checked that this change solves permission issues,

innuendonh on 25 May 2016

👍4

All 6 comments

@innuendonh I think you can install gitlab-shell on the host itself and use GITLAB_SSH_HOST if required. I haven't tried this but should probably work.

sameersbn on 22 Jun 2015

Thank you!
It was my first thought, but I had issues in upgrading gitlab on gentoo so
I tried to avoid having to install anything separated from the image.
Actually, I hoped I could achieve this as a configuration in ssh, but I
could not find any way to implement this behaviour. I hope this can be
useful for someone.
Il 22/giu/2015 19:08, "Sameer Naik" [email protected] ha scritto:

@innuendonh https://github.com/innuendonh I think you can install
gitlab-shell on the host itself and use GITLAB_SSH_HOST if required. I
haven't tried this but should probably work.

—
Reply to this email directly or view it on GitHub
https://github.com/sameersbn/docker-gitlab/issues/356#issuecomment-114180669
.

innuendonh on 22 Jun 2015

Thanks @innuendonh, I had to solve the same problem and found your solution great!
I ended up setting the data dir as the git user's home so I didn't have the linking problem for .ssh/authorized_keys.

In order to make the docker exec command work, the git user needs to be in the docker group.

Oh, and I believe the path has changed to /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell.

kwizzn on 23 Oct 2015

#!/bin/bash
docker exec -i -u git gitlab_gitlab_1 sh -c \
 "SSH_CONNECTION='$SSH_CONNECTION' SSH_ORIGINAL_COMMAND='$SSH_ORIGINAL_COMMAND' /home/git/gitlab-shell/bin/gitlab-shell $1"

Which means that I force the command to use the gituser instead of the default one (root).

EDIT: I actually checked that this change solves permission issues,

innuendonh on 25 May 2016

👍4

It could be further simplified as:

#!/bin/bash
# Proxy SSH requests to docker container
docker exec -i -u git gitlab sh -c "SSH_CONNECTION='$SSH_CONNECTION' SSH_ORIGINAL_COMMAND='$SSH_ORIGINAL_COMMAND' $0 $1"

IlyaSemenov on 31 May 2016

👍2

This issue has been automatically marked as stale because it has not had any activity for the last 60 days. It will be closed if no further activity occurs during the next 7 days. Thank you for your contributions.