1

I'm trying to run a gitlab docker image. I get trouble with ports already in use.

ERROR: for gitlab_web_1 Cannot start service web: driver failed programming external connectivity on endpoint gitlab_web_1 (a22b149b76f705ec3e00c7ec4f6bcad8f0e1b575aba1dbf621c4edcc4d4e5508): Error starting userland proxy: listen tcp 0.0.0.0:22: bind: address already in use

Here is my docker-compose.yml:

web:
  image: 'gitlab/gitlab-ee:latest'
  restart: always
  hostname: 'gitlab.example.com'
  environment:
    GITLAB_OMNIBUS_CONFIG: |
      external_url 'https://gitlab.example.com'
      # Add any other gitlab.rb configuration here, each on its own line
  ports:
    - '80:80'
    - '443:443'
    - '22:22'
  volumes:
    - '$GITLAB_HOME/config:/etc/gitlab'
    - '$GITLAB_HOME/logs:/var/log/gitlab'
    - '$GITLAB_HOME/data:/var/opt/gitlab'

I previously had the same error message for port 80 and 443. To fix it, I removed apache from my server. But I need the port 22 to ssh connect, so I don't know how to make it out...

  • Is it possible to have apache and a docker container running with the same ports?
  • Why does gitlab/gitlab-ee need the port 22?
sinsedrix
  • 4,336
  • 4
  • 29
  • 53
  • 1) No, on one machine each port can only be bound by one service. If you need multiple services to be available on the same port you need something like a reverse proxy. 2) probably the container provides the possibility to communicate with git via ssh ... – derpirscher Sep 14 '20 at 21:15
  • Ok @derpirscher, but I should be able to use the same port on multiple subdomains. So why not www.example.com with port 80/443 for the web and example.com with port 22 for ssh, then gitlab.example.com could use the same port? – sinsedrix Sep 14 '20 at 21:28
  • You probably think of an apache server serving multiple domains. But that's one service only. It's just one process. If you want apache on your host and apache in the container listen to the same port, that's not possible, because that would be two services/processes trying to bind the same board. – derpirscher Sep 14 '20 at 21:30
  • Read also here for possible workarounds https://stackoverflow.com/q/1694144/3776927 – derpirscher Sep 14 '20 at 21:48
  • Are you using ssh uris to connect to gitlab (e.g. `git clone git@gitlab.mycomp.com:my_group/project.git`) ? No) just don't bind the port (and disable ssh in the gui admin). Yes) Either change the port in gitlab.rb and map it locally (e.g. 2222:2222) or change your local ssh port to something else than 22. These are the fastest out of more options too long to add in a comment and off-topic on SO. Try serverfault.com if you need to go further. – Zeitounator Sep 14 '20 at 21:58
  • 1
    Quite a simple workaround (if it is applicable to your situation) without the need of changing the image's configuation is to make portmapping like `8443:443`, `8080:80` and `2222:22` which will connect port 8443 of your host to port 443 in your container. Of course, then everyone will need to use ports 8443, 8080 or 2222 to connect to the container. But you have the benefit of being able to connect to the host on ports 443, 80 and 22. – derpirscher Sep 15 '20 at 09:27
  • i'm having the exact same issue. Did you ever find a solution to this? It seems like something going on inside the container, I cannot find anything running on my macOS host. `sudo lsof -i :22` returns empty, so nothing on my host is listening on port 22. netstat doesn't return anything on TCP or UDP, is so it seems like some configuration issue within the gitlab image when trying to expose 22:22. – Byron May 16 '21 at 01:32
  • I believe gitlab needs port 22 if you want to use ssh to clone / or do anything over ssh with your git repos. – Byron May 16 '21 at 01:33
  • @Byron creating multiple VirtualHost worked – sinsedrix May 17 '21 at 14:24

2 Answers2

0

A friend told me about traefik that will answer to my needs: https://docs.traefik.io/.

Another solution would be to create as many VirtualHost as needed on apache and reroute them to local docker ports.

sinsedrix
  • 4,336
  • 4
  • 29
  • 53
  • This isn't a good idea because traefik is a reverse proxy for HTTP. See also the following answer: https://stackoverflow.com/a/44992424/2056125 – mhellmeier Oct 21 '20 at 22:40
0

Gitlab needs port 22 because it's the default port for ssh connections, which are used for push/pull of different repos.

Because there are two different protocols in this one question, they both have very different solutions.

SSH ports

To get around this, I followed the steps here, which explains how to update the /etc/gitlab/gitlab.rb file, to change the default listening port to something of your choosing (2289 in the example).

Notice, when the change is applied, when you Clone a repo, the "Clone with SSH" string changes to include this custom port.

Apache ports

AFAIK It's not possible to have two processes listening on the same port. Because of this, I publish different ports for the container (ie: 8080 and 8443), and use Apache with a virtual host, and a proxy to make it behave how users expect. This does assume you have control over your DNS.

This allows me to have several containers all publishing different ports, while apache listens on port 80/442, and acting as a proxy for those containers.

Tad Livingston
  • 1