4

here's my gitlab & traefik configuration

version: '3.7'
services:
  gitlab_web:
    image: 'gitlab/gitlab-ce:latest'
    restart: always
    hostname: 'gitlab.roger'
    container_name: gitlab-ce
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        external_url 'http://gitlab.roger'
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.gitlab_local.rule=Host(`gitlab.roger`)"
      - "traefik.http.routers.gitlab_roger.entrypoints=web"
      - "traefik.http.services.gitlab_roger.loadbalancer.server.port=80"
      - "traefik.tcp.routers.gitlab-ssh-roger.rule=HostSNI(`gitlab.roger`)"
      - "traefik.tcp.routers.gitlab-ssh-roger.entrypoints=ssh"
      - "traefik.tcp.routers.gitlab-ssh-roger.service=gitlab-ssh-roger"
      - "traefik.tcp.services.gitlab-ssh-roger.loadbalancer.server.port=22"
    volumes:
      - '$GITLAB_HOME/config:/etc/gitlab'
      - '$GITLAB_HOME/logs:/var/log/gitlab'
      - '$GITLAB_HOME/data:/var/opt/gitlab'
    networks:
      - rudak_traefik_network

  gitlab-runner:
    image: gitlab/gitlab-runner:alpine
    restart: always
    depends_on:
      - gitlab_web
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./runner.toml:/etc/gitlab-runner/config.toml
    networks:
      - rudak_traefik_network
networks:
  rudak_traefik_network:
    external: true

version: "3.7"

services:
  traefik:
    image: "traefik:v2.3"
    command:
      - "--configfile=/etc/traefik/traefik_static.yaml"
    ports:
      - "22:22"
      - "80:80"
      - "8080:8080"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./traefik_static.yaml:/etc/traefik/traefik_static.yaml:ro"
      - "./dynamic_conf.yaml:/etc/traefik/dynamic_conf.yaml:ro"
    networks:
      - rudak_traefik_network

networks:
  rudak_traefik_network:
    external: true

traefik_static.yaml

api:
  dashboard: true
  insecure: true

entryPoints:
  web:
    address: ":80"
  websecure:
    address: ":443"
  ssh:
    address: ":22"
providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
  file:
    filename: "/etc/traefik/dynamic_conf.yaml"

I have access to the gitlab web interface
I can access git clone from my different containers which are on the only rudak_traefik_network
I can git clone from my docker server too
my problem is that I can't access git clone from my remote pc

the traefik dashboard is all success with tcp router HostSNI(gitlab.roger) success too

the ssh key on my pc is correctly inserted in the gitlab interface and it works fine from any container, but I'm getting this

git clone git@gitlab.roger:roger/test-project.git
Cloning into 'test-project'...
git@gitlab.roger's password:

(my server's name is strangely roger, but I don't think that's the problem ^^.)

UpAndAdam
  • 4,515
  • 3
  • 28
  • 46
rudak
  • 379
  • 3
  • 16
  • 1
    are you sure that port 22 is available on the docker host? It may mistakenly use the hosts sshd server instead proxying to the gitlab container. – Likqez Jul 31 '23 at 06:14
  • I think that's what's happening, when I git clone * on port 22, I can't reach traefik because the host's ssh server catches the request beforehand and tries to process it. so I've tried changing the host's port 22 to 4567 to test it, but that doesn't work either, I can't reach traefik. from the host itself or inside my containers, no problem, but from the outside, impossible, ...for the moment. – rudak Aug 04 '23 at 22:01
  • Does cloning over HTTPS work? – Nick ODell Aug 04 '23 at 22:28
  • yes, it works with http – rudak Aug 04 '23 at 23:27
  • Can you try and edit `/etc/ssh/sshd_config` on your host machine. Look for the line that says `Port 22` and change it to `Port `, e.g., `Port 4567`. And `sudo systemctl restart sshd`. Make sure you can SSH into your host with the new port (`ssh -p user@your_server`). Then update your `git clone` command: `GIT_SSH_COMMAND="ssh -p 22" git clone git@gitlab.roger:roger/test-project.git`. – VonC Aug 06 '23 at 12:44
  • From your local box, did you actually set to use the ssh key? like mentioned here https://stackoverflow.com/a/11251797/6336357 ? – Rick Rackow Aug 08 '23 at 09:54
  • What happens if you ssh into your gitlab: `ssh git@gitlab.roger` It should tell you who you are. If not, your SSH keys aren't set up correctly. – To1ne Aug 09 '23 at 15:09
  • no, i've tried these techniques but i still get the same thing, it looks like my server is responding instead of passing me through traefik ssh – rudak Aug 11 '23 at 16:14

0 Answers0