Add support and document how to expose ssh port in dockerized gitlab-ce #1731
Conversation
|
@solidnerd thanks for your code review, I have resolved all your conversation. Can you review my last update? |
…/etc/ssh/sshd_config to support ssh host forwarding to GitLab container
…nd contrib/expose-gitlab-ssh-port.sh configuration script
|
Otherwise it's look fine to me . But in terms of security it's a big hack. |
Why? Where? |
|
@solidnerd My last comments are clear? |
|
@solidnerd, the gentlest of bumps on this. Have two minute to take a look on this review? |
|
I currently have a setup that runs on https only, because I need SSH for the host system (and I have no control over the firewall, so I can't just remap to a different port either). This sounds like it is the perfect solution. I am hesitant to run this unless someone more familiar with gitlab or SSH has taken a closer look at it. Could someone give this a blessing or at least comment on it? |
|
@solidnerd I have seen and merged all your Pull Requests in docker-gitlab-vagrant-test repository. I assume that you have tested |
I'd be happy to get your feedback 🙂 |
|
Hey @harobed, yes I tested it it works. It found some configuration edge cases but I think this is out of scope. The method works only if you don't enable fast lookup for authorized ssh keys. https://docs.gitlab.com/ce/administration/operations/fast_ssh_key_lookup.html . For the first time we could add this. So LGTM ! |
|
@solidnerd thanks 🙂 |
Hi,
the goal of this Pull Request is to add support and document how to expose ssh port in dockerized gitlab-ce.
To implement that, I needed to add
%h/.ssh/authorized_keys_proxytoAuthorizedKeysFileparameter in/etc/ssh/sshd_configto support ssh host forwarding to GitLab container.How to test it: https://github.com/harobed/docker-gitlab-vagrant-test