Problem with SSH in self-hosted GitLab instance

dj-d · April 7, 2023, 2:56pm

Hello everyone, I launched a compose docker with the following images:

traefik:v3.0
gitlab/gitlab-ce:15.10.0-ce.0

The compose docker has the following configuration:

services:
  traefik:
    ...
    command:
      ...
      - --entryPoints.ssh.address=:2222

  gitlab:
    environment:
      ...
      GITLAB_SHELL_SSH_PORT: 2222
    
    labels:
      ...
      traefik.tcp.routers.gitlab-ssh.tls: true
      traefik.tcp.routers.gitlab-ssh.entrypoints: ssh
      traefik.tcp.routers.gitlab-ssh.rule: HostSNI(`${SERVICE_NAME:-gitlab}.${DOMAIN}`)

      traefik.tcp.routers.gitlab-ssh.service: gitlab-ssh-svc
      traefik.tcp.services.gitlab-ssh-svc.loadbalancer.server.port: 2222

My problem is that the moment I try to verify the ssh connection via the command ssh -Tvvv git@gitlab.domain.com -p 2222, the response is "Network is unreachable".

Could you give me some advice to solve this problem?

Thank you

bluepuma77 · April 8, 2023, 6:11pm

As far as I remember SSH is not using TLS, so you can only use HostSNI(`*`) for the TCP router rule and need a dedicated Traefik SSH entrypoint with only the single router and service for SSH.

dj-d · April 11, 2023, 10:24am

Thanks for the information regarding TLS, however I have already tried the settings you suggested unfortunately, the problem persists

Topic		Replies	Views
Routing the SSH port for GitLab-ce with docker swarm and using traefik Traefik v2 docker-swarm	1	212	July 1, 2024
Routing the SSH port for GitLab container Traefik v2 docker	5	13375	August 6, 2022
SSH With Forgejo (Gitea fork) Traefik v3 (latest) tcp	3	22	October 28, 2024
TCP catch-all router issue Traefik v2 docker-swarm , tcp	12	3463	June 27, 2022
TCP passthrough routing - Randomly routing to wrong container Traefik v2 docker , tcp	3	624	June 1, 2023

Problem with SSH in self-hosted GitLab instance

Related Topics