sameersbn
commented
9 years ago @innuendonh I think you can install gitlab-shell on the host itself and use GITLAB_SSH_HOST if required. I haven't tried this but should probably work.
Open innuendonh opened 9 years ago
sameersbn
commented
9 years ago @innuendonh I think you can install gitlab-shell on the host itself and use GITLAB_SSH_HOST if required. I haven't tried this but should probably work.
innuendonh
commented
9 years ago Thank you! It was my first thought, but I had issues in upgrading gitlab on gentoo so I tried to avoid having to install anything separated from the image. Actually, I hoped I could achieve this as a configuration in ssh, but I could not find any way to implement this behaviour. I hope this can be useful for someone. Il 22/giu/2015 19:08, "Sameer Naik" notifications@github.com ha scritto:
@innuendonh https://github.com/innuendonh I think you can install gitlab-shell on the host itself and use GITLAB_SSH_HOST if required. I haven't tried this but should probably work.
— Reply to this email directly or view it on GitHub https://github.com/sameersbn/docker-gitlab/issues/356#issuecomment-114180669 .
kwizzn
commented
9 years ago Thanks @innuendonh, I had to solve the same problem and found your solution great!
I ended up setting the data dir as the git user's home so I didn't have the linking problem for .ssh/authorized_keys.
In order to make the docker exec command work, the git user needs to be in the docker group.
Oh, and I believe the path has changed to /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell.
innuendonh
commented
8 years ago An update: I am having issues with this setup regarding file permissions.
What I suspect is that docker exec runs gitlab-shell as root, creating some files owned by root in the objects directory.
I am testing a little modification of the setup currently:
#!/bin/bash
docker exec -i -u git gitlab_gitlab_1 sh -c \
"SSH_CONNECTION='$SSH_CONNECTION' SSH_ORIGINAL_COMMAND='$SSH_ORIGINAL_COMMAND' /home/git/gitlab-shell/bin/gitlab-shell $1"Which means that I force the command to use the gituser instead of the default one (root).
EDIT: I actually checked that this change solves permission issues,
IlyaSemenov
commented
8 years ago It could be further simplified as:
#!/bin/bash
# Proxy SSH requests to docker container
docker exec -i -u git gitlab sh -c "SSH_CONNECTION='$SSH_CONNECTION' SSH_ORIGINAL_COMMAND='$SSH_ORIGINAL_COMMAND' $0 $1"
stale[bot]
commented
4 years ago This issue has been automatically marked as stale because it has not had any activity for the last 60 days. It will be closed if no further activity occurs during the next 7 days. Thank you for your contributions.
Hi to all, This is not really an issue, but I didn't know how to share this config.
I installed the image in a server already managing different services, and exposing ssh to different users for different purposes. I have no way to manage dns records for this machine, so I wanted to have a 'proxy' for SSH to forward requests made to the git user to the embedded SSH server in the image.
Instead I ended up with a different (possibly simpler) solution. The idea is:
/home/git/data/.ssh/authorized_keysand its entries will contain the command/home/git/gitlab-shell/bin/gitlab-shell key-xSo if you create in
/home/git/gitlab-shell/bin/gitlab-shella script like this:Assuming that
gitlab_gitlab_1is the name of your gitlab container, this calls the command gitlab-shell into the container from the outside, using your host ssh server, only on the git user. The only remaining bit is to link your.ssh/authorized_keysto the one manager by gitlab.I just implemented this solution and it works. It allowed me to expose gitlab without arranging a different machine and having a single server exposing ssh to many users.
Are there other simpler solutions out there?