I’m trying to run gitlab in a docker container, which seems to run just fine.
A “docker ps” gives…
1b7037a84154 gitlab/gitlab-ce:latest "/assets/wrapper" 4 hours ago Up 2 hours (healthy) 0.0.0.0:10022->22/tcp, 0.0.0.0:10080->80/tcp, 0.0.0.0:10443->443/tcp
I can access the Web-UI, cloning via https works also fine.
However, when trying to use ssh:// instead of https://, I cannot access the server unless I’m running the git clone command from the host itself.
So, being logged in on docker_host_com, a
git clone ssh ...
However, being logged in on other_host_com, the same command fails (it does not even ask for the passphrase).
I’ve run tcpdump on the docker-host to verify that the “other” at least tries to connect
sudo tcpdump -i any port 10022
on docker.host yields a
23:22:09.052453 IP other_host_com.37142 > docker_host_com.10022: Flags [S], seq 864957212, win 64240, options [mss 1460,sackOK,TS val 2850033950 ecr 0,nop,wscale 7], length 0
but nothing else really happens.
sudo tcpdump -vvv -i any port 22
inside the gitlab container shows no reaction when the “git clone” is run from “other_host_com”, but a LOT of traffic when “git clone” is run on “docker_host_com”
HOWEVER, this is not restricted to gitlab! I tried the same with some simple “ssh” docker image
docker run --rm --publish=2222:22 sickp/alpine-sshd:7.5-r2
and the results when trying to ssh into that image are the same: it works from “docker_host_com”, but not from “other_host_com”.
I’m running ufw on “docker_host_com”, but that shouldn’t stand in the way, as far as I understood, as docker ignores ufw anyway. I also disabled ufw, but that would not help.
Interestingly, when I run some other container that does NOT use port 22 inside (e.g.
docker run -rm -p 9999:80 -d nginxdemos/hello
everything works fine from both the “docker” and the “other” host.
returns the same results on both “docker_host_com” and “other_host_com”
What am I doing wrong?
PS: Sorry, I had to cripple some of the URLs because as a new user I must not put more than two links in a post. That’s a … difficult rule.