1

I have setup gitea using docker-compose, External SSH port of my machine is 4444 which I set in sshd_config

version: '2'
volumes:
  gitea:
  postgres:
networks:
  gitea:
    external: false

services:
  server:
    image: gitea/gitea:latest
    env_file:
      - .env
    restart: always
    networks:
      - gitea
    volumes:
      - gitea:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
      - "3000:3000"
      - "2222:22"
    depends_on:
      - postgres
  postgres:
      image: postgres:9.6
      restart: always
      env_file:
        - gittea_db.env
      networks:
        - gitea
      ports:
        - "5432:5432"
      volumes:
        - postgres:/var/lib/postgresql/data

Following is .env file

USER_UID=1002
USER_GID=1001
DB_TYPE=postgres
DB_HOST=postgres:5432
DB_NAME=gittea
DB_USER=gittea
DB_PASSWD=password12
INSTALL_LOCK=True
APP_NAME=myapp
RUN_MODE=prod
DOMAIN=source.smarticlelabs.com
ROOT_URL=https://source.smarticlelabs.com
SSH_LISTEN_PORT=22
SSH_PORT=2222

But when I try to clone a repo after adding my ssh key I receive this error

git clone ssh://[email protected]:2222/superadmin/testrepo.git
Cloning into 'testrepo'...
ssh: connect to host 51.15.245.237 port 2222: Connection refused
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
2
  • From your docker file your should try git clone ssh://[email protected]:22/superadmin/testrepo.git as the local 2222 port is redirected to 22. That's a totally different sshd daemon than the one running on your host. Commented Jul 6, 2020 at 9:30
  • Don't you have some kind of firewall on your machine that prevents you to connect to the port 2222 ? You may check with something like iptables -L Commented Jul 8, 2020 at 21:49

1 Answer 1

2

As others pointed out this might actually be a Firewall issue.
To troubleshoot this you firstly should verify that your container is actually runing with docker-compose ps

# docker-compose ps
 Name                Command               State           Ports         
-------------------------------------------------------------------------
server               [cmd ...]             Up              0.0.0.0:22->2222/tcp

Next you should check on your Docker Host that the Port is actually exposed with netstat -lpn|grep -i 2222:

# netstat -lpn|grep -i 2222
tcp6       0      0 :::2222                 :::*                    LISTEN      7216/docker-proxy-c

This should also match with the local Docker Host Firewall with iptables-save|grep -i 2222:

# iptables-save|grep -i 2222
-A POSTROUTING -s 172.18.0.2/32 -d 172.18.0.2/32 -p tcp -m tcp --dport 2222 -j MASQUERADE
-A DOCKER ! -i br-0383ea873b82 -p tcp -m tcp --dport 2222 -j DNAT --to-destination 172.18.0.2:2222
-A DOCKER -d 172.18.0.2/32 ! -i br-0383ea873b82 -o br-0383ea873b82 -p tcp -m tcp --dport 2222 -j ACCEPT

When all these Checks are positive it might be an Issue with your External Firewall at your Internet IP 51.15.245.237

You can check that with connecting from another Host on the same IntraNet as your Docker Host.

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .