I’ve been fighting with a GitLab CE install lately and oh, my, how weird and nontrivial it appeared to be. For instance, to configure email I had to keep editing the config file (since there is no web interface to configure it), triggering email sending, watching the logs until it finally worked. What a PITA! Was it so difficult to add a basic web interface with a “Test” button to configure it easier? I get it, it’s free, so I should be grateful that it is capable of sending emails at all (and I am), but there are tons of opensource tools that do offer this luxury. So my suspicion is that Gitlab is intentionally making the free Community Edition so difficult to use to steer the users towards the paid Enterprise Endition.
Anyway, this post is about SSH access for git clone, not email. It appeared that a lot of people are running into the problem when GitLab docker installed using docker won’t work with “git clone ssh://…”. There are multiple reasons for this:
- Most common reason is that GitLab’s instructions, documentation and configuration is all about running it on a dedicated server. The command they recommend to run (source: https://docs.gitlab.com/ee/install/docker.html) has this line: “–publish 443:443 –publish 80:80 –publish 22:22”. What it does is it maps all GitLab ports to your server ports that are very likely already occupied by other applications. So this is not going to work, you will need to map GitLab to alternative ports like so: “-p 8888:80 -p 2222:22”. Note that I didn’t expose port 443, because most likely you will want to terminate https on your reverse proxy, instead of relying on gitlab termination.
- The other issue is that after mapping GitLab’s ports to alternative ports a lot of users forget to ensure that the firewalls actually allow access to these ports. Please do verify that and make sure you can access the alternative ports by running “telnet <your GitLab server name> 2222” and see if telnet is able to connect to your GitLab SSH port from outside
Once you mapped the ports correctly and configured the firewall it still won’t work! For example, if you will go to the GitLab’s web interface and check out the “Clone Ropository” URLs, you will see that for ssh clone it will look like “git@gitlab.server.com:groupname/projectname.git”, which is not even a valid URL!
So the last step you need to do is to edit /etc/gitlab/gitlab.rb config file and add (or uncomment+edit) this line: “gitlab_rails[‘gitlab_shell_ssh_port’] = 2222”. No need to change anything else.
Now restart the GitLab container for the changes to take effect and the “Clone” URL should be came correct and, more importantly, it should start working.