Quick Tip: Running GitLab (Omnibus Package) with a nonstandard SSH Port

In some setups, it is helpful to have free choice over the SSH Port used for Git SSH cloning. In my case, I only have a single publicly-routable IPv4 at my disposal, which I use with a reverse proxy / NAT setup to access services running on my network. For this example, I will use 2222 as the new SSH port for git.

Changing GitLab Configuration #

In the /etc/gitlab/gitlab.rb, set the configuration option gitlab_rails['gitlab_shell_ssh_port'] = 2222. Note that this option is present in the file as a comment by default - make sure to actually comment it out. Then, reconfigure gitlab with gitlab-ctl reconfigure - I also had to do a gitlab-ctl restart. If everything has gone right, you should be able to see the port reflected in the SSH clone URLs of any of your projects:

Changing port with sshd #

For now, cloning with the new port won't work, since the configuration option in GitLab does not change the actual port of the ssh daemon. GitLab is using the system sshd daemon that is usually pre-installed on the host OS that Omnibus is running on. To change the port on Ubuntu, go to /etc/ssh/sshd_config, uncomment the Port option to set Port 2222, and restart sshd

If you try to clone a repository now with the link provided in the web UI, it should work just like before. If not, it is time to do some troubleshoothing: On the gitlab host, try running tcpdump -i eth0 port 2222 to monitor TCP communication (substitute eth0 for your internet-connected ethernet device).

• If nothing shows up while cloning, there is some sort of network issue that prevents packets from reaching the host in the first place.
• If the host sends a RST immediately, it is not listening correctly. Have you configured sshd?
• If you have some Proxying or NAT inbetween, that can also be an issue.

SSH client configuration #

With the port change, all existing clones of repositories on your hard drive will fail to contact their origin, since the saved origin URL does not contain the new port. You can update the origin for these projects, but it is generally quicker to specify the port in the system SSH configuration for the host. To do this, add the following entry to ~/.ssh/config:

Host git.example.com
	Port 2222

Comments

If you have any questions or comments, please feel free to reach out to me by sending an email to blog(at)krisnet.de.

• Next: Enabling USB Hotplug support with USB Hubs in Proxmox
• Previous: Streaming from the Raspberry Pi Camera with gstreamer