From 6d6976c08b801229dc620fb0f86f88ee8c739085 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ste=CC=81phane=20Klein?= Date: Sun, 16 Sep 2018 16:37:41 +0200 Subject: [PATCH 1/2] Add %h/.ssh/authorized_keys_proxy to AuthorizedKeysFile parameter in /etc/ssh/sshd_config to support ssh host forwarding to GitLab container --- assets/build/install.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/assets/build/install.sh b/assets/build/install.sh index 7fc7c7a6..2216a698 100755 --- a/assets/build/install.sh +++ b/assets/build/install.sh @@ -210,6 +210,7 @@ sed -i \ -e "s|^[#]*UsePrivilegeSeparation yes|UsePrivilegeSeparation no|" \ -e "s|^[#]*PasswordAuthentication yes|PasswordAuthentication no|" \ -e "s|^[#]*LogLevel INFO|LogLevel VERBOSE|" \ + -e "s|^[#]*AuthorizedKeysFile.*|AuthorizedKeysFile %h/.ssh/authorized_keys %h/.ssh/authorized_keys_proxy|" \ /etc/ssh/sshd_config echo "UseDNS no" >> /etc/ssh/sshd_config From 5a477cbb373bfcb7a22e84a4ad4ed81c8ac420a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ste=CC=81phane=20Klein?= Date: Sun, 30 Sep 2018 22:02:26 +0200 Subject: [PATCH 2/2] =?UTF-8?q?Add=20=C2=AB=20Exposing=20ssh=20port=20in?= =?UTF-8?q?=20dockerized=20gitlab-ce=20=C2=BB=20section=20in=20README=20an?= =?UTF-8?q?d=20contrib/expose-gitlab-ssh-port.sh=20configuration=20script?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 2 ++ contrib/expose-gitlab-ssh-port.sh | 33 +++++++++++++++++++++++++++++++ docs/exposing-ssh-port.md | 8 ++++++++ 3 files changed, 43 insertions(+) create mode 100644 contrib/expose-gitlab-ssh-port.sh create mode 100644 docs/exposing-ssh-port.md diff --git a/README.md b/README.md index 6d65db58..eb8d5a13 100644 --- a/README.md +++ b/README.md @@ -52,6 +52,7 @@ - [External Issue Trackers](#external-issue-trackers) - [Host UID / GID Mapping](#host-uid--gid-mapping) - [Piwik](#piwik) + - [Exposing ssh port in dockerized gitlab-ce](docs/exposing-ssh-port.md) - [Available Configuration Parameters](#available-configuration-parameters) - [Maintenance](#maintenance) - [Creating Backups](#creating-backups) @@ -801,6 +802,7 @@ These options should contain something like: - `PIWIK_URL=piwik.example.org` - `PIWIK_SITE_ID=42` + ### Available Configuration Parameters *Please refer the docker run command options for the `--env-file` flag where you can specify all required environment variables in a single file. This will save you from writing a potentially long docker run command. Alternatively you can use docker-compose. docker-compose users and Docker Swarm mode users can also use the [secrets and config file options](#docker-secrets-and-configs)* diff --git a/contrib/expose-gitlab-ssh-port.sh b/contrib/expose-gitlab-ssh-port.sh new file mode 100644 index 00000000..51f5339e --- /dev/null +++ b/contrib/expose-gitlab-ssh-port.sh @@ -0,0 +1,33 @@ +#!/usr/bin/env bash +set -ev + +GITLAB_USERGROUP=${GITLAB_USERGROUP:-1010} +GITLAB_SSH_PORT=${GITLAB_SSH_PORT:-9922} + +if ! id -u git >> /dev/null 2>&1; then + groupadd -g ${GITLAB_USERGROUP} git + useradd -m -u ${GITLAB_USERGROUP} -g git -s /bin/sh -d /home/git git +fi +su git -c "mkdir -p /home/git/.ssh/" + +su git -c "if [ ! -f /home/git/.ssh/id_rsa ]; then ssh-keygen -t rsa -b 4096 -N \"\" -f /home/git/.ssh/id_rsa; fi" +su git -c "if [ -f /home/git/.ssh/id_rsa.pub ]; then mv /home/git/.ssh/id_rsa.pub /home/git/.ssh/authorized_keys_proxy; fi" + +mkdir -p /home/git/gitlab-shell/bin/ +rm -f /home/git/gitlab-shell/bin/gitlab-shell +tee -a /home/git/gitlab-shell/bin/gitlab-shell > /dev/null <