Vps

SSH連接在gitea中不起作用

  • July 9, 2020

我已經使用 docker-compose 設置了 gitea,我機器的外部 SSH 埠是 4444,我在 sshd_config 中設置

version: '2'
volumes:
 gitea:
 postgres:
networks:
 gitea:
   external: false

services:
 server:
   image: gitea/gitea:latest
   env_file:
     - .env
   restart: always
   networks:
     - gitea
   volumes:
     - gitea:/data
     - /etc/timezone:/etc/timezone:ro
     - /etc/localtime:/etc/localtime:ro
   ports:
     - "3000:3000"
     - "2222:22"
   depends_on:
     - postgres
 postgres:
     image: postgres:9.6
     restart: always
     env_file:
       - gittea_db.env
     networks:
       - gitea
     ports:
       - "5432:5432"
     volumes:
       - postgres:/var/lib/postgresql/data

以下是 .env 文件

USER_UID=1002
USER_GID=1001
DB_TYPE=postgres
DB_HOST=postgres:5432
DB_NAME=gittea
DB_USER=gittea
DB_PASSWD=password12
INSTALL_LOCK=True
APP_NAME=myapp
RUN_MODE=prod
DOMAIN=source.smarticlelabs.com
ROOT_URL=https://source.smarticlelabs.com
SSH_LISTEN_PORT=22
SSH_PORT=2222

但是當我在添加我的 ssh 密鑰後嘗試複製一個 repo 時,我收到了這個錯誤

git clone ssh://git@51.15.245.237:2222/superadmin/testrepo.git
Cloning into 'testrepo'...
ssh: connect to host 51.15.245.237 port 2222: Connection refused
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

正如其他人指出的那樣,這實際上可能是防火牆問題。

要解決這個問題,您首先應該驗證您的容器實際上正在執行docker-compose ps

# docker-compose ps
Name                Command               State           Ports         
-------------------------------------------------------------------------
server               [cmd ...]             Up              0.0.0.0:22->2222/tcp

接下來,您應該檢查您的Docker主機,該埠實際上是通過以下方式公開的netstat -lpn|grep -i 2222

# netstat -lpn|grep -i 2222
tcp6       0      0 :::2222                 :::*                    LISTEN      7216/docker-proxy-c

這也應該與本地Docker主機防火牆匹配iptables-save|grep -i 2222

# iptables-save|grep -i 2222
-A POSTROUTING -s 172.18.0.2/32 -d 172.18.0.2/32 -p tcp -m tcp --dport 2222 -j MASQUERADE
-A DOCKER ! -i br-0383ea873b82 -p tcp -m tcp --dport 2222 -j DNAT --to-destination 172.18.0.2:2222
-A DOCKER -d 172.18.0.2/32 ! -i br-0383ea873b82 -o br-0383ea873b82 -p tcp -m tcp --dport 2222 -j ACCEPT

如果所有這些檢查都是肯定的,則可能是您的 Internet IP上的外部防火牆存在問題51.15.245.237

您可以通過從與您的Docker主機位於同一 IntraNet 上的另一台主機連接來檢查這一點。

引用自:https://serverfault.com/questions/1018064