0

Not really sure where to go here. I'm stuck. I've got a git repository (call it hostname Git) running on a local VM that I can access locally via [email protected], I can have my router forward any port to Git and I can access git via git@, but I cannot access it via domain ([email protected]) and I'm not really sure what I should be doing.

Basically, the git repo runs in a docker container on a VM. I've changed the ports around such that the container is bound to port 22 on the host, the host SSH is tied to port 4242, and the home router is set to forward traffic from external port 8022 to Git on port 22. Again, up till here everything is working peachy.

Then I went to my proxy hosted on a AWS EC2 instance and again tweaked the ports such that the host VM was running SSH on port 4242. This machine is running a simple HAProxy setup to forward HTTP/HTTPS traffic based on domain. I tried to set up SSH forwarding through HA Proxy - but I'm discovering that apparently isn't really possible... Maybe my config could help someone imagine what I'm trying to solve here...

global
        log 127.0.0.1 local0 notice
        maxconn 2000
        user haproxy
        group haproxy

defaults
        log     global
        mode    http
        option  ssl-hello-chk
        option  dontlognull
        retries 3
        option redispatch
        timeout connect 5000
        timeout client  50000
        timeout server  50000
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http

frontend ssh
        mode tcp
        bind *:22 ssl crt /etc/ssl/mydomain.io/mydomain.io.pem
        default_backend gitlab-ssh22

frontend mydomain.io-gitlab
        bind *:80

        acl docker-acl hdr_end(host) -i docker.mydomain.io
        acl gitlab-acl hdr_end(host) -i gitlab.mydomain.io
        acl test-acl hdr_end(host) -i test.mydomain.io

        use_backend gitlab-bk80 if docker-acl
        use_backend gitlab-bk80 if gitlab-acl
        use_backend test-bk80 if test-acl

        default_backend none-bk

frontend mydomain.io-gitlab-https
        bind *:443 ssl alpn h2 strict-sni crt /etc/ssl/mydomain.io/mydomain.io.pem
        stats uri /haproxy?stats

        acl docker-acl hdr_end(host) -i docker.mydomain.io
        acl gitlab-acl hdr_end(host) -i gitlab.mydomain.io

        use_backend gitlab-bk443 if docker-acl
        use_backend gitlab-bk443 if gitlab-acl

        default_backend none-bk

#       acl letsencrypt-acl path_beg /.well-known/acme-challenge/
#       use_backend letsencrypt if letsencrypt-acl

frontend mydomain.io-docker
        bind *:5000 ssl alpn h2 strict-sni crt /etc/ssl/mydomain.io/mydomain.io.pem
        default_backend docker-bk5000


backend gitlab-ssh22
        mode tcp
        server gitlab22 24.x.x.x:8022 check

backend gitlab-bk80
        server gitlab80 24.x.x.x:8080

backend gitlab-bk443
        server gitlab443 24.x.x.x:8443 ssl verify none maxconn 1000

backend docker-bk5000
        server docker5000 24.x.x.x:5000 ssl verify none maxconn 1000

backend test-bk80
        server test 24.x.x.x:5001 maxconn 1000

Any time I attempt to checkout or clone or push...anything it kicks back an error:

>git push -u origin master

kex_exchange_identification: Connection closed by remote host

Connection closed by 23.x.x.x port 22

fatal: Could not read from remote repository.
Improve this question
2
  • I suspect terminating ssl in the ssh frontend is causing the problem. If you update it to be bind *:22 does the issue persist? Commented May 6, 2021 at 19:05
  • Sadly, It does :( Commented May 7, 2021 at 8:29

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.