2

I have a VM with only Nginx and Docker on it. I got a certificate from let´s encrypt for my domain. Inside a docker container I have a GitLab installed. Now I´m trying to reach the GitLab through my Nginx Proxy.

My problem is the SSH access to GitLab, because when I try to redirect the SSH Traffic to my Docker via a stream in Nginx, i got the error "address already in use".

In the Docker I have a adress like "127.240.0.1:22:22" and in Nginx I´m redirecting from gitlab.xyz to 127.240.0.1:22 with proxy_pass on TCP port 22. But this don´t work.

Have you any suggestions? Thank you!

Improve this question

1 Answer 1

Reset to default
1

Sadly this won't work. HTTP(s) clients send a Host header which indicates what address they are trying to reach (gitlab.xyz).

For raw TCP, there isn't a Host header so there is no way to figure out what container should receive the request.

You're getting the "address already in use" because your host already uses port 22/tcp.

We had the same problem and supplied the host with a second IP on which the DNS-Alias redirects. We know all connections to this IP are supposed to go to gitlab. This means you wouldn't even need a reverse-proxy, since you can just open the ports directly into the container. (-p new.gitlab.ip:22:22)

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

And how do you do the handling of SSL? Inside the gitlab docker?
I'm not quite sure how we've handled it, as I currently have no access to the system. But afaik you can still handle all other traffic to gitlab through the reverse-proxy, with the exception of SSH. You could also get the certificates into the container via volume and have a "normal" SSL handling with the nginx inside the container (assuming you're using an omnibus installation).
I tried your approach to my AWS EC2 instance, but I always get the error: "bind: cannot assign requested address". The Syntax is like: "ports: - '1.2.3.4:1337:1337'" and 1.2.3.4 is for example my AWS elastic IP
Can you add another answer with the output of docker version, your new steps to reproduce, your docker-compose.yml and the output of netstat -tulpn please? Also I'm assuming you've checked that the IP is actually assigned to the server with ifconfig (I don't know how AWS elastic IPs work)
The last problem I have is to assign my second Elastic IP to the EC2 Instance, thank you! I will make a new question for that.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.