I’m trying to set up GitLab on my home server. HTTPS is working and I can get to GitLab’s interface, but SSH is not and thus I can’t push code to the server.
Here is the setup:
Cloudflare <--> Reverse Proxy (nginx, hosted on Digital Ocean) <--- VPN ---> Untangle Firewall <--> GitLab Server (on ESXi)
If I try to SSH directly from the Reverse Proxy to the GitLab server (over VPN connection), it works perfect.
If I try to SSH from my laptop using the domain name, I get:
kex_exchange_identification: Connection closed by remote host
Connection closed by 104.31.73.156 port 2095
If I try to SSH from my laptop using the Reverse Proxy’s IP (thus cutting out Cloudflare), I get:
Bad packet length 1231976033.
ssh_dispatch_run_fatal: Connection to {{ IP }} port 2095: message authentication code incorrect
I’m currently trying to use the nginx stream module to do so, and this is the stream setup:
stream {
upstream git-ssh {
server {{INTERNAL GITLAB IP}}:22;
}
server {
listen 2095;
proxy_pass {{INTERNAL GITLAB IP}}:22;
proxy_protocol on;
}
}
The reason I have upstream git-ssh and then don’t use it was because I was wondering if that was the problem, but it makes no difference if I use it or not.
I’m not familiar with iptables, but I tried the following commands:
sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2095 -j DNAT --to-destination {{GITLAB IP}}:22
sudo iptables -t nat -A POSTROUTING -o eth0 -p tcp --dport 2095 -j SNAT --to-source {{PROXY IP}}
But it didn’t seem to work. ssh just sits there returning nothing and eventually times out.
I am lost now, and was hoping someone could give me pointers?
Go to Source
Author: Cody Dostal