I have setup Gitea on an Ubuntu server using this docker-compose config:
version: '3.9'
services:
db:
image: docker.io/bitnami/postgresql:15
volumes:
- 'db_data:/bitnami/postgresql'
environment:
- POSTGRESQL_DATABASE=gitea
- POSTGRESQL_USERNAME=gitea
- POSTGRESQL_PASSWORD=gitea
gitea:
image: docker.io/bitnami/gitea:1
volumes:
- 'gitea_data:/bitnami/gitea'
environment:
- GITEA_DATABASE_HOST=db
- GITEA_DATABASE_NAME=gitea
- GITEA_DATABASE_USERNAME=gitea
- GITEA_DATABASE_PASSWORD=gitea
- GITEA_ADMIN_USER=example
- GITEA_ADMIN_PASSWORD=example
- GITEA_ADMIN_EMAIL=admin@example.com
- GITEA_APP_NAME=Example Technologies
- GITEA_DOMAIN=gitea.example.com
- GITEA_SSH_DOMAIN=gitea.example.com
- GITEA_SSH_PORT=22
- GITEA_ROOT_URL=https://gitea.example.com/
- GITEA_SMTP_ENABLED=true
- GITEA_SMTP_HOST=smtp-relay.gmail.com:25
- GITEA_SMTP_FROM=server@example.com
ports:
- '5050:3000'
- '22:2222'
volumes:
db_data:
gitea_data:
My regular ssh service runs on port 1026, so should be no port conflicts, here is my UFW
status:
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip
To Action From
80,443/tcp (Apache Full) ALLOW IN Anywhere
Anywhere on docker0 ALLOW IN 172.17.0.0/16
1026/tcp ALLOW IN Anywhere
22/tcp ALLOW IN Anywhere
80,443/tcp (Apache Full (v6)) ALLOW IN Anywhere (v6)
1026/tcp (v6) ALLOW IN Anywhere (v6)
22/tcp (v6) ALLOW IN Anywhere (v6)
When trying to connect from a remote machine with ssh as a test:
ssh git@gitea.example.com
ssh: connect to host gitea.example.com port 22: Connection refused
However testing locally on the server, over ssh on port 1026, I get this when executing the same command on the server:
ssh git@gitea.example.com
git@gitea.example.com: Permission denied (publickey).
So I am really not sure what is going on, its like incoming remote traffic to port 22 is being blocked, but even with UFW disabled I still recieve “Connection refused” when trying to connect from a remote machine.
I have also tried using tcpdump to see what is happening but can only see that nothing responds on port 22 to the incoming packets from a remote connection, again when connecting over port 22 locally on the server running gitea, I see normal TCP traffic for initiating an SSH connection.
I have looked through IP tables and the only lines referencing port 22 I could find began with ACCEPT.
In the logs from the gitea container I can see the following indicating the SSH server is configured correctly to start on port 2222:
gitea-gitea-1 | 2023/05/25 09:57:29 ...s/graceful/server.go:62:NewServer() [I] [646f3109-19] Starting new SSH server: tcp::2222 on PID: 1
gitea-gitea-1 | 2023/05/25 09:57:29 cmd/web.go:220:listen() [I] [646f3109-27] Listen: http://0.0.0.0:3000
gitea-gitea-1 | 2023/05/25 09:57:29 cmd/web.go:224:listen() [I] [646f3109-27] AppURL(ROOT_URL): https://gitea.example.com/
gitea-gitea-1 | 2023/05/25 09:57:29 ...s/graceful/server.go:62:NewServer() [I] [646f3109-27] Starting new Web server: tcp:0.0.0.0:3000 on PID: 1
Can anyone provide any advice what might be going wrong here or how I can go about getting to the bottom of it?
