SSH Forwarding Plan for Gitea #1

New Issue

Closed

opened 2017-12-25 14:35:49 +00:00 by nemo · 1 comment

nemo commented

2017-12-25 14:35:49 +00:00

Owner

Currently, gitea is only working over HTTPS, so clone setups are hard to do. I want to keep gitea's SSH server completely separate from the host ssh, so I have to setup SSH forwarding twice.

The plan is:

SSH forwarding on the Digital Ocean VPN over the Anchor IP
To blackbox port 2222
Which is forwarded to gitea 2222

The (1-2) forwarding is via simpleproxy, (2-3) is via docker itself.

Gitea doesn't support fail2ban, but there is a plan to add support for BadActor: https://github.com/go-gitea/gitea/issues/2905.

Currently, gitea is only working over HTTPS, so clone setups are hard to do. I want to keep gitea's SSH server completely separate from the host ssh, so I have to setup SSH forwarding twice. The plan is: 1. SSH forwarding on the Digital Ocean VPN over the Anchor IP 2. To blackbox port 2222 3. Which is forwarded to gitea 2222 The (1-2) forwarding is via simpleproxy, (2-3) is via docker itself. Gitea doesn't support fail2ban, but there is a plan to add support for BadActor: https://github.com/go-gitea/gitea/issues/2905.

nemo commented

2017-12-26 16:44:40 +00:00

Author

Owner

sshd doesn't allow me to listen on an interface, only an IP address (or all interfaces). Since the interface I want sshd to listen to is the DO changing IP, it wasn't possible.

Instead switched the ports:

22 -> simpleproxy -> 10.8.0.14:2222 -> gitea:22
222 -> sshd

This means I have to switch the ssh port to 222 in my config files elsewhere, but that's fine.

`sshd` doesn't allow me to listen on an interface, only an IP address (or all interfaces). Since the interface I want sshd to listen to is the DO changing IP, it wasn't possible. Instead switched the ports: ``` 22 -> simpleproxy -> 10.8.0.14:2222 -> gitea:22 222 -> sshd ``` This means I have to switch the ssh port to 222 in my config files elsewhere, but that's fine.