AWS Load Balancer Git SSH 端口克隆错误
AWS Load Balancer Git Clone error over SSH Port
总结
我们创建了一个 EC2 实例并安装了 Gitlab,之后我们创建了一个 Application Load Balancer,我们通过 HTTPS 配置了一个子域,一切正常,我们创建了一个新的存储库,添加我们的 ssh-keys,如果我们克隆 HTTPS 一切正常,但通过 SSH 我们不能克隆它,因为这个错误:
`ssh: connect to host gitlab.our.subdomain port 22: Connection refused`
重现步骤
- 创建了一个新的 EC2 并安装了 Gitlab
- 配置Gitlab:
- external_url 'https://gitlab.our.subdomain/'
- nginx['redirect_http_to_https'] = true
- nginx['redirect_http_to_https_port'] = 80
- nginx['listen_port'] = 80
- nginx['listen_https'] = false
- "X-Forwarded-Proto" => "https",
- "X-Forwarded-Ssl" => "on"
3.- 设置 EC2 和 ALB 权限
当前的 bug 行为是什么?
```
git clone git@gitlab.our.subdomain:ucrea/ucrea_portal.git
Cloning into 'ucrea_portal'...
ssh: connect to host gitlab.realhost.cloud port 22: Connection refused
```
预期的正确行为是什么?
通过 SSH 克隆项目
相关日志
```
git clone git@gitlab.realhost.cloud:ucrea/ucrea_portal.git
Cloning into 'ucrea_portal'...
ssh: connect to host gitlab.our.dubdomain port 22: Connection refused
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
```
包版本详情
经销商编号:Ubuntu
说明:Ubuntu 18.04.1 LTS
发布:18.04
代号:bionic
```
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-============================================================-===================================-===================================-==============================================================================================================================
ii gitlab-ce 11.3.4-ce.0 amd64 GitLab Community Edition (including NGINX, Postgres, Redis)
un gitlab-ee <none> <none> (no description available)
```
环境详细信息
- 操作系统:Ubuntu 18.04.1 LTS
- 安装目标,删除不正确的值:
- EC2
- 虚拟机:AWS
- 其他:应用程序负载均衡器
- 安装类型,删除不正确的值:
- 新安装
- 从版本 11.3.4-ce.0 升级
- 其他:11.3.4-ce.0
配置详情
- external_url 'https://gitlab.our.subdomain/'
- nginx['redirect_http_to_https'] = true
- nginx['redirect_http_to_https_port'] = 80
- nginx['listen_port'] = 80
- nginx['listen_https'] = false
- "X-Forwarded-Proto" => "https",
- "X-Forwarded-Ssl" => "on"
@Ulises
使用经典的弹性负载均衡器,允许入口端口 80、22 和安全组。
总结
我们创建了一个 EC2 实例并安装了 Gitlab,之后我们创建了一个 Application Load Balancer,我们通过 HTTPS 配置了一个子域,一切正常,我们创建了一个新的存储库,添加我们的 ssh-keys,如果我们克隆 HTTPS 一切正常,但通过 SSH 我们不能克隆它,因为这个错误:
`ssh: connect to host gitlab.our.subdomain port 22: Connection refused`
重现步骤
- 创建了一个新的 EC2 并安装了 Gitlab
- 配置Gitlab:
- external_url 'https://gitlab.our.subdomain/'
- nginx['redirect_http_to_https'] = true
- nginx['redirect_http_to_https_port'] = 80
- nginx['listen_port'] = 80
- nginx['listen_https'] = false
- "X-Forwarded-Proto" => "https",
- "X-Forwarded-Ssl" => "on"
3.- 设置 EC2 和 ALB 权限
当前的 bug 行为是什么?
```
git clone git@gitlab.our.subdomain:ucrea/ucrea_portal.git
Cloning into 'ucrea_portal'...
ssh: connect to host gitlab.realhost.cloud port 22: Connection refused
```
预期的正确行为是什么?
通过 SSH 克隆项目
相关日志
```
git clone git@gitlab.realhost.cloud:ucrea/ucrea_portal.git
Cloning into 'ucrea_portal'...
ssh: connect to host gitlab.our.dubdomain port 22: Connection refused
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
```
包版本详情
经销商编号:Ubuntu 说明:Ubuntu 18.04.1 LTS 发布:18.04 代号:bionic
```
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-============================================================-===================================-===================================-==============================================================================================================================
ii gitlab-ce 11.3.4-ce.0 amd64 GitLab Community Edition (including NGINX, Postgres, Redis)
un gitlab-ee <none> <none> (no description available)
```
环境详细信息
- 操作系统:Ubuntu 18.04.1 LTS
- 安装目标,删除不正确的值:
- EC2
- 虚拟机:AWS
- 其他:应用程序负载均衡器
- 安装类型,删除不正确的值:
- 新安装
- 从版本 11.3.4-ce.0 升级
- 其他:11.3.4-ce.0
配置详情
- external_url 'https://gitlab.our.subdomain/'
- nginx['redirect_http_to_https'] = true
- nginx['redirect_http_to_https_port'] = 80
- nginx['listen_port'] = 80
- nginx['listen_https'] = false
- "X-Forwarded-Proto" => "https",
- "X-Forwarded-Ssl" => "on"
@Ulises 使用经典的弹性负载均衡器,允许入口端口 80、22 和安全组。