I have setup Gitea on an Ubuntu server using this docker-compose config:
version: '3.9' services: db: image: docker.io/bitnami/postgresql:15 volumes: - 'db_data:/bitnami/postgresql' environment: - POSTGRESQL_DATABASE=gitea - POSTGRESQL_USERNAME=gitea - POSTGRESQL_PASSWORD=gitea gitea: image: docker.io/bitnami/gitea:1 volumes: - 'gitea_data:/bitnami/gitea' environment: - GITEA_DATABASE_HOST=db - GITEA_DATABASE_NAME=gitea - GITEA_DATABASE_USERNAME=gitea - GITEA_DATABASE_PASSWORD=gitea - GITEA_ADMIN_USER=example - GITEA_ADMIN_PASSWORD=example - GITEA_ADMIN_EMAILfirstname.lastname@example.org - GITEA_APP_NAME=Example Technologies - GITEA_DOMAIN=gitea.example.com - GITEA_SSH_DOMAIN=gitea.example.com - GITEA_SSH_PORT=22 - GITEA_ROOT_URL=https://gitea.example.com/ - GITEA_SMTP_ENABLED=true - GITEA_SMTP_HOST=smtp-relay.gmail.com:25 - GITEA_SMTP_FROMemail@example.com ports: - '5050:3000' - '22:2222' volumes: db_data: gitea_data:
My regular ssh service runs on port 1026, so should be no port conflicts, here is my UFW status:
Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), deny (routed) New profiles: skip To Action From -- ------ ---- 80,443/tcp (Apache Full) ALLOW IN Anywhere Anywhere on docker0 ALLOW IN 172.17.0.0/16 1026/tcp ALLOW IN Anywhere 22/tcp ALLOW IN Anywhere 80,443/tcp (Apache Full (v6)) ALLOW IN Anywhere (v6) 1026/tcp (v6) ALLOW IN Anywhere (v6) 22/tcp (v6) ALLOW IN Anywhere (v6)
When trying to connect from a remote machine I get the following:
ssh firstname.lastname@example.org ssh: connect to host gitea.example.com port 22: Connection refused
However testing locally on the server, over ssh on port 1026, I get this when executing the same command on the server:
ssh email@example.com firstname.lastname@example.org: Permission denied (publickey).
So I am really not sure what is going on, its like incoming remote traffic to port 22 is being blocked, but even with UFW disabled I still recieve “Connection refused” when trying to connect in a remote machine.
I have also tried using tcpdump to see what is happening but can only see that nothing responds on port 22 to the incoming packets from a remote connection, again when connecting over port 22 locally on the server running gitea, I see normal TCP traffic for initiating an SSH connection.
I have looked through IP tables and the only lines referencing port 22 I could find began with ACCEPT.
Can anyone provide any advice what might be going wrong here or how I can go about getting to the bottom of it?