Unable to clone repo with SSH

General
1

I have a gitea server (with sub-path) working fine and installed with docker-compose behind an Apache reverse proxy.
I am trying to enable repo cloning with SSH, the problem is that the server keeps asking for the git user password and it seems that the server does not save the ssh public keys I enter in an authorized_keys file as it should.
Here is the configuration files I have:
docker-compose.yaml:

version: "3"

networks:
  gitea:
    external: false

services:
  server:
    image: gitea/gitea:latest
    environment:
      - ROOT_URL=https://myserver.fr/git/
      - USER_UID=1000
      - USER_GID=1000
      - GITEA__database__DB_TYPE=mysql
      - GITEA__database__DB_HOST=db:3306
      - GITEA__database__DB_NAME=gitea
      - GITEA__database__DB_USER=gitea
      - GITEA__database__DB_PASSWD=gitea
    restart: always
    networks:
      - gitea
    volumes:
      - /home/www/www-gitea/gitea_on_glaciere/data:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
      - "3000:3000"
      - "2222:2222"
    depends_on:
      - db

  db:
    image: mysql:5.7
    restart: always
    environment:
      - MYSQL_ROOT_PASSWORD=gitea
      - MYSQL_USER=gitea
      - MYSQL_PASSWORD=gitea
      - MYSQL_DATABASE=gitea
    networks:
      - gitea
    volumes:
      - ./mysql:/var/lib/mysql

app.ini (with relevant parts):

[...]
[repository]
ROOT            = /data/git/repositories
[...]
[server]
APP_DATA_PATH        = /data/gitea
HTTP_PORT            = 3000
ROOT_URL             = https://myserver.fr/git/
DISABLE_SSH          = false
SSH_DOMAIN           = myserver.fr/git
START_SSH_SERVER     = true
SSH_PORT             = 2222
SSH_LISTEN_PORT      = 2222
LFS_START_SERVER     = true
LFS_CONTENT_PATH     = /data/git/lfs

Apache reverse proxy (relevant part only):

[...]
    AllowEncodedSlashes NoDecode
    # Note: no trailing slash after either /git or port
    ProxyPass /git http://localhost:3000 nocanon
    ProxyPassReverse /git http://localhost:3000
[...]

If I enter in the running docker container, I see that the home directory of git user is at /data/git and the file /data/git/.ssh/authorized_keys exists but is empty although I added my key online.

When I try to clone it look like:

git clone ssh://git@myserver.fr/git:2222/me/myrepo.git

I get the server’s git user password asked. I changed the webserver git user password to see which git user it was, and it appears that it is not the one in the docker container, but the one on the webserver…

What configuration did I miss ?

2

Try git clone ssh://git@myserver.fr:2222/me/myrepo.git instead. Your original command is treating /git:2222/ as a folder name instead of port. Also note SSH and HTTP are complete different protocols, so the /git in your Apache config has no effect on SSH server.

You should also change SSH_DOMAIN = myserver.fr/git to SSH_DOMAIN = myserver.fr so this is reflected in the web interface.

3

Thanks for your answer Jake !
Now I got ssh: connect to host myserver.fr port 2222: Operation timed out

I figured that the port is blocked by the firewall, so I asked the people in charge to open the port and I will test again and report back.

4

That’s it, everything works now. I had to manage also my iptables.