Cannot reach docker container port for gitlab ssh

Question

I have setup a gitlab server with the gitlab ce docker container. This is my docker-compose.yml

version: "3.7"
services:
  web:
    image: 'gitlab/gitlab-ee:latest'
    restart: always
    hostname: '<URL>'
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        external_url '<URL>'
        nginx['listen_port'] = 80
        nginx['listen_https'] = false
        gitlab_rails['gitlab_shell_ssh_port'] = 2224
    ports:
      - '8929:80'
      - '2224:22'
    volumes:
      - '/var/www/gitlab/config:/etc/gitlab'
      - '/var/www/gitlab/logs:/var/log/gitlab'
      - '/var/www/gitlab/data:/var/opt/gitlab'

Netstat -tnlp | grep 2224:

tcp6       0      0 :::2224                 :::*                    LISTEN      32627/docker-proxy

I can reach the container with ssh git@localhost -p 2224 from the docker host but not from the internet on the public ip address.

I have added a rule to ufw and also tried to disable it but it didn't help. The nginx proxy to port 8929 works without any problems. Just the ssh cloning and connection in general does not work.

I run Ubuntu 18.04 and there is no additional firewall like security groups in AWS.

Did anybody have a similar problem or maybe knows where I could dig deeper?

Answer 1

Okay, I solved it, and maybe I can help somebody else:

A friend of mine configured this workaround here in /etc/ufw/after.rules https://github.com/chaifeng/ufw-docker

We also disabled port 22 in ufw before because we changed the ssh port on the host.

This led to having port 22 also blocked for the docker-proxy, and opening port 2224 didn't solve anything.

When I used ufw route allow proto tcp from any to any port 22 it worked.