Capistrano 3: How to deploy when a firewall blocks your git repo

Sometimes, through some firewall or proxy misconfiguration, you might have to deploy to a server that cannot access the git repository.

Solution 1: HTTP Proxy (this is the preferred fix)

SSH can be tunneled over an HTTP Proxy. For example, when the repo is on github, use this:

  1. Install socat

  2. Add a ~/.ssh/config on the target server(s) with permission 0600 and this content:

      User git
      Port 443
      ProxyCommand socat - PROXY:<your proxyhost>:%h:%p,proxyport=<your proxyport>
  3. Set the repo url in your deploy.rb to ssh:// You cannot skip the ssh://.

  4. Deploy.

Solution 2: SSH tunnel

Follow these steps:

  1. Log in to the remote server and delete the cached repo (in project_root/repo).

  2. Open a separate SSH connection for each target server and forward an SSH port like this:

    ssh deploy-user@server -R     
  3. Set the repo url in your deploy.rb to ssh://git@localhost:1222/... (for our Gitlab, this would be ssh://git@localhost:1222/makandra/repo)
    Be sure to really use the ssh://, otherwise git will silently ignore the port and you'll end up with a confusing password prompt.

  4. Deploy.

Tobias Kraze