Read more

Capistrano 3: How to deploy when a firewall blocks your git repo

Tobias Kraze
May 26, 2017Software engineer at makandra GmbH

Sometimes, through some firewall or proxy misconfiguration, you might have to deploy to a server that cannot access the git repository.

Solution 1: HTTP Proxy (this is the preferred fix)

Illustration UI/UX Design

UI/UX Design by makandra brand

We make sure that your target audience has the best possible experience with your digital product. You get:

  • Design tailored to your audience
  • Proven processes customized to your needs
  • An expert team of experienced designers
Read more Show archive.org snapshot

SSH can be tunneled over an HTTP Proxy. For example, when the repo is on github, use this:

  1. Install socat

  2. Add a ~/.ssh/config on the target server(s) with permission 0600 and this content:

    Host github.com ssh.github.com
      User git
      Hostname ssh.github.com
      Port 443
      ProxyCommand socat - PROXY:<your proxyhost>:%h:%p,proxyport=<your proxyport>
    
  3. Set the repo url in your deploy.rb to ssh://git@github.com/.... You cannot skip the ssh://.

  4. Deploy.

Solution 2: SSH tunnel

Follow these steps:

  1. Log in to the remote server and delete the cached repo (in project_root/repo).

  2. Open a separate SSH connection for each target server and forward an SSH port like this:

    ssh deploy-user@server -R 1222:git.host:22     
    
  3. Set the repo url in your deploy.rb to ssh://git@localhost:1222/... (for our Gitlab, this would be ssh://git@localhost:1222/makandra/repo)
    Be sure to really use the ssh://, otherwise git will silently ignore the port and you'll end up with a confusing password prompt.

  4. Deploy.

Posted by Tobias Kraze to makandra dev (2017-05-26 11:04)