Read more

Capistrano 3: How to deploy when a firewall blocks your git repo

Tobias Kraze
May 26, 2017Software engineer at makandra GmbH

Sometimes, through some firewall or proxy misconfiguration, you might have to deploy to a server that cannot access the git repository.

Solution 1: HTTP Proxy (this is the preferred fix)

Illustration online protection

Rails Long Term Support

Rails LTS provides security patches for old versions of Ruby on Rails (2.3, 3.2, 4.2 and 5.2)

  • Prevents you from data breaches and liability risks
  • Upgrade at your own pace
  • Works with modern Rubies
Read more Show archive.org snapshot

SSH can be tunneled over an HTTP Proxy. For example, when the repo is on github, use this:

  1. Install socat

  2. Add a ~/.ssh/config on the target server(s) with permission 0600 and this content:

    Host github.com ssh.github.com
      User git
      Hostname ssh.github.com
      Port 443
      ProxyCommand socat - PROXY:<your proxyhost>:%h:%p,proxyport=<your proxyport>
    
  3. Set the repo url in your deploy.rb to ssh://git@github.com/.... You cannot skip the ssh://.

  4. Deploy.

Solution 2: SSH tunnel

Follow these steps:

  1. Log in to the remote server and delete the cached repo (in project_root/repo).

  2. Open a separate SSH connection for each target server and forward an SSH port like this:

    ssh deploy-user@server -R 1222:git.host:22     
    
  3. Set the repo url in your deploy.rb to ssh://git@localhost:1222/... (for our Gitlab, this would be ssh://git@localhost:1222/makandra/repo)
    Be sure to really use the ssh://, otherwise git will silently ignore the port and you'll end up with a confusing password prompt.

  4. Deploy.

Posted by Tobias Kraze to makandra dev (2017-05-26 11:04)