Capistrano 3: How to deploy when a firewall blocks your git repo

Updated . Posted . Visible to the public.

Sometimes, through some firewall or proxy misconfiguration, you might have to deploy to a server that cannot access the git repository.

Solution 1: HTTP Proxy (this is the preferred fix)

SSH can be tunneled over an HTTP Proxy. For example, when the repo is on github, use this:

  1. Install socat

  2. Add a ~/.ssh/config on the target server(s) with permission 0600 and this content:

    Host github.com ssh.github.com
  User git
  Hostname ssh.github.com
  Port 443
  ProxyCommand socat - PROXY:<your proxyhost>:%h:%p,proxyport=<your proxyport>

  3. Set the repo url in your deploy.rb to ssh://git@github.com/.... You cannot skip the ssh://.

  4. Deploy.

Solution 2: SSH tunnel

Follow these steps:

  1. Log in to the remote server and delete the cached repo (in project_root/repo).

  2. Open a separate SSH connection for each target server and forward an SSH port like this:

    ssh deploy-user@server -R 1222:git.host:22

  3. Set the repo url in your deploy.rb to ssh://git@localhost:1222/... (for our Gitlab, this would be ssh://git@localhost:1222/makandra/repo)
    Be sure to really use the ssh://, otherwise git will silently ignore the port and you'll end up with a confusing password prompt.

  4. Deploy.

Profile picture of Tobias Kraze
Tobias Kraze
makandra.de
Say thanks1
Last edit
Arne Hartherz
License
Source code in this card is licensed under the MIT License.
Posted by Tobias Kraze to makandra dev (2017-05-26 09:04)
This website uses short-lived cookies to improve usability.
or learn more