Page MenuHomePhabricator

Suggestion for easier port handling when setting up phabricator as a git repo
Closed, ResolvedPublic

Description

At https://secure.phabricator.com/book/phabricator/article/diffusion_hosting/ it suggests several ways to deal with the fact the git-ssh server can't (easily) be on port 22. It says: "The easiest way to fix this is to put a load balancer in front of the host and have it forward TCP traffic on port 22 to port 2222."

But I think there's a way that may be easier in practice, which is what we do: use .ssh/config to specify the port. The way it works is you set up a CNAME to point to your host, for use by git (git.myorg.com or phabricator-git.myorg.com or whatever). Then you have all your users put this into their .ssh/config:

Host phabricator-git
HostName phabricator-git.myorg.com
Port 2222

Then they can do git clone git@phabricator-git:<repo> and it automatically uses port 2222.

I'd suggest adding this to the documentation, maybe as the first suggestion. It does require all users to take some action, but is easier to set up than the alternatives.

Event Timeline

I made the claim that this is the easiest way because my experience is that "have all your users do something" is always harder than "do something yourself", at least in the roles I held at Facebook and here. I'd gladly solder pins on the motherboard if I didn't have to tell users to make a simple configuration change.

We can add this as a suggestion.

epriestley claimed this task.

Actually, this also means that users can't copy/paste the thing in the web UI, right? They'll need to copy "ssh://secure@secure.phabricator.com/source/phabricator.git" from the web UI, manually edit the URI to have their host alias, then execute the command?

This will also prevent us from looking up the repository by using the origin URI. Currently, we can identify which repository you're working in by comparing the remote URI to known repository URIs. If you've changed the hostname to a local alias, this won't work.

I feel like you must have some extremely sophisticated and diligent users if the wheels didn't fall off this thing immediately. Overall, I think recommending this approach is just asking for trouble.

Too bad too because I was going to write a great joke about soldering port 22 to port 2222 on your motherboard.

I didn't realize all the issues around munging urls in the UI.

But it turns out you can have Host and HostName be the same thing, and ssh does the right thing. So the example would be:

Host phabricator-git.myorg.com
HostName phabricator-git.myorg.com
Port 2222

I've re-opened it, mostly so you can still get your joke in. I definitely see your point that telling users to do something is a sysadmin nightmare.

(In fact, HostName seems to default to Host, so you could just do

Host phabricator-git.myorg.com
Port 2222

)

Okay, whew. Losing the opportunity for that joke was really keeping me up last night.

(You can also add user:

host gh github.com
     hostname github.com
     user git
$ ssh -T gh
Hi avivey! You've successfully authenticated, but GitHub does not provide shell access.

)