Page MenuHomePhabricator
Create Task
Maniphest T11882

Suggestion for easier port handling when setting up phabricator as a git repo
Closed, ResolvedPublic
Actions

Description

At https://secure.phabricator.com/book/phabricator/article/diffusion_hosting/ it suggests several ways to deal with the fact the git-ssh server can't (easily) be on port 22. It says: "The easiest way to fix this is to put a load balancer in front of the host and have it forward TCP traffic on port 22 to port 2222."

But I think there's a way that may be easier in practice, which is what we do: use .ssh/config to specify the port. The way it works is you set up a CNAME to point to your host, for use by git (git.myorg.com or phabricator-git.myorg.com or whatever). Then you have all your users put this into their .ssh/config:

Host phabricator-git
HostName phabricator-git.myorg.com
Port 2222

Then they can do git clone git@phabricator-git:<repo> and it automatically uses port 2222.

I'd suggest adding this to the documentation, maybe as the first suggestion. It does require all users to take some action, but is easier to set up than the alternatives.

Revisions and Commits

rP Phabricator
D16894rPa590e0e753e8 Document even more ways to manage `sshd` ports

Related Objects

Event Timeline

csilvers created this task.Nov 16 2016, 5:58 PM
Herald added a subscriber: sophiebits. · View Herald TranscriptNov 16 2016, 5:58 PM
epriestley added a subscriber: epriestley.Nov 16 2016, 6:17 PM

I made the claim that this is the easiest way because my experience is that "have all your users do something" is always harder than "do something yourself", at least in the roles I held at Facebook and here. I'd gladly solder pins on the motherboard if I didn't have to tell users to make a simple configuration change.

We can add this as a suggestion.

csilvers added a comment.Nov 16 2016, 6:21 PM

Fair enough.

epriestley closed this task as Wontfix.Nov 17 2016, 12:46 AM
epriestley claimed this task.

Actually, this also means that users can't copy/paste the thing in the web UI, right? They'll need to copy "ssh://secure@secure.phabricator.com/source/phabricator.git" from the web UI, manually edit the URI to have their host alias, then execute the command?

This will also prevent us from looking up the repository by using the origin URI. Currently, we can identify which repository you're working in by comparing the remote URI to known repository URIs. If you've changed the hostname to a local alias, this won't work.

I feel like you must have some extremely sophisticated and diligent users if the wheels didn't fall off this thing immediately. Overall, I think recommending this approach is just asking for trouble.

epriestley added a comment.Nov 17 2016, 12:47 AM

Too bad too because I was going to write a great joke about soldering port 22 to port 2222 on your motherboard.

csilvers reopened this task as Open.Nov 17 2016, 9:56 PM

I didn't realize all the issues around munging urls in the UI.

But it turns out you can have Host and HostName be the same thing, and ssh does the right thing. So the example would be:

Host phabricator-git.myorg.com
HostName phabricator-git.myorg.com
Port 2222

I've re-opened it, mostly so you can still get your joke in. I definitely see your point that telling users to do something is a sysadmin nightmare.

csilvers added a comment.EditedNov 17 2016, 9:57 PM

(In fact, HostName seems to default to Host, so you could just do

Host phabricator-git.myorg.com
Port 2222

)

epriestley added a comment.Nov 17 2016, 10:03 PM

Okay, whew. Losing the opportunity for that joke was really keeping me up last night.

avivey added a subscriber: avivey.EditedNov 17 2016, 10:16 PM

(You can also add user:

host gh github.com
     hostname github.com
     user git
$ ssh -T gh
Hi avivey! You've successfully authenticated, but GitHub does not provide shell access.

)

epriestley added a revision: D16894: Document even more ways to manage `sshd` ports.Nov 17 2016, 10:42 PM
epriestley closed this task as Resolved by committing rPa590e0e753e8: Document even more ways to manage `sshd` ports.Nov 17 2016, 10:47 PM
epriestley added a commit: rPa590e0e753e8: Document even more ways to manage `sshd` ports.
epriestley mentioned this in T12771: Users can mistakenly create revisions with no repository through confusion or misconfiguration.May 29 2017, 2:41 PM
Phabricator · Built by Phacility