Allow modifying the sshd listen port

KashifSaadat · KashifSaadat · commit be2d9a870f93 · 2020-03-02T16:46:22.000Z
diff --git a/README.md b/README.md
@@ -864,7 +864,8 @@ Below is the complete list of available options that can be used to customize yo
 | `GITLAB_BACKUP_TIME` | Set a time for the automatic backups in `HH:MM` format. Defaults to `04:00`. |
 | `GITLAB_BACKUP_SKIP` | Specified sections are skipped by the backups. Defaults to empty, i.e. `lfs,uploads`. [See](http://doc.gitlab.com/ce/raketasks/backup_restore.html#create-a-backup-of-the-gitlab-system) |
 | `GITLAB_SSH_HOST` | The ssh host. Defaults to **GITLAB_HOST**. |
-| `GITLAB_SSH_PORT` | The ssh port number. Defaults to `22`. |
+| `GITLAB_SSH_LISTEN_PORT` | The ssh port for SSHD to listen on. Defaults to `22` |
+| `GITLAB_SSH_PORT` | The ssh port number. Defaults to `$GITLAB_SSH_LISTEN_PORT`. |
 | `GITLAB_RELATIVE_URL_ROOT` | The relative url of the GitLab server, e.g. `/git`. No default. |
 | `GITLAB_TRUSTED_PROXIES` | Add IP address reverse proxy to trusted proxy list, otherwise users will appear signed in from that address. Currently only a single entry is permitted. No defaults. |
 | `GITLAB_REGISTRY_ENABLED` | Enables the GitLab Container Registry. Defaults to `false`. |
diff --git a/assets/runtime/env-defaults b/assets/runtime/env-defaults
@@ -26,7 +26,8 @@ fi
 ## SSH
 GITLAB_SSH_HOST=${GITLAB_SSH_HOST:-$GITLAB_HOST}
 GITLAB_SSH_PORT=${GITLAB_SSH_PORT:-$GITLAB_SHELL_SSH_PORT} # for backwards compatibility
-GITLAB_SSH_PORT=${GITLAB_SSH_PORT:-22}
+GITLAB_SSH_LISTEN_PORT=${GITLAB_SSH_LISTEN_PORT:-22}
+GITLAB_SSH_PORT=${GITLAB_SSH_PORT:-$GITLAB_SSH_LISTEN_PORT}
 
 NGINX_HSTS_ENABLED=${NGINX_HSTS_ENABLED:-$GITLAB_HTTPS_HSTS_ENABLED} # backward compatibility
 NGINX_HSTS_ENABLED=${NGINX_HSTS_ENABLED:-true}
@@ -89,7 +90,7 @@ GITLAB_WEBHOOK_TIMEOUT=${GITLAB_WEBHOOK_TIMEOUT:-10}
 
 GITLAB_WORKHORSE_TIMEOUT=${GITLAB_WORKHORSE_TIMEOUT:-5m0s}
 
-# OBJECTSTORE 
+# OBJECTSTORE
 GITLAB_OBJECT_STORE_CONNECTION_PROVIDER=${GITLAB_OBJECT_STORE_CONNECTION_PROVIDER:-AWS}
 AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID:-AWS_ACCESS_KEY_ID}
 AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY:-AWS_SECRET_ACCESS_KEY}
diff --git a/assets/runtime/functions b/assets/runtime/functions
@@ -1473,12 +1473,17 @@ generate_ssh_host_keys() {
   chmod 0644 ${GITLAB_DATA_DIR}/ssh/*.pub
 }
 
+update_ssh_listen_port() {
+  sed -i "s|#Port 22|Port ${GITLAB_SSH_LISTEN_PORT}|g" /etc/ssh/sshd_config
+}
+
 initialize_system() {
   map_uidgid
   initialize_logdir
   initialize_datadir
   update_ca_certificates
   generate_ssh_host_keys
+  update_ssh_listen_port
   install_configuration_templates
   rm -rf /var/run/supervisor.sock
 }
@@ -1573,6 +1578,7 @@ configure_gitlab() {
     GITLAB_RELATIVE_URL_ROOT \
     GITLAB_HTTPS \
     GITLAB_SSH_HOST \
+    GITLAB_SSH_LISTEN_PORT \
     GITLAB_SSH_PORT \
     GITLAB_SIGNUP_ENABLED \
     GITLAB_IMPERSONATION_ENABLED \
