The server that I need to deploy to is in a private network (without a public IP). I can access the server from outside that network through VPN, but with difficulties, and deployment with capistrano breaks every time.
I have access to another computer in that private network that has a public IP.
Is it possible to set up the capistrano deployment scripts so that the deployment goes through that "proxy" server?
Can you perhaps suggest some other solutions for my situation other than working out the problem with the VPN, which is out of my hands.
Setting up a github hook which would trigger a script on the server that would then pull the branch comes to my mind, but that is much less then what capistrano does: no migrations, revisions, bundle update, server restart, etc...
Capistrano communicates to the target server over SSH - if you setup the SSH connection to proxy through your 'bastion' server and land on the appropriate final host(s), then Capistrano - over that connection - will do the same.
One of the easiest ways of setting this up, is with a ~/.ssh/config block, describing where you want to end up, and the proxy to be able to reach it.
Exactly how that is configured, depends on how you have setup the network.
Here's an (edited for hostnames) .ssh/config file I've just created to SSH from: home via public and then on to final:
Host internalvia
HostName final.hostname.com
User secretdeployuser
IdentityFile ~/.ssh/id_rsa
ProxyCommand ssh public-server.com -W %h:%p
I could then ssh internalvia, and land on the machine called final.hostname.com, but I went through public-server.com (logging in first, as myself, and then,of final as 'secretdeployuser'. Both public and final have my usual id_rsa key allowed to login, and the standard forwarding allows me to login to both, even via one another.
When this was working for you to be able to ssh in to the final location from the command line, you can put the internalvia as the host in the Capistrano setup.
role :app, %w{ secretdeployuser@internalvia }