I have server running Ubuntu 16.04 with Docker engine installed.
In one container I'm running GitLab service (and of course many other containers with other stuff). Let's call it's Docker network address GITLAB_IP.
I'm using nginx-proxy for proxying HTTP requests from the outside based on VIRTUAL_HOST environment variable.
DNS is set up so everything targeted at *.mydomain.com goes to mydomain.com and is resolved on the same host.
Requests going to mydomain.com are served by my main nginx container, while requests going to gitlab.mydomain.com are served by my GitLab container.
Everything works well on port 80 (and 443).
Now I want to be able to use git over ssh. What I'm trying to achieve is that if I do
> ssh mydomain.com
I will end up in terminal of my host server. And if I do
> ssh gitlab.mydomain.com
then I want to end up in terminal of GitLab container.
I know I can map port 22 of the container on some unused port on the host, so I'm able to access the container by ssh-ing to eg. port 10022, but I prefer it clean and clear.
Is there any way to make ssh server on host machine somehow act as an proxy when specific domain is detected?
Unlike HTTP or SNI-enabled TLS services, the SSH service doesn't have any sort of name-based logic detection.
The long and the short of it is that you get one ssh daemon per ip/port.
There are workarounds that might work.
Port knocking is one possibility. You could change which service a firewall forwards you to based on the knock you send.
Another thing you could do is set up a .ssh/authorized_keys file that will recognize which SSH key you use, and then force a command that will start a new ssh process and drop you on the correct corresponding service.
You could also run each ssh service on a different port, and have a client-side config file handle the name->port mapping.