From 02b174c2af04ff47b78d6554e3ed250e9088b937 Mon Sep 17 00:00:00 2001
From: epriestley <git@epriestley.com>
Date: Wed, 18 Feb 2015 10:51:14 -0800
Subject: [PATCH] Allow a different SSH host to be set in Diffusion

Summary:
Ref T6941. In the cluster (and in other reasonable setups) we've separated SSH load balancers from HTTP load balancers.

In particular, ELBs will not let you load balance port 22, so this is likely a reasonable/common issue in larger clusters in AWS.

Allow users to specify an alternate host for SSH traffic.

Test Plan: Set host to someting different, saw it reflected in UI.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T6941

Differential Revision: https://secure.phabricator.com/D11800
---
 scripts/ssh/ssh-exec.php                              |  1 +
 .../config/PhabricatorDiffusionConfigOptions.php      | 11 +++++++++++
 .../repository/storage/PhabricatorRepository.php      |  5 +++++
 3 files changed, 17 insertions(+)

diff --git a/scripts/ssh/ssh-exec.php b/scripts/ssh/ssh-exec.php
index 39bed2a701..93b808be92 100755
--- a/scripts/ssh/ssh-exec.php
+++ b/scripts/ssh/ssh-exec.php
@@ -19,6 +19,7 @@ $args->setSynopsis(<<<EOSYNOPSIS
 EOSYNOPSIS
 );
 
+$args->parseStandardArguments();
 $args->parse(
   array(
     array(
diff --git a/src/applications/diffusion/config/PhabricatorDiffusionConfigOptions.php b/src/applications/diffusion/config/PhabricatorDiffusionConfigOptions.php
index 889de07cc0..8bf13db16e 100644
--- a/src/applications/diffusion/config/PhabricatorDiffusionConfigOptions.php
+++ b/src/applications/diffusion/config/PhabricatorDiffusionConfigOptions.php
@@ -113,6 +113,7 @@ final class PhabricatorDiffusionConfigOptions
             "Consider using SSH for authenticated access to repositories ".
             "instead of HTTP.")),
       $this->newOption('diffusion.ssh-user', 'string', null)
+        ->setLocked(true)
         ->setSummary(pht('Login username for SSH connections to repositories.'))
         ->setDescription(
           pht(
@@ -120,12 +121,22 @@ final class PhabricatorDiffusionConfigOptions
             'fill in this login username. If you have configured a VCS user '.
             'like `git`, you should provide it here.')),
       $this->newOption('diffusion.ssh-port', 'int', null)
+        ->setLocked(true)
         ->setSummary(pht('Port for SSH connections to repositories.'))
         ->setDescription(
           pht(
             'When constructing clone URIs to show to users, Diffusion by '.
             'default will not display a port assuming the default for your '.
             'VCS. Explicitly declare when running on a non-standard port.')),
+      $this->newOption('diffusion.ssh-host', 'string', null)
+        ->setLocked(true)
+        ->setSummary(pht('Host for SSH connections to repositories.'))
+        ->setDescription(
+          pht(
+            'If you accept Phabricator SSH traffic on a different host '.
+            'from web traffic (for example, if you use different SSH and '.
+            'web load balancers), you can set the SSH hostname here. This '.
+            'is an advanced option.')),
     );
   }
 
diff --git a/src/applications/repository/storage/PhabricatorRepository.php b/src/applications/repository/storage/PhabricatorRepository.php
index 8181814959..170914171d 100644
--- a/src/applications/repository/storage/PhabricatorRepository.php
+++ b/src/applications/repository/storage/PhabricatorRepository.php
@@ -1006,6 +1006,11 @@ final class PhabricatorRepository extends PhabricatorRepositoryDAO
       $uri->setUser($ssh_user);
     }
 
+    $ssh_host = PhabricatorEnv::getEnvConfig('diffusion.ssh-host');
+    if (strlen($ssh_host)) {
+      $uri->setDomain($ssh_host);
+    }
+
     $uri->setPort(PhabricatorEnv::getEnvConfig('diffusion.ssh-port'));
 
     return $uri;