From 96da35316d3554811ef565c256c3eba2c80735f2 Mon Sep 17 00:00:00 2001
From: varpon <tom@gkstn.de>
Date: Mon, 15 Jun 2026 20:44:48 +0000
Subject: [PATCH] fix: set correct value for `SSH_PORT` in initial config

Add some documentation about how to configure the `SSH_PORT`
and `SSH_LISTEN_PORT` variables.
---
 README.md                              | 52 ++++++++++++++++++++------
 compose.yaml                           | 29 +++++++++++++-
 root/etc/cont-init.d/20-forgejo-config |  5 ++-
 3 files changed, 71 insertions(+), 15 deletions(-)

diff --git a/README.md b/README.md
index 0e25bea..c9ec001 100644
--- a/README.md
+++ b/README.md
@@ -37,18 +37,19 @@ Before deploying, ensure your host environment is ready. See the [Quick Start Gu
 ```yaml
 services:
   forgejo:
-    image: ghcr.io/daemonless/forgejo:latest
+    image: "ghcr.io/daemonless/forgejo:latest"
     container_name: forgejo
     environment:
-      - PUID=1000
-      - PGID=1000
-      - TZ=UTC
-      - SSH_PORT=22
+      - PUID=1000  # User ID for the application process
+      - PGID=1000  # Group ID for the application process
+      - TZ=UTC  # Timezone for the container
+      - SSH_PORT=2222  # Published port for sshd (used in clone URLs)
+      - SSH_LISTEN_PORT=22  # Port on which sshd listens inside the container
     volumes:
       - "/path/to/containers/forgejo:/config"
     ports:
-      - 3000:3000
-      - 2222:22
+      - "3000:3000"
+      - "2222:22"
     restart: unless-stopped
 ```
 
@@ -61,7 +62,8 @@ podman run -d --name forgejo \
   -e PUID=1000 \
   -e PGID=1000 \
   -e TZ=UTC \
-  -e SSH_PORT=22 \
+  -e SSH_PORT=2222 \
+  -e SSH_LISTEN_PORT=22 \
   -v /path/to/containers/forgejo:/config \
   ghcr.io/daemonless/forgejo:latest
 ```
@@ -72,14 +74,15 @@ podman run -d --name forgejo \
 - name: Deploy forgejo
   containers.podman.podman_container:
     name: forgejo
-    image: ghcr.io/daemonless/forgejo:latest
+    image: "ghcr.io/daemonless/forgejo:latest"
     state: started
     restart_policy: always
     env:
       PUID: "1000"
       PGID: "1000"
       TZ: "UTC"
-      SSH_PORT: "22"
+      SSH_PORT: "2222"
+      SSH_LISTEN_PORT: "22"
     ports:
       - "3000:3000"
       - "2222:22"
@@ -87,6 +90,8 @@ podman run -d --name forgejo \
       - "/path/to/containers/forgejo:/config"
 ```
 
+Access at: `http://localhost:3000`
+
 ## Parameters
 
 ### Environment Variables
@@ -96,7 +101,8 @@ podman run -d --name forgejo \
 | `PUID` | `1000` | User ID for the application process |
 | `PGID` | `1000` | Group ID for the application process |
 | `TZ` | `UTC` | Timezone for the container |
-| `SSH_PORT` | `22` | Port for sshd |
+| `SSH_PORT` | `2222` | Published port for sshd (used in clone URLs) |
+| `SSH_LISTEN_PORT` | `22` | Port on which sshd listens inside the container |
 
 ### Volumes
 
@@ -111,6 +117,30 @@ podman run -d --name forgejo \
 | `3000` | TCP | Web UI |
 | `22` | TCP | SSH port |
 
+## First run
+If no configuration file exists when the container starts, it will generate an initial  default
+config file at `/config/custom/conf/app.ini`.  
+You can make configuration changes in this file later (e.g. SMTP configuration) and they will be
+preserved across container restarts.
+
+## SSH Setup
+If you modify the port mapping from the default `2222:22` you need to update the 2 environment variables
+described below accordingly.
+
+### `SSH_LISTEN_PORT` env var
+This variable indicates on which port Forgejo's ssh server listens inside the container.  
+If your port mapping for ssh is `2222:22`, this variable should be set to `22`.  
+This variable is used on every container start to modify the `sshd_config` config file.
+
+### `SSH_PORT` env var
+This variable tells Forgejo on which port the ssh server is reachable from the outside and is
+used when constructing the `ssh` URLs shown in Forgejo's web UI.  
+If your port mapping for ssh is `2222:22`, this variable should be set to `2222`.  
+This variable is used only during the first container startup to create the initial configuration file for Forgejo.
+If you want to modify the `SSH_PORT` later, you need to change the configuration in the `[server]`
+section of `/config/custom/conf/app.ini`.
+
+
 **Architectures:** amd64
 **User:** `bsd` (UID/GID via PUID/PGID, defaults to 1000:1000)
 **Base:** FreeBSD 15.0
diff --git a/compose.yaml b/compose.yaml
index de4b159..21518ba 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -17,12 +17,36 @@ x-daemonless:
       PUID: "User ID for the application process"
       PGID: "Group ID for the application process"
       TZ: "Timezone for the container"
-      SSH_PORT: "Port for sshd"
+      SSH_PORT: "Published port for sshd (used in clone URLs)"
+      SSH_LISTEN_PORT: "Port on which sshd listens inside the container"
     volumes:
       /config: "Configuration, repositories, and data directory"
     ports:
       3000: "Web UI"
       22: "SSH port"
+  notes: |
+    ## First run
+    If no configuration file exists when the container starts, it will generate an initial  default
+    config file at `/config/custom/conf/app.ini`.  
+    You can make configuration changes in this file later (e.g. SMTP configuration) and they will be
+    preserved across container restarts.
+
+    ## SSH Setup
+    If you modify the port mapping from the default `2222:22` you need to update the 2 environment variables
+    described below accordingly.
+
+    ### `SSH_LISTEN_PORT` env var
+    This variable indicates on which port Forgejo's ssh server listens inside the container.  
+    If your port mapping for ssh is `2222:22`, this variable should be set to `22`.  
+    This variable is used on every container start to modify the `sshd_config` config file.
+
+    ### `SSH_PORT` env var
+    This variable tells Forgejo on which port the ssh server is reachable from the outside and is
+    used when constructing the `ssh` URLs shown in Forgejo's web UI.  
+    If your port mapping for ssh is `2222:22`, this variable should be set to `2222`.  
+    This variable is used only during the first container startup to create the initial configuration file for Forgejo.
+    If you want to modify the `SSH_PORT` later, you need to change the configuration in the `[server]`
+    section of `/config/custom/conf/app.ini`.
 
 services:
   forgejo:
@@ -34,7 +58,8 @@ services:
       - PUID=1000
       - PGID=1000
       - TZ=UTC
-      - SSH_PORT=22 # optional
+      - SSH_PORT=2222
+      - SSH_LISTEN_PORT=22
 
     volumes:
       - /path/to/containers/forgejo:/config
diff --git a/root/etc/cont-init.d/20-forgejo-config b/root/etc/cont-init.d/20-forgejo-config
index ea9e8eb..6102530 100644
--- a/root/etc/cont-init.d/20-forgejo-config
+++ b/root/etc/cont-init.d/20-forgejo-config
@@ -8,7 +8,7 @@ chown -R bsd:bsd /config
 
 # If no config exists, create a minimal one
 if [ ! -f /config/custom/conf/app.ini ]; then
-    cat > /config/custom/conf/app.ini << 'EOF'
+    cat > /config/custom/conf/app.ini << EOF
 APP_NAME = Forgejo: Beyond coding. We forge.
 RUN_USER = bsd
 WORK_PATH = /config
@@ -26,7 +26,8 @@ ROOT_URL = http://localhost:3000/
 SSH_DOMAIN = %(DOMAIN)s
 SSH_USER = git
 DISABLE_SSH = false
-SSH_PORT = 22
+SSH_PORT = ${SSH_PORT:-2222}
+SSH_LISTEN_PORT = ${SSH_LISTEN_PORT:-22}
 LFS_START_SERVER = false
 OFFLINE_MODE = true