When you've got your VPS with Gitlab installed, Gitlab binds to port 22 on the host machine for easy ssh push/pull for your Gitlab projects. When you still want to be able to connect on port 22 to your 'normal' sshd, the easy way to do this is just to add another IP to your VPS.

Luckily Hetzner Online provides you with an Ipv4 for only about 1 EUR/Month.

First lets find out on what IP addresses your docker container are listenting to, normally by default this is every ip address:

tcp6       0      0 :::22                   :::*                    LISTEN      30646/docker-proxy

In this case tcp6 just means that the service with the pid 30646 created an Ipv6 socket which will also listen to Ipv4.

When you got your new Ipv4 you must assign this IP to your physical network interface. To do this do:

ip addr add {{ip}}/{{mask}} dev {{interface}}

for example: ip addr add 127.0.0.1/32 dev eth0

To create the docker network for your container just do:

docker network create -o "com.docker.network.bridge.host_binding_ipv4"="127.0.0.1" my-cool-network

In your docker-compose.yml you must add the newly added network as an external network, and of course tell your container to connect to this network.

version: '3'

services:
   nginx:
     image: nginx
     restart: always
     ports:
       - "80:80"
       - "443:443"
     networks:
       - frontend
networks:
  frontend:
    external:
      name: my-cool-network

and now when you type in netstat -tulpn you'll see that your port from the docker-compose file will only listen to the specific IP address.

Whats not going to work (I think) is creating an tcp6-socket for your docker network, which will listen to an specific Ipv6 and Ipv4. Maybe I'll look at this further, because, well I've got enough Ipv6 addresses for free...