Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
M
M
Mikhail Aksenov2018-09-12 04:18:11
Digital certificates
Mikhail Aksenov, 2018-09-12 04:18:11

How to make gitlab-ce in docker container work over https?

There is the following configuration: https://gist.github.com/uberpwner/ce2bfc69bd8c9fe5...

If you disable the parameters responsible for https in it, everything works fine on normal http.
However, when I enable https, I get a connection timeout.

The certificate and key exist (they are generated if deleted) and the path to them is correct.
The necessary ports in the firewall are open.
The container starts up and runs with a healthy status

. Is there a way to make this work?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
M
mureevms, 2018-09-12
@mureevms

I'll just give the config, in fact everything is clear in it. If you have additional questions - ask.

Directory structure:
.
├── docker-compose.yml
└── volumes
    ├── gitlab
    │   ├── config
    │   │   ├── ...
    │   ├── data
    │   │   ├── ...
    │   └── logs
    │       └── ...
    └── nginx
        ├── conf.d
        │   └── gitlab.domain.com.conf
        ├── dhparam.pem
        ├── logs
        ├── nginx.conf
        └── www

docker-compose.yml:
gitlab:
  image: 'gitlab/gitlab-ce:latest'
  restart: always
  hostname: 'gitlab'
  container_name: gitlab
  environment:
    GITLAB_OMNIBUS_CONFIG: |
      external_url 'http://{{ domain_name }}'
      nginx['enable'] = false
      web_server['external_users'] = ['www-data']
      gitlab_workhorse['listen_network'] = "tcp"
      gitlab_workhorse['listen_addr'] = "0.0.0.0:8181"
      gitlab_rails['trusted_proxies'] = [ '172.17.0.1/16' ]
      gitlab_rails['gitlab_shell_ssh_port'] = 22
      gitlab_rails['time_zone'] = 'Asia/Tomsk'
      gitlab_rails['ldap_enabled'] = true
      gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
      main:
        label: 'LDAP'
        host: '{{ ldap_server }}'
        port: 389
        uid: 'sAMAccountName'
        bind_dn: 'CN={{ cn }},OU={{ ou }},DC={{ dc }},DC=com'
        password: '{{ pass }}'
        encryption: 'plain'
        active_directory: true
        allow_username_or_email_login: false
        lowercase_usernames: false
        block_auto_created_users: false
        base: 'OU={{ ou }},DC={{ dc }},DC=com'
        user_filter: '(&(objectCategory=Person)(sAMAccountName=*))'
      EOS
      gitlab_rails['backup_upload_connection'] = {
        :provider => 'Local',
        :local_root => '/mnt'
      }
      gitlab_rails['backup_upload_remote_directory'] = 'backup'
      gitlab_rails['backup_keep_time'] = 864000
  ports:
    - '22:22'
  volumes:
    - ./volumes/gitlab/config:/etc/gitlab
    - ./volumes/gitlab/logs:/var/log/gitlab
    - ./volumes/gitlab/data:/var/opt/gitlab
    - /mnt/backup:/mnt/backup

nginx:
  container_name: nginx
  image: nginx:1.15.0-alpine
  restart: always
  links:
    - gitlab:gitlab
  ports:
    - 80:80
    - 443:443
  volumes:
    - /etc/letsencrypt/:/etc/letsencrypt
    - ./volumes/nginx/logs:/var/log/nginx
    - ./volumes/nginx/conf.d:/etc/nginx/conf.d
    - ./volumes/nginx/www:/var/www
    - ./volumes/nginx/dhparam.pem:/etc/nginx/dhparam.pem
    - ./volumes/nginx/nginx.conf:/etc/nginx/nginx.conf
{{ xx }}are variables, just replace with your own values.
Pay attention to gitlab_workhorse['listen_addr']- this is the address and port that gitlab will listen to, you can leave it as it is. Port 22 is redirected from the system to the gitlab container, so I hung the system SSH daemon on a different port.
volumes/nginx/conf.d/gitlab.domain.com.conf:
upstream gitlab-endpoint {
    server gitlab:8181 fail_timeout=0;
}

server {
    listen 80;
    server_name gitlab.domain.com;

    location /.well-known {
        root /var/www/;
    }
    location / {
        return  301 https://$server_name$request_uri;
    }
}

server {
    listen 443 ssl http2;
    server_name gitlab.domain.com;
    ssl_dhparam /etc/nginx/dhparam.pem;
    ssl_certificate /etc/letsencrypt/live/gitlab.domain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/gitlab.domain.com/privkey.pem;

  location / {
    proxy_read_timeout      300;
    proxy_connect_timeout   300;
    proxy_redirect          off;

    proxy_set_header        X-Forwarded-Proto $scheme;
    proxy_set_header        Host              $http_host;
    proxy_set_header        X-Real-IP         $remote_addr;
    proxy_set_header        X-Forwarded-For   $proxy_add_x_forwarded_for;
    proxy_set_header        X-Frame-Options   SAMEORIGIN;

    proxy_pass              http://gitlab-endpoint;
  }
    location /.well-known {
        root /var/www/;
    }
}

It ends up looking like this:
[email protected]:/docker# docker-compose ps
 Name          Command          State                    Ports                  
--------------------------------------------------------------------------------
gitlab   /assets/wrapper        Up      0.0.0.0:22->22/tcp, 443/tcp, 80/tcp     
nginx    nginx -g daemon off;   Up      0.0.0.0:443->443/tcp, 0.0.0.0:80->80/tcp

Similar questions
W
weranda2016-06-10 20:07:24
How to deal with a lot of questions before switching to HTTPS? 1Reply
W
weranda2016-06-13 13:58:57
Do I need a dedicated IP address for Comodo PositiveSSL SSL certificate? 1Reply
S
Sergey2018-11-18 00:08:52
How to remove SSL certificate from mail in ISP control panel? 1Reply
P
praeitor2016-06-20 22:19:38
IIS 7.5 many to one how to make a fault-tolerant system? 1Reply
A
Alexey Lizurchik2014-05-17 20:54:49
Encrypted communications over sockets? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question