4

I have been fighting with this configuration for days now and whatever I do I cannot get it to work completely. Can anyone help me please ??

I am using this solution described here: https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion which works perfectly for all my other containers but not for gitlab. Using this method only the gitlab login page is fully secured once logged in the green padlock and text Secure goes away and the https tells me; "Your connection to this site is not fully secure". I have checked the logs inside gitlab container, it finds the ssl certificates fine and gives no other errors or indication that something is wrong. Anyone?

file: start.up

#!/bin/bash
docker run -d \
    --name ng \
    -p 80:80 \
    -p 443:443 \
    -v /etc/nginx/conf.d  \
    -v /root/network/nginx/vhost.d:/etc/nginx/vhost.d \
    -v /root/network/nginx/html:/usr/share/nginx/html \
    -v /root/network/nginx/certs:/etc/nginx/certs:ro \
    -e DEFAULT_HOST=domain.com \
    -e VIRTUAL_PROTO=https \
    -e VIRTUAL_PORT=443 \
    --label com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy \
    nginx

docker run -d \
    --name ngg \
    --volumes-from ng \
    -v /root/network/nginx/templates:/etc/docker-gen/templates:ro \
    -v /var/run/docker.sock:/tmp/docker.sock:ro \
    --label com.github.jrcs.letsencrypt_nginx_proxy_companion.docker_gen \
    jwilder/docker-gen \
    -notify-sighup nginx -watch -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf

docker run -d \
    --name ngl \
    --volumes-from ng \
    -v /var/run/docker.sock:/var/run/docker.sock:ro \
    -v /root/network/nginx/certs:/etc/nginx/certs:rw \
    jrcs/letsencrypt-nginx-proxy-companion

file: docker-compose.yml

version: "3"

services:

  gitlab:
    container_name: gl
    image: "gitlab/gitlab-ce:latest"
    restart: always
    hostname: "gitlab.domain.com"
    environment:
      GITLAB_OMNIBUS_CONFIG:
        external_url "https://gitlab.domain.com"
    expose:
    - 80
    - 443
    - 22
    volumes:
    - "./gitlab/config:/etc/gitlab"
    - "./gitlab/logs:/var/log/gitlab"
    - "./gitlab/data:/var/opt/gitlab"
    - "./nginx/certs:/etc/gitlab/ssl"
    environment:
    - VIRTUAL_HOST=gitlab.domain.com
    - LETSENCRYPT_HOST=gitlab.domain.com
    - [email protected]
    network_mode: "bridge"
Improve this question
5
  • Can you use developer tools on the browser to see why it thinks the connection is insecure? It maybe that the HTML source for Gitlab is loading something from a remote location, but not using HTTPs giving you the insecure warning. Commented Sep 13, 2017 at 11:19
  • 1
    Yes, i have checked it. Apparently gitlab makes insecure calls to gravatar.com which the browser then flags as insecure. Hmm googling Commented Sep 13, 2017 at 11:52
  • /etc/gitlab/gitlab.rb could override the default 'gravatar_ssl_url' for gitlab_rails and gitlab_ci, although I see no reason why that should be the case. Commented Sep 13, 2017 at 12:27
  • Yeah that is what I am testing right now with a clean install. When I turned off gravatar in settings earlier, the green text secure and the padlock reappeared. So its definitely the gravatar thing. Commented Sep 13, 2017 at 12:39
  • Please see github.com/gitlabhq/gitlabhq/issues/690 Commented Sep 13, 2017 at 14:28

2 Answers 2

Reset to default
5

I think you are missing the nginx config in your docker-compose.yml.

environment:
  GITLAB_OMNIBUS_CONFIG: |
    external_url 'https://gitlab.example.com'
    nginx['listen_port'] = 80
    nginx['listen_https'] = false
    nginx['proxy_set_headers'] = {
      "X-Forwarded-Proto" => "https",
      "X-Forwarded-Ssl" => "on"
    }

The following gist helped me a lot! https://gist.github.com/netdesk/c1db2985b542f9916995139318e5a7ce

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I'm fighting with the same thing, the Gist link is dead…
0

I had the same problem and solved it by running GitLab docker on a custom HTTP port.

docker-compose.yaml:

web:
  image: 'gitlab/gitlab-ee:latest'
  restart: always
  hostname: 'git.example.com'
  environment:
    GITLAB_OMNIBUS_CONFIG: |
      external_url 'https://git.example.com'
      gitlab_rails['gitlab_shell_ssh_port'] = 2224
      nginx['listen_port'] = 8929
      nginx['listen_https'] = false
  ports:
    - '8929:8929'
    - '2224:22'

Nginx config:

server {
    server_name git.example.com;

    location / {
        proxy_pass http://localhost:8929;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/git.example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/git.example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.