5

I installed gitlab with the offical Docker container:

docker run -d -p 8002:80 -v /mnt/gitlab/etc/gitlab:/etc/gitlab -v /mnt/gitlab/var/opt/gitlab:/var/opt/gitlab -v /mnt/gitlab/var/log/gitlab:/var/log/gitlab gitlab/gitlab-ce

I'm using nginx as reverse proxy:

    upstream gitlab {
        server localhost:8002;
}

server {
        listen 443 ssl;
        listen [::]:443 ssl;
        keepalive_timeout 70;
        ssl_certificate /etc/letsencrypt/live/git.cedware.com/cert.pem;
        ssl_certificate_key /etc/letsencrypt/live/git.cedware.com/privkey.pem;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers HIGH:!aNULL:!MD5;
        server_name git.cedware.com;
        client_max_body_size 300M;
        location / {
                proxy_http_version 1.1;
                proxy_pass http://localhost:8002/;
                proxy_set_header Host $host;
                proxy_set_header X-Forwared-Ssl off;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
}

This all works totally fine, until I add this line to the gitlab.rb

external_url 'https://git.cedware.com';

After restarting the container, nginx can't reach gitlab. Can someone tell me what's wrong with my setup?

Edit: This is the output of curl -v https://git.cedware.com:

* Rebuilt URL to: https://git.cedware.com/
*   Trying 37.120.177.116...
* Connected to git.cedware.com (37.120.177.116) port 443 (#0)
* found 175 certificates in /etc/ssl/certs/ca-certificates.crt
* found 700 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_256_GCM_SHA384
*        server certificate verification OK
*        server certificate status verification SKIPPED
*        common name: git.cedware.com (matched)
*        server certificate expiration date OK
*        server certificate activation date OK
*        certificate public key: RSA
*        certificate version: #3
*        subject: CN=git.cedware.com
*        start date: Wed, 04 Jan 2017 16:58:00 GMT
*        expire date: Tue, 04 Apr 2017 16:58:00 GMT
*        issuer: C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3
*        compression: NULL
* ALPN, server accepted to use http/1.1
> GET / HTTP/1.1
> Host: git.cedware.com
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 502 Bad Gateway
< Server: nginx/1.10.0 (Ubuntu)
< Date: Thu, 05 Jan 2017 08:45:52 GMT
< Content-Type: text/html
< Content-Length: 182
< Connection: keep-alive
<
<html>
<head><title>502 Bad Gateway</title></head>
<body bgcolor="white">
<center><h1>502 Bad Gateway</h1></center>
<hr><center>nginx/1.10.0 (Ubuntu)</center>
</body>
</html>
* Connection #0 to host git.cedware.com left intact

And this is the content of the nginx error.log:

> 2017/01/05 09:47:43 [error] 26258#26258: *1 recv() failed (104:
> Connection reset by peer) while reading response header from upstream,
> client: 217.7.247.238, server: git.cedware.com, request: "GET /
> HTTP/1.1", upstream: "http://127.0.0.1:8002/", host: "git.cedware.com"
> 2017/01/05 09:47:43 [error] 26258#26258: *1 recv() failed (104:
> Connection reset by peer) while reading response header from upstream,
> client: 217.7.247.238, server: git.cedware.com, request: "GET /
> HTTP/1.1", upstream: "http://[::1]:8002/", host: "git.cedware.com"
> 2017/01/05 09:47:43 [error] 26258#26258: *1 no live upstreams while
> connecting to upstream, client: 217.7.247.238, server:
> git.cedware.com, request: "GET /favicon.ico HTTP/1.1", upstream:
> "http://localhost/favicon.ico", host: "git.cedware.com", referrer:
> "https://git.cedware.com/"
Improve this question
3
  • 1
    Are there any nginx errors in the logs? Can you do a curl -v https://git.cedware.com and post the output? Commented Jan 5, 2017 at 8:42
  • I got the same issue, and could not find any acceptable answer. Commented Nov 9, 2018 at 14:49
  • It looks like the docker is not responding to the 80 port at all, it's indeed not a nginx error. Commented Nov 9, 2018 at 15:04

2 Answers 2

Reset to default
2

As per the nginx error shown in the log the upstream is not responding. This is not a nginx error.

Most likely your container is either down or stuck in a restart loop.

Use docker ps to see the container status. Then use docker logs <containername> to see any errors it generates.

It is possible that gitlab doesn't like your gitlab.rb modification. The log should tell you more.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks after viewing the logs I figured out that gitlab was searching for the ssl certificates, after providing them and binding 8002 to 443 instead of 80 it's working
1

You should expose 443 port of container since you are using https for gitlab.

Also your location in host system's Nginx settign should be https://localhost:some_443_port/

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.