The whole system is inside a Vagrant box. Nginx is installed in the Vagrant box and Gitlab is in a docker container. I'm able to reach Gitlab at
http://gitlab/
as described in /etc/hosts, but it's also reachable at
http://gitlab:10080/
and
http://192.168.7.7:10080/
But, that port should be closed! Gitlab should be only reachable at my custom URL on port 80.
nginx.conf
events {
worker_connections 1024;
}
http {
upstream gitlab {
server 192.168.7.7:10080;
}
server {
listen 80;
server_name gitlab-dw;
port_in_redirect off;
location / {
proxy_pass http://gitlab;
}
}
}
docker-compose.yml
version: '2'
services:
redis:
restart: always
image: sameersbn/redis:latest
command:
- --loglevel warning
volumes:
- /opt/redis:/var/lib/redis:Z
postgresql:
restart: always
image: sameersbn/postgresql:9.4-23
volumes:
- /opt/postgresql:/var/lib/postgresql:Z
environment:
- DB_USER=gitlab
- DB_PASS=password
- DB_NAME=gitlabhq_production
- DB_EXTENSION=pg_trgm
gitlab:
restart: always
image: sameersbn/gitlab:8.9.6-1
depends_on:
- redis
- postgresql
ports:
- "192.168.7.7:10080:80"
- "192.168.7.7:5500:5500"
- "192.168.7.7:10022:22"
volumes:
- /opt/gitlab:/home/git/data:Z
- /opt/gitlab/logs:/var/log/gitlab
- ./gitlab-runner/conf:/etc/gitlab-runner
- /home/vagrant/certs:/certs
environment:
- DEBUG=false
- DB_ADAPTER=postgresql
- DB_HOST=postgresql
- DB_PORT=5432
- DB_USER=gitlab
- DB_PASS=password
- DB_NAME=gitlabhq_production
- REDIS_HOST=redis
- REDIS_PORT=6379
- GITLAB_SSH_PORT=10022
- GITLAB_PORT=10080
- GITLAB_HOST=127.0.0.1
- GITLAB_SECRETS_DB_KEY_BASE=superrandomsecret
- GITLAB_REGISTRY_ENABLED=false
Vagrantfile
Vagrant.configure(2) do |config|
if Vagrant.has_plugin?("vagrant-cachier")
config.cache.scope = :box
end
config.vm.define "jenkins-gitlab" do |config|
config.vm.box = "ubuntu/trusty64"
config.vm.hostname = "jenkins-gitlab"
config.vm.boot_timeout = 300
config.vm.provision :shell, path: "provision.sh"
# Since we mount the dir using NFS we need a private network
config.vm.network :private_network, ip: "192.168.7.7"
config.vm.synced_folder "docker-compose", "/home/vagrant/docker-compose"
config.vm.provider "virtualbox" do |vb|
vb.gui = false
vb.memory = 8192
vb.cpus = 4
end
end
end
/etc/hosts (partial, on host)
192.168.7.7 gitlab-dw
192.168.7.7 jenkins-gitlab # VAGRANT: 7fb8647acc689de630f1c7e6550fd33f (jenkins-gitlab) / 9d0a108b-f842-4787-83e5-cfebecbb9d1e
/etc/hosts (on Vagrant guest)
192.168.7.7 gitlab-dw
[UPDATE]
Also if I change my DOCKER_OPTS="--iptables=false" in /etc/default/docker the port forwarding is still working.
If I connect into my container via docker exec -it containername /bin/bash and make sudo iptables -L the iptables of the container looks like:
root@11bb3902cb02:/# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
DOCKER-ISOLATION all -- anywhere anywhere
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER (1 references)
target prot opt source destination
Chain DOCKER-ISOLATION (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
after destroying the whole vagrant box, checking it out and starting it again, it works now.
maybe one problem was, that I copied the nginx.conf not to /etc/nginx/sites-available/ as a file called defaultbut I copied it to /etc/nginx.conf
now it works, don't know exactly what was the problem, but it's solved now.