Search code examples
dockerhttpsgitlablets-encryptjwilder-nginx-proxy

How to run Gitlab in docker container with nginx-proxy over ssl with letsencrypt securely


I have been fighting with this configuration for days now and whatever I do I cannot get it to work completely. Can anyone help me please ??

I am using this solution described here: https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion which works perfectly for all my other containers but not for gitlab. Using this method only the gitlab login page is fully secured once logged in the green padlock and text Secure goes away and the https tells me; "Your connection to this site is not fully secure". I have checked the logs inside gitlab container, it finds the ssl certificates fine and gives no other errors or indication that something is wrong. Anyone?

file: start.up

#!/bin/bash
docker run -d \
    --name ng \
    -p 80:80 \
    -p 443:443 \
    -v /etc/nginx/conf.d  \
    -v /root/network/nginx/vhost.d:/etc/nginx/vhost.d \
    -v /root/network/nginx/html:/usr/share/nginx/html \
    -v /root/network/nginx/certs:/etc/nginx/certs:ro \
    -e DEFAULT_HOST=domain.com \
    -e VIRTUAL_PROTO=https \
    -e VIRTUAL_PORT=443 \
    --label com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy \
    nginx

docker run -d \
    --name ngg \
    --volumes-from ng \
    -v /root/network/nginx/templates:/etc/docker-gen/templates:ro \
    -v /var/run/docker.sock:/tmp/docker.sock:ro \
    --label com.github.jrcs.letsencrypt_nginx_proxy_companion.docker_gen \
    jwilder/docker-gen \
    -notify-sighup nginx -watch -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf

docker run -d \
    --name ngl \
    --volumes-from ng \
    -v /var/run/docker.sock:/var/run/docker.sock:ro \
    -v /root/network/nginx/certs:/etc/nginx/certs:rw \
    jrcs/letsencrypt-nginx-proxy-companion

file: docker-compose.yml

version: "3"

services:

  gitlab:
    container_name: gl
    image: "gitlab/gitlab-ce:latest"
    restart: always
    hostname: "gitlab.domain.com"
    environment:
      GITLAB_OMNIBUS_CONFIG:
        external_url "https://gitlab.domain.com"
    expose:
    - 80
    - 443
    - 22
    volumes:
    - "./gitlab/config:/etc/gitlab"
    - "./gitlab/logs:/var/log/gitlab"
    - "./gitlab/data:/var/opt/gitlab"
    - "./nginx/certs:/etc/gitlab/ssl"
    environment:
    - VIRTUAL_HOST=gitlab.domain.com
    - LETSENCRYPT_HOST=gitlab.domain.com
    - [email protected]
    network_mode: "bridge"

Solution

  • I think you are missing the nginx config in your docker-compose.yml.

    environment:
      GITLAB_OMNIBUS_CONFIG: |
        external_url 'https://gitlab.example.com'
        nginx['listen_port'] = 80
        nginx['listen_https'] = false
        nginx['proxy_set_headers'] = {
          "X-Forwarded-Proto" => "https",
          "X-Forwarded-Ssl" => "on"
        }
    

    The following gist helped me a lot! https://gist.github.com/netdesk/c1db2985b542f9916995139318e5a7ce