Change the SSL Certs in Docker Enviroment (GitLab 15.0.2)

MyKey0815 · July 18, 2022, 9:29am

I have setup a docker-GitLab with following docker-compose.yml:

version: '3.6'
services:
  web:
    image: 'gitlab/gitlab-ce:latest'
    restart: always
    hostname: 'se69j4h32od.company.de'
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        external_url 'https://se69j4h32od.company.de'
        gitlab_rails['initial_root_password'] = 'topsecretpassword'
        # Add any other gitlab.rb configuration here, each on its own line
    ports:
      - '85:80'
      - '4443:443'
      - '2224:22'
    volumes:
      - '$GITLAB_HOME/config:/etc/gitlab'
      - '$GITLAB_HOME/logs:/var/log/gitlab'
      - '$GITLAB_HOME/data:/var/opt/gitlab'
    shm_size: '256m'

A month later i will start to upload files to this server. I download the .pem with firefox and put them to my local git project

git config --global http.sslCAInfo D:\_AppDev\stage\config\se69j4h32od-company-de.pem

Then the first SSL-Cert is outdated. I create a new one and put them to the GitLab

mv /config/ssl/se69j4h32od.company.de.crt /config/ssl/se69j4h32od.company.de.crt.gitlab
mv /config/ssl/se69j4h32od.company.de.key /config/ssl/se69j4h32od.company.de.key.gitlab

cp /etc/_keys/se69j4h32od.crt /config/ssl/se69j4h32od.company.de.crt
cp /etc/_keys/se69j4h32od.key /config/ssl/se69j4h32od.company.de.key

docker exec 1f85a099e6ea gitlab-ctl reconfigure
docker exec 1f85a099e6ea gitlab-ctl hup nginx registry

reboot

Now is possible to connect to the GitLab, but i cant pull or clone.

git clone https://se69j4h32od.company.de:4443/root/git_pull_test.git
Cloning into 'git_pull_test'...
fatal: unable to access 'https://se69j4h32od.company.de:4443/root/git_pull_test.git/': Out of memory

When I disable the SSL in the command, than it works fine

git -c http.sslVerify=false  push -u origin master 
warning: ----------------- SECURITY WARNING ----------------
warning: | TLS certificate verification has been disabled! |
warning: ---------------------------------------------------
warning: HTTPS connections may not be secure. See https://aka.ms/gcm/tlsverify for more information.
warning: ----------------- SECURITY WARNING ----------------
warning: | TLS certificate verification has been disabled! |
warning: ---------------------------------------------------
warning: HTTPS connections may not be secure. See https://aka.ms/gcm/tlsverify for more information.
warning: ----------------- SECURITY WARNING ----------------
warning: | TLS certificate verification has been disabled! |
warning: ---------------------------------------------------
warning: HTTPS connections may not be secure. See https://aka.ms/gcm/tlsverify for more information.
Enumerating objects: 65, done.
Counting objects: 100% (65/65), done.
Delta compression using up to 8 threads
Compressing objects: 100% (62/62), done.
Writing objects: 100% (65/65), 27.36 KiB | 6.84 MiB/s, done.
Total 65 (delta 42), reused 0 (delta 0), pack-reused 0
To https://se69j4h32od.company.de:4443/root/project_stage_state.git
 * [new branch]      master -> master
branch 'master' set up to track 'origin/master'.

How is the right way to change the SSL to another / own cert. On the GitLab-Docu is said, that only the files must be change, when it worked before (I have not tested before the cert was outdated, sorry).

balonik · July 20, 2022, 6:42am

Hi @MyKey0815

This actually seems like issue on client side rather than on GitLab server.

Is HTTPS working fine in GitLab UI?