I’m attempting to set up an instance of GitLab CE with Pages enabled for a custom domain, using Docker-Compose.
I feel like I’m close but the container always errors out during the build process.
Here is my current docker-compose.yml file:
gitlab: image: 'gitlab/gitlab-ce:latest' container_name: gitlab restart: always hostname: 'gitlab.mydomain.com' environment: GITLAB_OMNIBUS_CONFIG: | external_url 'https://gitlab.mydomain.com' gitlab_rails['gitlab_shell_ssh_port'] = 2222 letsencrypt['enable'] = true letsencrypt['contact_emails'] = ['firstname.lastname@example.org'] nginx['ssl_certificate'] = "/etc/letsencrypt/live/mydomain.com/cert.pem" nginx['ssl_certificate_key'] = "/etc/letsencrypt/live/mydomain.com/privkey.pem" pages_external_url "https://mydomain.com" nginx['listen_addresses'] = ['126.96.36.199'] pages_nginx['enable'] = false gitlab_pages['cert'] = "/etc/letsencrypt/live/mydomain.com/cert.pem" gitlab_pages['cert_key'] = "/etc/letsencrypt/live/mydomain.com/privkey.pem" gitlab_pages['external_http'] = ['188.8.131.52:80'] gitlab_pages['external_https'] = ['184.108.40.206:443'] ports: - '80:80' - '443:443' - '2222:22' volumes: - '/srv/gitlab/config:/etc/gitlab' - '/srv/gitlab/logs:/var/log/gitlab' - '/srv/gitlab/data:/var/opt/gitlab' - '/etc/letsencrypt/:/etc/letsencrypt'
Prior to running
docker-compose up -d, certbot was ran on the host to create valid LetsEncrypt wildcard certificates in /etc/letsencrypt.
Error logs from docker logs from the container creation show this when the error happens:
Compiled Resource: ------------------ # Declared in /opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/recipes/http_authorization.rb:3:in `fr om_file' letsencrypt_certificate("gitlab.mydomain.com") do action [:create] updated true updated_by_last_action true default_guard_interpreter :default declared_type :letsencrypt_certificate cookbook_name "letsencrypt" recipe_name "http_authorization" fullchain "/etc/gitlab/ssl/gitlab.mydomain.com.crt" key "/etc/gitlab/ssl/gitlab.mydomain.com.key" alt_names  cn "gitlab.mydomain.com" end System Info: ------------ chef_version=13.6.4 platform=ubuntu platform_version=16.04 ruby=ruby 2.3.6p384 (2017-12-14 revision 61254) [x86_64-linux] program_name=/opt/gitlab/embedded/bin/chef-client executable=/opt/gitlab/embedded/bin/chef-client Running handlers: There was an error running gitlab-ctl reconfigure: letsencrypt_certificate[gitlab.mydomain.com] (letsencrypt::http_authorization line 3) had an error: RuntimeEr ror: acme_certificate[staging] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/resources/certificate.rb line 20) had an error: RuntimeError: [gitlab.mydomain.com] Validation failed for domain gitlab.mydomain.com Running handlers complete Chef Client failed. 17 resources updated in 08 seconds
So domain validation appears to be failing, but I’m not sure why. DNS both for *.mydomain.com and gitlab.mydomain.com (both by implication from * and discretely) resolve to the VPS I’m deploying on.
Additionally, there isn’t a need for a new certificate to be generated, as the wildcard certificate should apply to gitlab.mydomain.com.
Since I’ve already created a wildcard cert that should be valid for the gitlab subdomain, what would I need to change in order to have gitlab use the wildcard certificates this deploy successfully using docker-compose?
I thought that was what I was doing by setting the nginx[‘ssl_certificate’] and nginx[‘ssl_certificate_key’] options.
Thank you in advance to anyone who helps, I realize this is a very niche question.