Hello,
I’m attempting to set up an instance of GitLab CE with Pages enabled for a custom domain, using Docker-Compose.
I feel like I’m close but the container always errors out during the build process.
Here is my current docker-compose.yml file:
gitlab:
image: 'gitlab/gitlab-ce:latest'
container_name: gitlab
restart: always
hostname: 'gitlab.mydomain.com'
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'https://gitlab.mydomain.com'
gitlab_rails['gitlab_shell_ssh_port'] = 2222
letsencrypt['enable'] = true
letsencrypt['contact_emails'] = ['letsencrypt@mydomain.com']
nginx['ssl_certificate'] = "/etc/letsencrypt/live/mydomain.com/cert.pem"
nginx['ssl_certificate_key'] = "/etc/letsencrypt/live/mydomain.com/privkey.pem"
pages_external_url "https://mydomain.com"
nginx['listen_addresses'] = ['12.34.56.78']
pages_nginx['enable'] = false
gitlab_pages['cert'] = "/etc/letsencrypt/live/mydomain.com/cert.pem"
gitlab_pages['cert_key'] = "/etc/letsencrypt/live/mydomain.com/privkey.pem"
gitlab_pages['external_http'] = ['12.34.56.79:80']
gitlab_pages['external_https'] = ['12.34.56.79:443']
ports:
- '80:80'
- '443:443'
- '2222:22'
volumes:
- '/srv/gitlab/config:/etc/gitlab'
- '/srv/gitlab/logs:/var/log/gitlab'
- '/srv/gitlab/data:/var/opt/gitlab'
- '/etc/letsencrypt/:/etc/letsencrypt'
Prior to running docker-compose up -d, certbot was ran on the host to create valid LetsEncrypt wildcard certificates in /etc/letsencrypt.
Error logs from docker logs from the container creation show this when the error happens:
Compiled Resource:
------------------
# Declared in /opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/recipes/http_authorization.rb:3:in `fr
om_file'
letsencrypt_certificate("gitlab.mydomain.com") do
action [:create]
updated true
updated_by_last_action true
default_guard_interpreter :default
declared_type :letsencrypt_certificate
cookbook_name "letsencrypt"
recipe_name "http_authorization"
fullchain "/etc/gitlab/ssl/gitlab.mydomain.com.crt"
key "/etc/gitlab/ssl/gitlab.mydomain.com.key"
alt_names []
cn "gitlab.mydomain.com"
end
System Info:
------------
chef_version=13.6.4
platform=ubuntu
platform_version=16.04
ruby=ruby 2.3.6p384 (2017-12-14 revision 61254) [x86_64-linux]
program_name=/opt/gitlab/embedded/bin/chef-client
executable=/opt/gitlab/embedded/bin/chef-client
Running handlers:
There was an error running gitlab-ctl reconfigure:
letsencrypt_certificate[gitlab.mydomain.com] (letsencrypt::http_authorization line 3) had an error: RuntimeEr
ror: acme_certificate[staging] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/resources/certificate.rb
line 20) had an error: RuntimeError: [gitlab.mydomain.com] Validation failed for domain gitlab.mydomain.com
Running handlers complete
Chef Client failed. 17 resources updated in 08 seconds
So domain validation appears to be failing, but I’m not sure why. DNS both for *.mydomain.com and gitlab.mydomain.com (both by implication from * and discretely) resolve to the VPS I’m deploying on.
Additionally, there isn’t a need for a new certificate to be generated, as the wildcard certificate should apply to gitlab.mydomain.com.
Since I’ve already created a wildcard cert that should be valid for the gitlab subdomain, what would I need to change in order to have gitlab use the wildcard certificates this deploy successfully using docker-compose?
I thought that was what I was doing by setting the nginx[‘ssl_certificate’] and nginx[‘ssl_certificate_key’] options.
Thank you in advance to anyone who helps, I realize this is a very niche question.