Community Edition, Pages, and Docker-Compose


I’m attempting to set up an instance of GitLab CE with Pages enabled for a custom domain, using Docker-Compose.

I feel like I’m close but the container always errors out during the build process.

Here is my current docker-compose.yml file:

  image: 'gitlab/gitlab-ce:latest'
  container_name: gitlab
  restart: always
  hostname: ''
       external_url ''
       gitlab_rails['gitlab_shell_ssh_port'] = 2222
       letsencrypt['enable'] = true
       letsencrypt['contact_emails'] = ['']
       nginx['ssl_certificate'] = "/etc/letsencrypt/live/"
       nginx['ssl_certificate_key'] = "/etc/letsencrypt/live/"
       pages_external_url ""
       nginx['listen_addresses'] = [''] 
       pages_nginx['enable'] = false
       gitlab_pages['cert'] = "/etc/letsencrypt/live/"
       gitlab_pages['cert_key'] = "/etc/letsencrypt/live/"
       gitlab_pages['external_http'] = ['']
       gitlab_pages['external_https'] = ['']
    - '80:80'
    - '443:443'
    - '2222:22'
    - '/srv/gitlab/config:/etc/gitlab'
    - '/srv/gitlab/logs:/var/log/gitlab'
    - '/srv/gitlab/data:/var/opt/gitlab'
    - '/etc/letsencrypt/:/etc/letsencrypt'

Prior to running docker-compose up -d, certbot was ran on the host to create valid LetsEncrypt wildcard certificates in /etc/letsencrypt.

Error logs from docker logs from the container creation show this when the error happens:

Compiled Resource:
    # Declared in /opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/recipes/http_authorization.rb:3:in `fr
    letsencrypt_certificate("") do
      action [:create]
      updated true
      updated_by_last_action true
      default_guard_interpreter :default
      declared_type :letsencrypt_certificate
      cookbook_name "letsencrypt"
      recipe_name "http_authorization"
      fullchain "/etc/gitlab/ssl/"
      key "/etc/gitlab/ssl/"
      alt_names []
      cn ""
    System Info:
    ruby=ruby 2.3.6p384 (2017-12-14 revision 61254) [x86_64-linux]
Running handlers:
There was an error running gitlab-ctl reconfigure:
letsencrypt_certificate[] (letsencrypt::http_authorization line 3) had an error: RuntimeEr
ror: acme_certificate[staging] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/resources/certificate.rb
 line 20) had an error: RuntimeError: [] Validation failed for domain
Running handlers complete
Chef Client failed. 17 resources updated in 08 seconds

So domain validation appears to be failing, but I’m not sure why. DNS both for * and (both by implication from * and discretely) resolve to the VPS I’m deploying on.

Additionally, there isn’t a need for a new certificate to be generated, as the wildcard certificate should apply to

Since I’ve already created a wildcard cert that should be valid for the gitlab subdomain, what would I need to change in order to have gitlab use the wildcard certificates this deploy successfully using docker-compose?
I thought that was what I was doing by setting the nginx[‘ssl_certificate’] and nginx[‘ssl_certificate_key’] options.

Thank you in advance to anyone who helps, I realize this is a very niche question.

+1 with the same issue.

After some digging in gitlab CE code, we found out that this application setting “pages_domain_verification_enabled” is inside the database. We would like to turn off the custom domain verification by accessing the db directly, however we couldn’t get the gitlab container up and running because it fails at custom domain verification.

Is there any way to change this setting before gitlab container doing initial configuration?