I am using git-ce latest image and docker-compose.
My docker-compose.yml looks like this:
docker-compose.yml
version: '2.1' networks: gitnet: driver: bridge # enable_ipv6: true ipam: driver: default config: - subnet: 10.79.79.1/24 #- subnet: fd00:1::/80 #gateway: fd00:1::1 services: gitlab: image: gitlab/gitlab-ce restart: always hostname: 'git.example.com' container_name: 'git.example.com' environment: GITLAB_OMNIBUS_CONFIG: | #external_url = ['http://git.example.com','https://git.example.com','https://git6.example.com','http://git6.example.com'] external_url = ['https://git.example.com'] #registry_external_url = ['https://git6.example.com'] nginx['enable'] = true nginx['client_max_body_size'] = '250m' nginx['redirect_http_to_https'] = true nginx['ssl_certificate'] = "/etc/gitlab/ssl/fullchain.pem" nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/privkey.pem" nginx['ssl_trusted_certificate'] = "/etc/gitlab/ssl/chain.pem" nginx['ssl'] = "on" nginx['ssl_protocols'] = "TLSv1.2 TLSv1.1 TLSv1" nginx['ssl_prefer_server_ciphers'] = "on" nginx['ssl_ciphers'] = "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS" nginx['keepalive_timeout'] = "70" nginx['ssl_dhparam'] = "/etc/gitlab/ssl/dhparam.pem" nginx['ssl_session_cache'] = "shared:SSL:10m" nginx['ssl_session_timeout'] = "10m"letsencrypt['enable'] = false gitlab_rails['gitlab_email_enabled'] = true gitlab_rails['gitlab_email_from'] = 'git@example.com' gitlab_rails['gitlab_email_reply_to'] = 'noreply@example.com' gitlab_rails['gitlab_email_display_name'] = 'Gitlab Admin' gitlab_rails['gitlab_email_subject_suffix'] = '[git@example.com]' gitlab_rails['smtp_enable'] = true gitlab_rails['smtp_address'] = "172.16.185.62" gitlab_rails['smtp_port'] = 25 gitlab_rails['smtp_domain'] = "smtp.gmail.com" unicorn['worker_timeout'] = 60 unicorn['worker_processes'] = 13 gitlab_rails['gitlab_shell_ssh_port'] = 8822 gitlab_rails['ldap_enabled'] = true gitlab_rails['ldap_servers'] = YAML.load <<-'EOS' main: # 'main' is the GitLab 'provider ID' of this LDAP server label: 'example.com' host: 'sso.example.com' port: 20018 uid: 'uid' method: 'ssl' # "tls" or "ssl" or "plain" bind_dn: 'cn=admin,dc=example,dc=com' password: '123123123' active_directory: false allow_username_or_email_login: true verify_certificates: false base: 'ou=People,dc=example,dc=com' sync_ssh_keys: true EOS gitlab_rails['omniauth_providers'] = [ { 'name' => 'openid_connect', 'label' => 'sso.example.com', 'args' => { 'name' => 'openid_connect', 'scope' => ['openid','profile'], 'response_type' => 'code', # realm url 'issuer' => 'https://sso.example.com:8843/auth/realms/example.com', #Gitlab fetch all the endpoints from #https://<keycloak-url>/auth/realms/<realm>/.well-known/openid-configuration 'discovery' => true, 'client_auth_method' => 'basic', #Client Configuration 'client_options' => { 'identifier' => 'git.example.com', 'secret' => 'asdfasdfasdf-423dsf-saf324-dafa432-asdf89sd7a', 'redirect_uri' => 'http://git.example.com/users/auth/openid_connect/callback' } } } ] ports: - '80:80' - '443:443' - '8822:22' volumes: - '/opt/www/git.example.com/config:/etc/gitlab' #- '/opt/www/git.example.com/gitlab.rb:/etc/gitlab/gitlab.rb' - '/opt/www/git.example.com/logs:/var/log/gitlab' - '/opt/www/git.example.com/data:/var/opt/gitlab' - '/etc/resolv.conf:/etc/resolv.conf:ro' networks: gitnet: ipv4_address: 10.79.79.79 extra_hosts: - "sso:192.168.185.56"
root@git:/# gitlab-rails console
--------------------------------------------------------------------------------
GitLab: 13.0.6 (5aa982e01ea) FOSS
GitLab Shell: 13.2.0
PostgreSQL: 11.7
--------------------------------------------------------------------------------
Loading production environment (Rails 6.0.3)
irb(main):001:0> Gitlab::Application.routes.default_url_options
=> {:host=>"git.example.com", :protocol=>"http", :script_name=>""}
Here is the content of config/ssl:
-rw-r--r-- 1 root root 1647 Jun 17 15:19 chain.pem
-rw-r--r-- 1 root root 769 Jun 17 09:25 dhparam.pem
-rw-r--r-- 1 root root 3542 Jun 17 06:59 fullchain.pem
-rw-r--r-- 1 root root 1310 Jun 17 02:21 git.example.com.crt
-rw-r--r-- 1 root root 1679 Jun 17 02:21 git.example.com.key
drw-r--r-- 2 root root 4096 Jun 17 02:16 old
-rw------- 1 root root 1708 Jun 17 06:59 privkey.pem
I used let’s encrypt to get my wildcard certificate. My server can’t connect internet, so I can’t use let’s encrypt module.
I even converted the config in docker-compose.yml to gitlab.rb and saved into config. Still, no effect.