Docker-compose let's encrypt doesn't work

How to Use GitLab
,
1

I am using git-ce latest image and docker-compose.

My docker-compose.yml looks like this:

docker-compose.yml 
version: '2.1'
networks:
  gitnet:
    driver: bridge
    #    enable_ipv6: true
    ipam:
      driver: default
      config:
      - subnet:  10.79.79.1/24
        #- subnet: fd00:1::/80
        #gateway: fd00:1::1
services:
    gitlab:
        image: gitlab/gitlab-ce
        restart: always
        hostname: 'git.example.com'
        container_name: 'git.example.com'
        environment:
            GITLAB_OMNIBUS_CONFIG: |
                #external_url = ['http://git.example.com','https://git.example.com','https://git6.example.com','http://git6.example.com']
                external_url = ['https://git.example.com']
                #registry_external_url = ['https://git6.example.com']
                nginx['enable'] = true
                nginx['client_max_body_size'] = '250m'
                nginx['redirect_http_to_https'] = true
                nginx['ssl_certificate'] = "/etc/gitlab/ssl/fullchain.pem"
                nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/privkey.pem"
                nginx['ssl_trusted_certificate'] = "/etc/gitlab/ssl/chain.pem"
                nginx['ssl'] = "on"
                nginx['ssl_protocols'] = "TLSv1.2 TLSv1.1 TLSv1"
                nginx['ssl_prefer_server_ciphers'] = "on"
                nginx['ssl_ciphers'] = "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
                nginx['keepalive_timeout'] = "70"
                nginx['ssl_dhparam'] = "/etc/gitlab/ssl/dhparam.pem"
                nginx['ssl_session_cache'] = "shared:SSL:10m"
                nginx['ssl_session_timeout'] = "10m"

            letsencrypt['enable'] = false
            gitlab_rails['gitlab_email_enabled'] = true
            gitlab_rails['gitlab_email_from'] = 'git@example.com'
            gitlab_rails['gitlab_email_reply_to'] = 'noreply@example.com'
            gitlab_rails['gitlab_email_display_name'] = 'Gitlab Admin'
            gitlab_rails['gitlab_email_subject_suffix'] = '[git@example.com]'
            gitlab_rails['smtp_enable'] = true
            gitlab_rails['smtp_address'] = "172.16.185.62"
            gitlab_rails['smtp_port'] = 25
            gitlab_rails['smtp_domain'] = "smtp.gmail.com"

            unicorn['worker_timeout'] = 60
            unicorn['worker_processes'] = 13

            gitlab_rails['gitlab_shell_ssh_port'] = 8822

            gitlab_rails['ldap_enabled'] = true
            gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
              main: # 'main' is the GitLab 'provider ID' of this LDAP server
                label: 'example.com'
                host: 'sso.example.com'
                port: 20018
                uid: 'uid'
                method: 'ssl' # "tls" or "ssl" or "plain"
                bind_dn: 'cn=admin,dc=example,dc=com'
                password: '123123123'
                active_directory: false
                allow_username_or_email_login: true
                verify_certificates: false
                base: 'ou=People,dc=example,dc=com'
                sync_ssh_keys: true
            EOS
            gitlab_rails['omniauth_providers'] = [
              { 'name' => 'openid_connect',
                'label' => 'sso.example.com',
                'args' => {
                  'name' => 'openid_connect',
                  'scope' => ['openid','profile'],
                  'response_type' => 'code',
                  # realm url
                  'issuer' => 'https://sso.example.com:8843/auth/realms/example.com',
                  #Gitlab fetch all the endpoints from
                  #https://<keycloak-url>/auth/realms/<realm>/.well-known/openid-configuration
                  'discovery' => true,
                  'client_auth_method' => 'basic',
                  #Client Configuration
                  'client_options' => {
                     'identifier' => 'git.example.com',
                     'secret' => 'asdfasdfasdf-423dsf-saf324-dafa432-asdf89sd7a',
                     'redirect_uri' => 'http://git.example.com/users/auth/openid_connect/callback'
                  }
                }
              }
            ]
    ports:
        - '80:80'
        - '443:443'
        - '8822:22'
    volumes:
        - '/opt/www/git.example.com/config:/etc/gitlab'
          #- '/opt/www/git.example.com/gitlab.rb:/etc/gitlab/gitlab.rb'
        - '/opt/www/git.example.com/logs:/var/log/gitlab'
        - '/opt/www/git.example.com/data:/var/opt/gitlab'
        - '/etc/resolv.conf:/etc/resolv.conf:ro'
    networks:
        gitnet:
            ipv4_address: 10.79.79.79
    extra_hosts:
        - "sso:192.168.185.56"
However, I can only access using http not https. I tried following: 
root@git:/# gitlab-rails console
--------------------------------------------------------------------------------
 GitLab:       13.0.6 (5aa982e01ea) FOSS
 GitLab Shell: 13.2.0
 PostgreSQL:   11.7
--------------------------------------------------------------------------------
Loading production environment (Rails 6.0.3)
irb(main):001:0> Gitlab::Application.routes.default_url_options
=> {:host=>"git.example.com", :protocol=>"http", :script_name=>""}

Here is the content of config/ssl:

-rw-r--r-- 1 root root 1647 Jun 17 15:19 chain.pem
-rw-r--r-- 1 root root  769 Jun 17 09:25 dhparam.pem
-rw-r--r-- 1 root root 3542 Jun 17 06:59 fullchain.pem
-rw-r--r-- 1 root root 1310 Jun 17 02:21 git.example.com.crt
-rw-r--r-- 1 root root 1679 Jun 17 02:21 git.example.com.key
drw-r--r-- 2 root root 4096 Jun 17 02:16 old
-rw------- 1 root root 1708 Jun 17 06:59 privkey.pem

I used let’s encrypt to get my wildcard certificate. My server can’t connect internet, so I can’t use let’s encrypt module.

I even converted the config in docker-compose.yml to gitlab.rb and saved into config. Still, no effect.