i am trying to get the following use case implemented:
Web access for Gitlab-ce only via https, run as a docker container, with a domestically (distributed) CA certificate and server key/certificate pair.
I have gitlab-ce running as a docker container (gitlab/gitlab-ce:latest). At the moment the web access is through port 80. It is very beautiful, works wonderfully. The PKI part (public key infrastructure) runs nicely, i have CA signed server certificates ready, the right spots to put them etc. Tested and ok.
The exact gitlab-ce configuration for https access though is a bit hard to extract from the nice copious and scattered about references everywhere, that elude my comprehension apparently, for i can’t get https configuration working one way or another. I can see gitlab-ce picking up the certificates in the absence of errors in the logs, it just isn’t serving under https - site is unreachable.
My setup is:
docker: ports 80:80 (http; docker server port: container port) and 6443:443 (https) for my local domain are and should be accessible (firewall open/filtered).
In /etc/gitlab/config/gitlab.rb i think i have to do the following:
I am assuming here that the docker host port should be used, not the container’s port.
But is that correct?
I am also not sure about what to configure next.
Should i edit the nginx part like so:
nginx[‘enable’] = true
nginx[‘listen_port’] = 6443
Or should that be 443 (as docker maps 6443 host side to 443 container side)?
letsencrypt[‘enable’] = false
nginx[‘ssl_certificate’] = “/etc/gitlab/ssl/mynicegitlab-ce.dingus/mynicegitlab-ce.dingus.crt”
nginx[‘ssl_certificate_key’] = “/etc/gitlab/ssl/mynicegitlab-ce.dingus/mynicegitlab-ce.dingus.key”
nginx[‘enable’] = true
nginx[‘client_max_body_size’] = ‘250m’
If i do that, nothing works any more. I have tried about every configuration with these ingredients. Nothing works.
A nice little button in the admins interface came up one night trying to find a solution, in a dream - that did say ‘do you want to run gitlab-ce (as docker container) under https like everybody should? Press this little button’. Instead i know this can be done, but it is just not so easy.
Is my docker setup to blame, or is it the gitlab-ce nginx/external_url confusion, or am i missing some obscure setting?
Can somebody please help me with a hint?