Gitlab-pages with OMNIBUS (docker-compose) behind a nginx proxy

mchupin · September 21, 2023, 7:13am

Hi,

I’m trying to configure a gitlab instance behind a nginx proxy. Unfortunately, I have some problems for setting the gitlab-pages.

My server has not only gitlab, so gitlab is on a subdomain gitlab.exemple.fr, and I’m trying to set the pages on the domain docs.exemple.fr (maybe not the right way). That also why I’ve set a non-standard port for ssh.

Here is my docker-compose file:

# docker-compose.yml
version: '3.7'
services:
  web:
    image: 'gitlab/gitlab-ee:latest'
    restart: always
    hostname: 'gitlab.exemple.fr'
    container_name: gitlab-ee
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        external_url 'https://gitlab.exemple.fr'
        gitlab_rails['smtp_enable'] = true
        gitlab_rails['smtp_address'] = "172.20.0.1" # local ip of the host 
        gitlab_rails['smtp_port'] = 25
        gitlab_rails['smtp_enable_starttls_auto'] = false
        gitlab_rails['smtp_tls'] = false
        gitlab_rails['smtp_domain'] = 'exemple.fr'
        nginx['listen_port'] = 80
        nginx['listen_https'] = false
        gitlab_rails['gitlab_email_from'] = 'gitlab@exemple.fr'
        gitlab_rails['gitlab_email_display_name'] = 'Gitlab Exemple'
        gitlab_rails['time_zone'] = 'Europe/Paris'
        gitlab_rails['gitlab_shell_ssh_port'] = 31022
        gitlab_pages['enable'] = true
        pages_nginx['enable'] = true
        pages_nginx['redirect_http_to_https'] = true
        pages_nginx['ssl_certificate'] = "/etc/cert/ssl/cert.pem"
        pages_nginx['ssl_certificate_key'] = "/etc/cert/ssl/privkey.pem"
        pages_external_url "http://docs.exemple.fr"
    ports:
      - 31443:443
      - 31080:80
      - 31022:22
    volumes:
      - '/opt/gitlab/config:/etc/gitlab'
      - '/opt/gitlab/logs:/var/log/gitlab'
      - '/opt/gitlab/data:/var/opt/gitlab'
    networks:
      - gitlab
  gitlab-runner:
    image: gitlab/gitlab-runner:alpine
    container_name: gitlab-runner
    restart: always
    depends_on:
      - web
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - '/opt/gitlab-runner:/etc/gitlab-runner'
    networks:
      - gitlab
    deploy:
      resources:
        limits:
          cpus: '0.5'
          memory: 4G

networks:
  gitlab:
    name: gitlab-network

I’ve set the nginx proxy for gitlab.exemple.fr:

server {
    listen [::]:443 ssl;
    listen 443 ssl;

    server_name gitlab.exemple.fr;

    location / {
        include proxy_params;
        proxy_pass http://127.0.0.1:31080;
    }
    client_max_body_size 200m;
    ssl_certificate /etc/letsencrypt/live/gitlab.exemple.fr/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/gitlab.exemple.fr/privkey.pem; # managed by Certbot
}

Everything is working, and one of my pipelines builds html pages, and the deploy shows me the “right” url: http://<user>.docs.exemple.fr/<repo>.

I’m trying to configure the nginx proxy:

upstream gitlab-pages{
    server 127.0.0.1:8090;
}


server {
  listen 80;
  server_name docs.exemple.fr;
  access_log  /var/log/nginx/gitlabpages.access.log;
  location / {
    proxy_pass http://gitlab-pages;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;

    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forward-Proto http;
    proxy_set_header X-Nginx-Proxy true;

    proxy_redirect off;

  }
}

The DNS (with OVH) is configured for both gitlab and docs subdomain of course.

Where am I doing wrong? (I would also like the pages to be https)

Thanks.

mchupin · September 25, 2023, 9:46am

I tried that nginx config, but I get a “Bad Gateway” with connect() failed (111: Connection refused) .

upstream gitlab-pages{
    server 127.0.0.1:8090;
  }


server {
        listen 80;
        listen [::]:80;
        server_name ~^(?<subdomain>.+)\.docs\.exemple\.fr;

        access_log /var/log/nginx/gitlabpages-access.log;
        error_log /var/log/nginx/gitlabpages-error.log;


        location / {
                 include proxy_params;
                 proxy_pass http://gitlab-pages;
                 proxy_redirect     off;
                 proxy_set_header   Host $host;
                 proxy_set_header   X-Real-IP $remote_addr;
                 proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
                 proxy_set_header   X-Forwarded-Host $server_name;
      }
}

server {
        listen 80;
        listen [::]:80;
        server_name docs.exemple.fr;

        access_log /var/log/nginx/gitlabpages-access.log;
        error_log /var/log/nginx/gitlabpages-error.log;

        location / {
                 include proxy_params;
                 proxy_pass http://gitlab-pages;
                 proxy_redirect     off;
                 proxy_set_header   Host $host;
                 proxy_set_header   X-Real-IP $remote_addr;
                 proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
                 proxy_set_header   X-Forwarded-Host $server_name;
        }
}

Bodo · September 25, 2023, 10:37am

Hi,
try trailing slashes in URLs

mchupin · September 25, 2023, 11:23am

Sorry but I do not know what it means…

Bodo · September 25, 2023, 12:05pm

http://something

With trailing slash

http://something/

mchupin · September 25, 2023, 12:28pm

Same problem. The error is the following:

2023/09/25 14:25:21 [error] 1245864#1245864: *2250651 connect() failed (111: Connection refused) while connecting to upstream, client: xxx.xxx.xxx.xxx, server: ~^(?<subdomain>.+)\.docs\.exemple\.fr, request: "GET /faq-gut HTTP/1.1", upstream: "http://127.0.0.1:8090/REPO", host: "USER.docs.gutenberg-asso.fr"

where REPO is the git repository name, and USER is the owner. I’m not sure about what should be given to http://127.0.0.1:8090…

Topic		Replies	Views
GItlab Pages configuration How to Use GitLab pages , gitlab-pages	2	735	September 29, 2023
Configuration on port 80 or 443 with omnibus on docker How to Use GitLab	1	1587	January 30, 2020
Pages SSL activate Self-managed ssl , gitlab-pages	2	556	November 23, 2022
Community Edition, Pages, and Docker-Compose How to Use GitLab	1	5302	June 8, 2018
Trouble Setting up Gitlab locally with connection encryption (TLS) self signed How to Use GitLab community , docker , omnibus , ssl	0	853	November 6, 2020

Gitlab-pages with OMNIBUS (docker-compose) behind a nginx proxy

Related topics