Hey,
I am currently facing a weird issue. It seems that GitLab is redirecting http to the https port although I disabled it in the gitlab.rb
My goal is the following:
I want to run GitLab behind a reversed proxy. Both sides are maintained via docker-compose
But I cannot reach gitlab by any config. The reversed proxy shows me a “503 Service Temporarilly unavailable”
First of all, even if I am running “curl -v -L 127.0.0.1” inside the GitLab docker it redirects me to the port 443 which gives me a “Connection refused”
* Rebuilt URL to: 127.0.0.1/
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 80 (#0)
> GET / HTTP/1.1
> Host: 127.0.0.1
> User-Agent: curl/7.59.0
> Accept: */*
>
< HTTP/1.1 302 Found
< Server: nginx
< Date: Thu, 30 Aug 2018 19:45:48 GMT
< Content-Type: text/html; charset=utf-8
< Content-Length: 97
< Connection: keep-alive
< Cache-Control: no-cache
< Location: https://127.0.0.1/users/sign_in
< X-Content-Type-Options: nosniff
< X-Frame-Options: DENY
< X-Request-Id: e7f151d3-2090-4ce7-9118-8b0285596075
< X-Runtime: 0.009960
< X-Ua-Compatible: IE=edge
< X-Xss-Protection: 1; mode=block
< Strict-Transport-Security: max-age=31536000
<
* Ignoring the response-body
* Connection #0 to host 127.0.0.1 left intact
* Issue another request to this URL: 'https://127.0.0.1/users/sign_in'
* Trying 127.0.0.1...
* TCP_NODELAY set
* connect to 127.0.0.1 port 443 failed: Connection refused
* Failed to connect to 127.0.0.1 port 443: Connection refused
* Closing connection 1
curl: (7) Failed to connect to 127.0.0.1 port 443: Connection refused
I get the same result if I run a curl to the gitlab container inside the reverse proxy container
I changed the following lines in the gitlab.rb
external_url 'https://gitlab.<domain>'
gitlab_rails['trusted_proxies'] = ['172.19.0.2'] #the proxyip in the docker network
nginx['redirect_http_to_https'] = false #normally it is nil; even put it to false -> no result
nginx['listen_addresses'] = ['0.0.0.0', '[::]'] #so gitlab will listen to everything -> enabled this for testing reasons
nginx['listen_port'] = 80 #reverseproxy handles https but communicates over http with gitlab
nginx['listen_https'] = false
nginx['proxy_set_headers'] = {
"X-Forwarded-Proto" => "https",
"X-Forwarded-Ssl" => "on"
}
Note that the reverse proxy(jwilder) and gitlab should communicate over http and not over https! https is handled via the reverse proxy. And this would work if gitlab wouldn’t redirect itself to https again. (see curl above)
I would really appreciate your help regarding this topic!