Gitlab Runner docker behind reverse proxy: wrong url with port

gabrielctn · October 2, 2023, 12:08pm

I have a docker-composed self-hosted Gitlab + Gitlab-runner instance running behind a reverse proxy.
Here is the docker-compose.yml:

version: '3.7'
services:
  web:
    image: 'gitlab/gitlab-ce:latest'
    restart: always
    hostname: 'gitlab.domain'
    container_name: gitlab
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        external_url 'http://gitlab.domain:8282'
        gitlab_sshd['listen_address'] = '[::]:2222'
        gitlab_sshd['enable'] = true
        gitlab_sshd['proxy_protocol'] = true
        gitlab_sshd['proxy_policy'] = "use"
        gitlab_rails['gitlab_shell_ssh_port'] = 2222
    ports:
      - '8282:8282'
      - '2222:22'
    volumes:
      - '$GITLAB_HOME/config:/etc/gitlab'
      - '$GITLAB_HOME/logs:/var/log/gitlab'
      - '$GITLAB_HOME/data:/var/opt/gitlab'
    shm_size: '256m'
    networks:
      - gitlab
  gitlab-runner:
    image: gitlab/gitlab-runner:alpine
    container_name: gitlab-runner
    restart: always
    depends_on:
      - web
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - '$GITLAB_HOME/gitlab-runner:/etc/gitlab-runner'
    networks:
      - gitlab

networks:
  gitlab:
    name: gitlab-network

And the gitlab-runner/config.toml:

concurrent = 1
check_interval = 0
shutdown_timeout = 0

[session_server]
  session_timeout = 1800

[[runners]]
  name = "Shared runner"
  url = "http://gitlab.domain:8282"
  id = 9
  token = "glrt-WxjyLbhgsX3Qm3bKRPS-"
  token_obtained_at = 2023-10-02T12:12:28Z
  token_expires_at = 0001-01-01T00:00:00Z
  executor = "docker"
  [runners.cache]
    MaxUploadedArchiveSize = 0
  [runners.docker]
    tls_verify = false
    image = "ubuntu:22.04"
    privileged = false
    disable_entrypoint_overwrite = false
    oom_kill_disable = false
    disable_cache = false
    volumes = ["/cache"]
    shm_size = 0

When I use the web interface to create a new runner, when I click on “New instance runner” it redirects to this url to which it adds the port 8282: “https://gitlab.domain:8282/admin/runners/8/register?platform=linux”
when I remove the port manually in the url then it goes to the right page.

During building pipelines setup with the runner, when it needs to git clone the URL it returns an error because it was unable to access the URL (in which there is also the port, that’s why):

fatal: unable to access 'http://gitlab.domain:8282/cretin/medusa.git/': Failed to connect to gitlab.domain port 8282 after 130896 ms: Couldn't connect to server

Server version:

Gitlab runner:

root@www # docker exec -it gitlab-runner bash
4c9834be7826:/# gitlab-runner --version
Version:      16.4.0
Git revision: 6e766faf
Git branch:   refs/pipelines/1015573085
GO version:   go1.20.5
Built:        2023-09-25T11:27:40+0000
OS/Arch:      linux/amd64

Is it a bug or I need to configure something ?

gabrielctn · October 3, 2023, 11:13am

Ok so I finally solved my issues, I removed the port from the external_url and set nginx['listen_port'] = 8282 instead. This solves the first issue about the “New instance runner” wrong redirection.
Here is the final docker-compose.yml:

version: '3.7'
services:
  web:
    image: 'gitlab/gitlab-ce:latest'
    restart: always
    container_name: gitlab
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        external_url 'http://gitlab.domain'
        nginx['listen_port'] = 8282
        gitlab_sshd['listen_address'] = '[::]:2222'
        gitlab_sshd['enable'] = true
        gitlab_sshd['proxy_protocol'] = true
        gitlab_sshd['proxy_policy'] = "use"
        gitlab_rails['gitlab_shell_ssh_port'] = 2222
    ports:
      - '8282:8282'
      - '2222:22'
    volumes:
      - '$GITLAB_HOME/config:/etc/gitlab'
      - '$GITLAB_HOME/logs:/var/log/gitlab'
      - '$GITLAB_HOME/data:/var/opt/gitlab'
    shm_size: '256m'
    networks:
      - gitlab
  gitlab-runner:
    image: gitlab/gitlab-runner:alpine
    container_name: gitlab-runner
    restart: always
    depends_on:
      - web
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - '$GITLAB_HOME/gitlab-runner:/etc/gitlab-runner'
    networks:
      - gitlab

networks:
  gitlab:
    name: gitlab-network

And the new gitlab-runner/config.toml:

concurrent = 1
check_interval = 0
shutdown_timeout = 0

[session_server]
  session_timeout = 1800

[[runners]]
  name = "Shared Runner"
  url = "https://gitlab.domain"
  id = 15
  token = "glrt-NmHnR1m-g9qQ3SFzMBJH"
  token_obtained_at = 2023-10-03T10:15:26Z
  token_expires_at = 0001-01-01T00:00:00Z
  executor = "docker"
  clone_url = "https://gitlab.domain"
  [runners.docker]
    tls_verify = false
    image = "alpine:latest"
    privileged = true
    disable_entrypoint_overwrite = false
    oom_kill_disable = false
    disable_cache = false
    volumes = ["/cache"]
    network_mode = "gitlab-network"
    shm_size = 0

I had to add privileged = true and since I have a custom network in the docker-compose file, I must set the runners to use it, so I set network_mode = "gitlab-network". I also need to set clone_url = "https://gitlab.domain" otherwise the runner is unable to clone the repo correctly…
Now everything works fine.