GitLab using docker-compose behind a Nginx Reverse proxy


I have been working on this on and off for the past week. I have a Docker container running GitLab on my home network using docker compose. I run a few services on my home network, so I was trying to put it behind an Nginx reverse proxy. The issue I think I am running into is that I don’t have a DNS route or Domain name for the gitlab instance. I only have its IP address and it the port number I can reference it by.

I keep getting “502 Bad Gateway” errors when Nginx tries to pass the connection. Here is the error log from my Nginx Error log.

2019/05/05 14:23:52 [error] 19172#0: *2238 recv() failed (104: Connection reset by peer) while reading response header from upstream, client:, server:, request: "GET /favicon.ico HTTP/1.1", upstream: "", host: "", referrer: ""

This is my Nginx confiuration.

    server {
            listen [::]:80 ipv6only=on;
            server_name; ## Replace this with something like
            location / {
                    proxy_set_header    Host                $http_host;
                    proxy_set_header    X-Real-IP           $remote_addr;
                    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
                    proxy_set_header    X-Forwarded-Proto   $scheme;
    server {
            listen ssl;
            listen [::]:443 ipv6only=on ssl default_server;
            server_name; ## Replace this with something like
            server_tokens off; ## Don't show the nginx version number, a security best practice
            root /opt/gitlab/embedded/service/gitlab-rails/public;
            ssl on;
            ssl_certificate /etc/nginx/ssl/gitlab.crt;
            ssl_certificate_key /etc/nginx/ssl/gitlab.key;
            ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
            ssl_prefer_server_ciphers on;
            ssl_session_cache shared:SSL:10m;
            ssl_session_timeout 5m;
            access_log  /var/log/nginx/gitlab_access.log;
            error_log   /var/log/nginx/gitlab_error.log;
            location / {
                    client_max_body_size 0;
                    gzip off;
                    proxy_read_timeout      300;
                    proxy_connect_timeout   300;
                    proxy_redirect          off;
                    proxy_http_version 1.1;
                    proxy_set_header    Host                $http_host;
                    proxy_set_header    X-Real-IP           $remote_addr;
                    proxy_set_header    X-Forwarded-Ssl     on;
                    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
                    proxy_set_header    X-Forwarded-Proto   $scheme;

And this is my Docker compose file.

	   image: 'gitlab/gitlab-ce:latest'
	   restart: always
	   hostname: ''
		   external_url ''
		   gitlab_rails['gitlab_shell_ssh_port'] = 2224
		   letsencrypt['enabled'] = false
		   nginx['enable'] = true
		   nginx['redirect_http_to_https'] = false
		   # Reverse proxy nginx config
		 - '9080:80'
		 - '2224:22'
		 - '/var/lib/gitlab/config:/etc/gitlab'
		 - '/var/lib/gitlab/logs:/var/log/gitlab'
		 - '/var/lib/gitlab/data:/var/opt/gitlab'

Can anyone please look this over and let me know if I am missing anything. If you guys/girls need any more information pelase let me know and I do my best to get it for you.

Many thanks,

Did you fixed this?

I’m having exact the same problem.


Did you manage to solve it?

You need to change your docker-compose configuration as followed:

external_url must be set to the url of your nginx reverse proxy:
external_url ‘

As the bundled Nginx in gitlab now tries to set up on port 443, you need to change this to the desired docker port:
nginx[‘listen_port’] = 9080

you might want to disable https on the internal docker webserver, if you’re running the reverse proxy and the gitlab inside a trusted network:
nginx[‘listen_https’] = false

If you’re doing this, change your Nginx proxy_pass to use plain http