GitLab using docker-compose behind a Nginx Reverse proxy

Hello,

I have been working on this on and off for the past week. I have a Docker container running GitLab on my home network using docker compose. I run a few services on my home network, so I was trying to put it behind an Nginx reverse proxy. The issue I think I am running into is that I don’t have a DNS route or Domain name for the gitlab instance. I only have its IP address and it the port number I can reference it by.

I keep getting “502 Bad Gateway” errors when Nginx tries to pass the connection. Here is the error log from my Nginx Error log.

2019/05/05 14:23:52 [error] 19172#0: *2238 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 67.23.232.183, server: git.domain.com, request: "GET /favicon.ico HTTP/1.1", upstream: "http://192.168.11.110:9080/favicon.ico", host: "git.domain.com", referrer: "http://git.domain.com/"

This is my Nginx confiuration.

    server {
            listen 0.0.0.0:80;
            listen [::]:80 ipv6only=on;
            server_name git.domain.com; ## Replace this with something like gitlab.example.com
            location / {
                    proxy_set_header    Host                $http_host;
                    proxy_set_header    X-Real-IP           $remote_addr;
                    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
                    proxy_set_header    X-Forwarded-Proto   $scheme;
                    proxy_pass http://192.168.11.110:9080;
            }
    }
    server {
            listen 0.0.0.0:443 ssl;
            listen [::]:443 ipv6only=on ssl default_server;
            server_name git.domain.com; ## Replace this with something like gitlab.example.com
            server_tokens off; ## Don't show the nginx version number, a security best practice
            root /opt/gitlab/embedded/service/gitlab-rails/public;
            ssl on;
            ssl_certificate /etc/nginx/ssl/gitlab.crt;
            ssl_certificate_key /etc/nginx/ssl/gitlab.key;
            ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:
    AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
            ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
            ssl_prefer_server_ciphers on;
            ssl_session_cache shared:SSL:10m;
            ssl_session_timeout 5m;
            access_log  /var/log/nginx/gitlab_access.log;
            error_log   /var/log/nginx/gitlab_error.log;
            location / {
                    client_max_body_size 0;
                    gzip off;
                    proxy_read_timeout      300;
                    proxy_connect_timeout   300;
                    proxy_redirect          off;
                    proxy_http_version 1.1;
                    proxy_set_header    Host                $http_host;
                    proxy_set_header    X-Real-IP           $remote_addr;
                    proxy_set_header    X-Forwarded-Ssl     on;
                    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
                    proxy_set_header    X-Forwarded-Proto   $scheme;
                    proxy_pass https://192.168.11.110:9080;
            }
    }

And this is my Docker compose file.

	web:
	   image: 'gitlab/gitlab-ce:latest'
	   restart: always
	   hostname: 'git.domain.com'
	   environment:
		 GITLAB_OMNIBUS_CONFIG: |
		   external_url 'https://192.168.11.110:9080'
		   gitlab_rails['gitlab_shell_ssh_port'] = 2224
		   letsencrypt['enabled'] = false
		   nginx['enable'] = true
		   nginx['redirect_http_to_https'] = false
		   # Reverse proxy nginx config
	   ports:
		 - '9080:80'
		 - '2224:22'
	   volumes:
		 - '/var/lib/gitlab/config:/etc/gitlab'
		 - '/var/lib/gitlab/logs:/var/log/gitlab'
		 - '/var/lib/gitlab/data:/var/opt/gitlab'

Can anyone please look this over and let me know if I am missing anything. If you guys/girls need any more information pelase let me know and I do my best to get it for you.

Many thanks,

Did you fixed this?

I’m having exact the same problem.

Hello,

Did you manage to solve it?

You need to change your docker-compose configuration as followed:

external_url must be set to the url of your nginx reverse proxy:
external_url ‘https://git.domain.com

As the bundled Nginx in gitlab now tries to set up on port 443, you need to change this to the desired docker port:
nginx[‘listen_port’] = 9080

you might want to disable https on the internal docker webserver, if you’re running the reverse proxy and the gitlab inside a trusted network:
nginx[‘listen_https’] = false

If you’re doing this, change your Nginx proxy_pass to use plain http
proxy_pass http://192.168.11.110:9080;

3 Likes