I am running gitlab-ce on a server behind a router/firewall and trying to access externally it via a non standard port
As I already have another machine running on https port 443 I want to run the gitlab instance on a different https port and using letsencrypt certificates generated elsewhere and copied across.
Gitlab runs on a local IP 10.0.0.220 No firewall local setup - only currently on router (trying to isolate issues)
I have an external hostname gitlab.mydomain.com pointing to the static IP on the router
The router is set to port forward external.ip:4443 -> 10.0.0.220:4443
As per the docs I set (everything else is default):
I can connect on the local IP https://10.0.0.220:4443 This shows the letsencrypt certificate is loaded.
(Browser shows: “This server could not prove that it is 10.0.0.220; its security certificate is from mydomain.com”)
A couple of issues.
I cannot connect from an external site to https://gitlab.mydomain.com:4443
I can see the router passing packets from external to the internal IP but get this in Firefox:
In the bottom bar it says 'performing TLS handshake and then
“Secure Connection Failed
The connection to the server was reset while the page was loading.
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.”
Unfortunately to compound this issue I can see the nginx standard access_log which shows data when accessing from the local IP, but I can’t see ANY nginx logging at all for external sites, so it is proving impossible to track down where the issue lies.
If I add this to gitlab.rb
nginx[‘redirect_http_to_https’] = true
root@gitlab:~# netstat -tan | grep 4443
tcp 0 0 0.0.0.0:4443 0.0.0.0:* LISTEN
tcp 0 0 10.0.0.220:4443 192.168.10.20:39920 ESTABLISHED
I’ve hunted though here for answers but still come up stuck
Tried the following in gitlab.rb
This should be able to be modified from the template:
log_format gitlab_access ‘<%= @gitlab_access_log_format %>’;
but seems it is ignored - I added the $ssl bits, but it never gets expanded to nginx.conf
nginx[‘gitlab_access_log_format’] = ‘$remote_addr - $remote_user [$time_local] $ssl_protocol/$ssl_cipher “$request_method $filtered_request_uri $server_protocol” $status $body_bytes_sent “$filtered_http_referer” “$http_user_agent”’
I’ve seen some comments about adding the external IP to /etc/hosts ?
Current hosts file is:
root@gitlab:~# cat /etc/hosts
127.0.1.1 gitlab.mydomain.com gitlab
Any help or suggestions gratefully received. I’m sure the solution is dead simple but it’s like banging my head agains a wall !!