Post net/http: TLS handshake timeout

I am running a local gitlab-runner as a docker container:

docker run -d --name --restart always \                                                           
  -v /srv/ \
  -v /var/run/docker.sock:/var/run/docker.sock \

I registered the runner with a specific group on like this:

docker run --rm -t -i \                                                                                             
  -v /srv/ \
  --name \       
  gitlab/gitlab-runner:latest register \
  --non-interactive \
  --executor "docker" \
  --docker-image alpine:3 \
  --url "" \
  --registration-token "MY_GROUP_REG_TOKEN" \
  --description "docker-runner" \
  --tag-list "docker" \
  --run-untagged \

Then I disabled the use of shared runners for that group in an effort to force it to use this locally running gitlabl-runner. Unfortunately, I only saw this output from the gitlab-runner when a job should have started to run:

2018-10-23T07:42:59.358770721Z ERROR: Failed to load config stat /etc/gitlab-runner/config.toml: no such file or directory  builds=0
2018-10-23T07:43:02.359968362Z Configuration loaded                                builds=0
2018-10-23T09:44:11.685735340Z WARNING: Checking for jobs... failed                runner=29950a87 status=couldn't execute POST against Post net/http: TLS handshake timeout

The pipeline appears stalled and no log output is shown on Is there any way I could get more info to get to the source of this problem?


Ok, this was very likely a problem with my setup. I changed the runner to be executed “natively” rather than inside a docker container, because I was feeling like being in the movie Inception, with a docker container running in a docker container running in a docker container…

Possibly unrelated (?), but I also had forgotten about WireGuard, which I had installed a while ago on that same machine and it may have interfered with the communication of my gitlab-runner. I noticed this from the IP that was showing for the runner info on

Lastly, I also removed all tags from the runner, even though it was registered with --run-untagged, I wasn’t sure if that could be a problem and I don’t really need any tags for this runner right now.

1 Like

Holy cow, I had also totally forgotten about WireGuard. That just relieved me from my 4h+ googling. Thanks a million :smile::+1: