Does anyone know what the actual proper setup is to run GitLab with Docker behind an Apache reverse proxy? I can get GitLab to run, but there are always quirks and compromises.
To get GitLab running via Docker, I run this:
sudo docker run --detach --name gitlab \
--hostname git.mydomain.com \
--publish 30080:30080 \
--publish 2022:22 \
--env GITLAB_OMNIBUS_CONFIG="external_url 'http://git.mydomain.com:30080'; gitlab_rails['gitlab_shell_ssh_port']=22;" \
--restart always \
--volume /mnt/drive/git.mydomain.com/config:/etc/gitlab \
--volume /mnt/drive/git.mydomain.com/logs:/var/log/gitlab \
--volume /mnt/drive/git.mydomain.com/data:/var/opt/gitlab \
gitlab/gitlab-ce:latest
Then I setup the Apache reverse proxy like this:
<VirtualHost *:443>
ServerName git.mydomain.com
ServerAlias git.mydomain.com
LogLevel info
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/git.mydomain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/git.mydomain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/git.mydomain.com/chain.pem
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://localhost:30080/$1 [P,QSA,NE]
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
RewriteRule /(.*) http://localhost:30080/$1 [P,QSA,NE]
AllowEncodedSlashes NoDecode
ProxyRequests Off
ProxyPass / http://localhost:30080/ nocanon
ProxyPassReverse / http://localhost:30080/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>
# FORWARD FROM 80 TO 443
<virtualhost *:80>
ServerName git.mydomain.com
ServerAlias git.mydomain.com
RewriteEngine on
ReWriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [P,QSA,NE]
</VirtualHost>
Then, I go into GitLab’s config:
docker exec -it gitlab bash
And edit /etc/gitlab/gitlab.rb, where I update the SMTP settings, set the external URL to “http://localhost:30080”
Then run:
gitlab-ctl reconfigure
And voila, GitLab is running. When I go to https://git.mydomain.com. However, all of my instructions and clone URLs in projects show up like this:
http://git.mydomain.com:80030/nick/my-project.git
Also, the WebIDE fails to load project files when I try opening it in a project.
So, I then edit: /var/opt/gitlab/gitlab-rails/etc/gitlab.yml, changing these lines:
## Web server settings (note: host is the FQDN, do not include http://)
host: git.mydomain.com
port: 30080
https: false
To this:
## Web server settings (note: host is the FQDN, do not include http://)
host: git.mydomain.com
port: 443
https: true
And run:
gitlab-ctl restart
Fine and dandy, the clone URLs are updated and the WebIDE works. Everything seems great… until I log out. Because if I try logging back in, I receive a 422 error.
Am I missing something here? Is it possible to have the correct URLs show up within the app and avoid this login error, and have the WebIDE work? I’m starting to think that GitLab can’t run correctly with an Apache/Docker setup. Please prove me wrong! Thanks!