Runner Debug Websocket behind Nginx Reverse Proxy

I’m running the omnibus GitLab Docker image behind a Nginx reverse proxy. The only feature I don’t get to work is the “Debug” button on a running job page. Clicking it yields “connection failure”, the devtools log “400 bad request”. The runners are Docker executors as well.

There’s nothing fancy about the install, I followed the web terminal instructions and instructions to enable websockets on the reverse proxy.

The session server is configured as follows:

  listen_address = "[::]:8093"
  advertise_address = ""
  session_timeout = 600

The gitlab_runner container exposes port 8093, here’s the related config on the Nginx reverse proxy:

http {
  upstream gitlab_websocket {

  map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;

server {
  listen 443 ssl;
  listen [::]:443 ssl;

  location ~ /terminal\.ws$ {
    proxy_pass http://gitlab_websocket;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
    proxy_set_header Host $host;

I don’t really know where to look for more details, the logs of the runner container doesn’t show anything useful. Maybe the websocket config on the reverse proxy is faulty, I can’t find any examples out there.

Maybe someone has a similar setup working? Any help is very welcome and appreciated!

Update – I’ve just identified a possible cause, however, I’m not sure whether I get this right. AFAIK, the session server creates a self-signed TLS cert for every session. However, the reverse proxy is currently handling all traffic on the main domain “” which uses a Let’s Encrypt cert. This certainly sounds like trouble. I’ll add separate server on the reverse proxy “”, use this as “advertise_address” and see what happens. → No dice, this setup doesn’t log any http status error anymore in the devtools, but the “Firefox can’t establish a connection to the server at wss://” remains and the terminal still fails to connect.