I’m running the omnibus GitLab Docker image behind a Nginx reverse proxy. The only feature I don’t get to work is the “Debug” button on a running job page. Clicking it yields “connection failure”, the devtools log “400 bad request”. The runners are Docker executors as well.
There’s nothing fancy about the install, I followed the web terminal instructions and instructions to enable websockets on the reverse proxy.
The session server is configured as follows:
[session_server]
listen_address = "[::]:8093"
advertise_address = "gitlab.mydomain.com:443"
session_timeout = 600
The gitlab_runner container exposes port 8093, here’s the related config on the Nginx reverse proxy:
http {
upstream gitlab_websocket {
server 127.0.0.1:8093;
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
}
server {
server_name gitlab.mydomain.com;
listen 443 ssl;
listen [::]:443 ssl;
(...)
location ~ /terminal\.ws$ {
proxy_pass http://gitlab_websocket;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
}
}
I don’t really know where to look for more details, the logs of the runner container doesn’t show anything useful. Maybe the websocket config on the reverse proxy is faulty, I can’t find any examples out there.
Maybe someone has a similar setup working? Any help is very welcome and appreciated!
Update – I’ve just identified a possible cause, however, I’m not sure whether I get this right. AFAIK, the session server creates a self-signed TLS cert for every session. However, the reverse proxy is currently handling all traffic on the main domain “gitlab.mydomain.com” which uses a Let’s Encrypt cert. This certainly sounds like trouble. I’ll add separate server on the reverse proxy “gitlab-runner.mydomain.com:8093”, use this as “advertise_address” and see what happens. → No dice, this setup doesn’t log any http status error anymore in the devtools, but the “Firefox can’t establish a connection to the server at wss://gitlab.mydomain.com/xxx/yyy/-/jobs/123/terminal.ws” console.info remains and the terminal still fails to connect.