I’m running gitlab-ce under rancher and I use nfs-convoy to handle the volumes. Drone is used for CI, drone is also running in the same environment, so that both gtilab and drone has ssl-termination done by the same rancher-lb(haproxy).
Gitlab does not accept the certificate used by drone, even though it is a comodo signed certificate. Both gitlab and drone use the same wildcard ssl, so I imagine this can cause some strange issues, that or gitlab doesn’t know how to handle wildcard certificates in its current configuration.
A workaround to the ssl-verification failure was to add the CA to the ‘trusted-certs’-folder in the ‘/etc/gitlab’-volume. This works just fine until I upgrade (re-create) the container, where it seems that the gitlab configuration skips the certificate-file. I found that for me to make this work after a upgrade, I have to delete the symlink created by gitlab in the trusted-certs folder. The logs still tell me the cert is still ignored, but the symlink is recreated and it works again.
It seems to me that there may be some linking that fails within the gitlab-container. Is there a more elegant workaround than to delete a symlink every time I have to upgrade?