Synology Docker instance with reverse proxy troubles

Hello all,

I’ve setup a docker and GitLab instance on my Synology NAS using this tutorial:

https://mlohr.com/gitlab-on-a-diskstation/

I also followed “Further considerations” instructions to setup a reverse proxy to enable SSL and access to my GitLab instance.

So far so good… and everything works as expected.

Next, I followed these instructions posted on the GitLab site to enable OAuth using Github.com

https://docs.gitlab.com/ee/integration/github.html

The instructions were simple enough, but I’m not able to authenticate from the redirect.

Steps for me to reproduce the problem:
Open web browser and enter address “https://git.example.com” -> site login page opens
click “github” button in the “sign in with” dev box. -> opens github.com login page
successfully authenticate with github.com -> redirects the token back to my site

Here where the trouble happens. The redirected session token seems to be valid but GitLab doesn’t seem to know what to do with it. After redirection it looks like GitLab attempts to use the token, but something doesn’t work, then i’m forwarded to the “https://git.example.com/users/login” page. The App I created on github has the following settings:

Application name: GitLab
Homepage URL: https://git.example.com
Authorization callback URL: https://git.example.com/users/auth/

in my gitlab.rb I have changed the following settings.

for some reason I’m not able to set the “external_url”, it wont allow the instance to fully boot and the container unexpectedly stops. I think this might be an issue.

gitlab_rails[‘omniauth_providers’] = [
{
“name” => “github”,
“app_id” => “[REDACTED]”,
“app_secret” => “[REDACTED]”,
“url” => “https://github.com/”,
“args” => { “scope” => “user:email” }
}
]

ANY help is appreciated!

Update:
I have figured out that the reverse proxy was incorrectly configured to a HTTP redirect and that was the reason that setting the “external url” in gitlab.rb to an HTTPS address was causing the container to fail when building. I have since fixed that.

Currently I’m able to:
GitLab login page -> click sign in with Github.com
Authenticate with Github -> redirected token to my site
https://git.mysite.com/users/auth/-/import/github/callback?code=e2d4df6e53f6ad7bb66c -> ERROR 500

Personal Tokens have the same result

If i attempt to sign-in while being signed-out on both GitLab and GitHub:

On the GitLab page, using the sign-in with Github link -> redirected to Github.
Authenticated on Github -> redirected token back to git.mysite.com
after a timeout event, I receive the error banner on the GitLab sign-in page-> Could not authenticate you from GitHub because “Failed to open tcp connection to github.com:443 (getaddrinfo: temporary failure in name resolution)”.

I have the feeling that I’m making progress and now I have a DNS error here on my side… fingers crossed.

This was solved by adding the internal IP address range for the Docker containers (172.10.0.0-172.17.0.16) to allow all ports in the firewall rules. Would someone please let me know if this is an insecure way to solve this issue, and methods to correctly implement it. Thanks in advance.