Unable to get to Gitlab when utilizing Traefik within Docker Swarm
- Internally cannot access gitlab site, just receive 404 error - however if I take traefik out of the equation and expose 8929 in the gitlab docker-stack like I do for ssh I am able to get to Gitlab over the URL if I declare the port in the URL (i.e gitlab.ourdomain:8929)
- I don’t want to utilize the port in the URL, normally we front our sites via F5 however this Gitlab is strictly internally - if I did this configuration like that I know it would work
- I don’t have any runners or anything configured currently, this is a fresh site that as mentions works if I take traefik out of the equation and run it over the exposed port.
- Traefik container runs on a different host that is running the Gitlab container
Unsure of what I am missing or not thinking of for this setup/configuration
Example Error
Using devtools in Chrome when I attempt to access the site:
Request URL:
http://gitlab.ourdomain/
Request Method:
GET
Status Code:
404 Not Found
Remote Address:
<host ip of host running traefik container:80
Referrer Policy:
strict-origin-when-cross-origin
Configuration
Gitlab docker-stack.yml
services:
internal-gitlab:
image: <OUR_REGISTRY>:5000/gitlab/gitlab-ee:16.8.1-ee.0
deploy:
placement:
constraints:
- node.labels.vlan == <OUR_VLAN>
resources:
limits:
memory: 4G
cpus: '2'
healthcheck:
disable: true
ports:
- '2424:22' #SSH
labels:
- "traefik.enable=true"
- "traefik.http.routers.gitlab.entrypoints=web"
- "traefik.http.routers.gitlab.rule=Host(`gitlab.ourdomain`)"
- "traefik.http.routers.gitlab.service=gitlab"
- "traefik.http.services.gitlab.loadbalancer.server.port=80"
networks:
application-entry:
volumes:
- /data/swarmdata/internal-gitlab/data:/var/opt/gitlab
- /data/swarmdata/internal-gitlab/logs:/var/log/gitlab
- /data/swarmdata/internal-gitlab/config:/etc/gitlab
environment:
CHEF_FIPS: ""
GITLAB_OMNIBUS_CONFIG: "from_file('/omnibus_config.rb')"
configs:
- source: gitlab
target: /omnibus_config.rb
secrets:
- gitlab_root_password
logging:
# limit logs retained on host to 25MB
driver: "json-file"
options:
max-size: "500k"
max-file: "50"
configs:
gitlab:
file: ./gitlab.rb
secrets:
gitlab_root_password:
file: ./root_password.txt
networks:
application-entry:
external:
name: application-entry
gitlab.rb
external_url 'http://gitlab.ourdomain'
nginx['listen_port'] = 80
Traefik docker-stack.yml
traefik:
image: <OUR_REGISTRY>:5000/traefik:latest
deploy:
mode: replicated
replicas: 3
placement:
constraints:
- node.labels.vlan == <OUR_VLAN>
- node.labels.role == proxy
max_replicas_per_node: 1
command:
--global.checkNewVersion=false
--global.sendAnonymousUsage=false
--entryPoints.bitbucket-ssh.address=:7999
--entryPoints.bitbucket-ssh.address=:8000
--entryPoints.internal.address=:8010
--entryPoints.web.address=:80
--entryPoints.web.forwardedHeaders.insecure
--entryPoints.web-secure.address=:443
--providers.docker.endpoint=tcp://socat:2375
--providers.docker.swarmMode=true
--providers.docker.exposedByDefault=false
--providers.file.directory=/etc/traefik/dynamic_conf
--api.dashboard=false
--api.insecure=true
--accesslog=true
--accesslog.filepath=/var/log/access.log
--log.filePath=/var/log/traefik.log
ports:
- "80:80"
- "7999:7999"
- "8000:8000"
- "8010:8010"
- "443:443"
volumes:
- ./traefik.yml:/etc/traefik/dynamic_conf/conf.yml:ro
- ./config/:/config/:ro
networks:
- traefik-socat
- application-entry
networks:
traefik-socat:
external: true
name: traefik-socat
application-entry:
external: true
name: application-entry
Version Information
- Self-managed
- Container Image gitlab-ee:16.8.1-ee.0