Unable to authenticate over HTTPS when using reverse proxy (WebUI works as expected)

Chop · December 5, 2019, 4:07am

Hello all,

I am trying to setup Gitlab behind a reverse proxy and it is almost all working except I can’t authenticate against it when using the git CLI.

I am running Gitlab in docker on an UNRAID box with the following config:

gitlab:
    image: gitlab/gitlab-ce:latest
    restart: unless-stopped
    networks:
      br0:
        ipv4_address: 192.168.1.241
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        nginx['listen_port'] = 80
        nginx['listen_https'] = false
        #letsencrypt['enabled'] = false
        external_url 'https://gitlab.domain.name'
    volumes:
      - ${CONFIG}/gitlab/config:/etc/gitlab
      - ${CONFIG}/gitlab/logs:/var/log/gitlab
      - ${CONFIG}/gitlab/data:/var/opt/gitlab

br0 is an external network provided by UNRAID that I use the give the container an IP that I can route to using a nginx reverse proxy.

I have setup the reverse proxy using nginx-proxy-manager which works as expected (I am not doing anything custom here).

If I navigate to https://gitlab.domain.name the gitlab web UI renders as expected.

However if I run git remote add origin https://gitlab.domain.name/root/project.git and then try for a git fetch I get an Authentication failed error after entering my username and password, however if I update the remote to be http://192.168.1.241/root/portfolio.git (the static IP specified earlier) then I can git fetch appropriately.

I have also tried removing the following config:

nginx['listen_port'] = 80
nginx['listen_https'] = false

And then pointing my proxy to https://192.168.1.241:443/, the web UI still works as expected but I still get authentication errors when trying to fetch/push using the following URL https://gitlab.domain.name/root/portfolio.git.

Interestingly since switching to use the gitlab containers internal https I now can’t resolve http://192.168.1.241/root/portfolio.git manually (which makes sense because it’s http but I also can’t resolve https://192.168.1.241/root/portfolio.git, it throws the following error:

server certificate verification failed. CAfile: none CRLfile: none

Finally just to clarify I should be using the same login details that I use to access the web interface correct? (currently root and my set password).

Have reviewed: https://docs.gitlab.com/omnibus/settings/nginx.html#supporting-proxied-ssl I believe I have set everything up correctly.

Cheers.

rapture1781 · December 28, 2021, 8:45am

How did you resolved this issue?

ldprice · November 8, 2022, 1:39pm

Same issue here…

Topic		Replies	Views
Cant access gitlab using domain behind nginx proxy Self-managed	0	258	March 20, 2024
Gitlab behind Nginx Reverse Proxy with Custom Port How to Use GitLab docker	0	842	July 24, 2022
Gitlab Docker with Apache reverse proxy and SSL How to Use GitLab apache , docker , ssl	4	6040	November 30, 2020
Run Gitlab behind reverse proxy General	0	924	May 1, 2022
Gitlab with Docker and behind NGINX Self-managed nginx , docker	1	2504	January 30, 2024

Unable to authenticate over HTTPS when using reverse proxy (WebUI works as expected)

Related Topics