Unable to authenticate over HTTPS when using reverse proxy (WebUI works as expected)

Hello all,

I am trying to setup Gitlab behind a reverse proxy and it is almost all working except I can’t authenticate against it when using the git CLI.

I am running Gitlab in docker on an UNRAID box with the following config:

gitlab:
    image: gitlab/gitlab-ce:latest
    restart: unless-stopped
    networks:
      br0:
        ipv4_address: 192.168.1.241
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        nginx['listen_port'] = 80
        nginx['listen_https'] = false
        #letsencrypt['enabled'] = false
        external_url 'https://gitlab.domain.name'
    volumes:
      - ${CONFIG}/gitlab/config:/etc/gitlab
      - ${CONFIG}/gitlab/logs:/var/log/gitlab
      - ${CONFIG}/gitlab/data:/var/opt/gitlab

br0 is an external network provided by UNRAID that I use the give the container an IP that I can route to using a nginx reverse proxy.

I have setup the reverse proxy using nginx-proxy-manager which works as expected (I am not doing anything custom here).

If I navigate to https://gitlab.domain.name the gitlab web UI renders as expected.

However if I run git remote add origin https://gitlab.domain.name/root/project.git and then try for a git fetch I get an Authentication failed error after entering my username and password, however if I update the remote to be http://192.168.1.241/root/portfolio.git (the static IP specified earlier) then I can git fetch appropriately.

I have also tried removing the following config:

nginx['listen_port'] = 80
nginx['listen_https'] = false

And then pointing my proxy to https://192.168.1.241:443/, the web UI still works as expected but I still get authentication errors when trying to fetch/push using the following URL https://gitlab.domain.name/root/portfolio.git.

Interestingly since switching to use the gitlab containers internal https I now can’t resolve http://192.168.1.241/root/portfolio.git manually (which makes sense because it’s http but I also can’t resolve https://192.168.1.241/root/portfolio.git, it throws the following error:

server certificate verification failed. CAfile: none CRLfile: none

Finally just to clarify I should be using the same login details that I use to access the web interface correct? (currently root and my set password).

Have reviewed: https://docs.gitlab.com/omnibus/settings/nginx.html#supporting-proxied-ssl I believe I have set everything up correctly.

Cheers.

How did you resolved this issue?