Upgrade 9.5.3 to 10.0.2: Reverse proxy does not work anymore


I had a working 9.5.3 behind a reverse proxy / loadbalancer. After an update to 10.0.2 the connections from the loadbalacer seemd to be refused. tcptrack shows me incomming requests, but the state is always RESET. The connection from our internal network (-> without loadbalacer/proxy) works well.

gitlab_access.log does not show any request from extern after update
gitlab_error.log shows exact one error:
[error] 13903#0: *3998637 connect() to unix:/var/opt/gitlab/gitlab-workhorse/socket failed (111: Connection refused) while connecting to upstream, client: 10.XXX.XXX.XXX, server: gitlab.oerlikon.com, request: “GET https://gitlab.oerlikon.com/users/sign_in HTTP/1.1”, upstream: “http://unix:/var/opt/gitlab/gitlab-workhorse/socket:/users/sign_in”, host: “10.YYY.YYY.YYY”

I think it occured while the upgrade was in progress.

I have no idea what is going wrong. I added
nginx[‘ssl_protocols’] = “TLSv1 TLSv1.1 TLSv1.2”
to my gitlab.rb but it make no differnt.

Any ideas?


I made a downgrade to V9.5.8 and all works fine again. So something in the V10.0.2 breaks my setup.


Your upstream shows a http (tcp) connection as well as a unix socket. That can’t be right.

I figured out that this error occurs with every update. So it seems not to be relevant.