Gitlab Docker container behind reverse Proxy

I installed gitlab with the offical Docker container:

docker run -d -p 8002:80 -v /mnt/gitlab/etc/gitlab:/etc/gitlab -v /mnt/gitlab/var/opt/gitlab:/var/opt/gitlab -v /mnt/gitlab/var/log/gitlab:/var/log/gitlab gitlab/gitlab-ce

  • run a meteor app on docker - doesn't open in localhost
  • Docker volume not available during execution
  • Sonatype Nexus3 docker image - How to setup an internal docker repository
  • How to use volumes-from in marathon
  • Docker and pip requirements
  • How to configure an application in openshift via a REST endpoint?
  • I’m using nginx as reverse proxy:

        upstream gitlab {
            server localhost:8002;
    }
    
    server {
            listen 443 ssl;
            listen [::]:443 ssl;
            keepalive_timeout 70;
            ssl_certificate /etc/letsencrypt/live/git.cedware.com/cert.pem;
            ssl_certificate_key /etc/letsencrypt/live/git.cedware.com/privkey.pem;
            ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
            ssl_ciphers HIGH:!aNULL:!MD5;
            server_name git.cedware.com;
            client_max_body_size 300M;
            location / {
                    proxy_http_version 1.1;
                    proxy_pass http://localhost:8002/;
                    proxy_set_header Host $host;
                    proxy_set_header X-Forwared-Ssl off;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            }
    }
    

    This all works totally fine, until I add this line to the gitlab.rb

    external_url 'https://git.cedware.com';
    

    After restarting the container, nginx can’t reach gitlab. Can someone tell me what’s wrong with my setup?

    Edit:
    This is the output of curl -v https://git.cedware.com:

    * Rebuilt URL to: https://git.cedware.com/
    *   Trying 37.120.177.116...
    * Connected to git.cedware.com (37.120.177.116) port 443 (#0)
    * found 175 certificates in /etc/ssl/certs/ca-certificates.crt
    * found 700 certificates in /etc/ssl/certs
    * ALPN, offering http/1.1
    * SSL connection using TLS1.2 / ECDHE_RSA_AES_256_GCM_SHA384
    *        server certificate verification OK
    *        server certificate status verification SKIPPED
    *        common name: git.cedware.com (matched)
    *        server certificate expiration date OK
    *        server certificate activation date OK
    *        certificate public key: RSA
    *        certificate version: #3
    *        subject: CN=git.cedware.com
    *        start date: Wed, 04 Jan 2017 16:58:00 GMT
    *        expire date: Tue, 04 Apr 2017 16:58:00 GMT
    *        issuer: C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3
    *        compression: NULL
    * ALPN, server accepted to use http/1.1
    > GET / HTTP/1.1
    > Host: git.cedware.com
    > User-Agent: curl/7.47.0
    > Accept: */*
    >
    < HTTP/1.1 502 Bad Gateway
    < Server: nginx/1.10.0 (Ubuntu)
    < Date: Thu, 05 Jan 2017 08:45:52 GMT
    < Content-Type: text/html
    < Content-Length: 182
    < Connection: keep-alive
    <
    <html>
    <head><title>502 Bad Gateway</title></head>
    <body bgcolor="white">
    <center><h1>502 Bad Gateway</h1></center>
    <hr><center>nginx/1.10.0 (Ubuntu)</center>
    </body>
    </html>
    * Connection #0 to host git.cedware.com left intact
    

    And this is the content of the nginx error.log:

    > 2017/01/05 09:47:43 [error] 26258#26258: *1 recv() failed (104:
    > Connection reset by peer) while reading response header from upstream,
    > client: 217.7.247.238, server: git.cedware.com, request: "GET /
    > HTTP/1.1", upstream: "http://127.0.0.1:8002/", host: "git.cedware.com"
    > 2017/01/05 09:47:43 [error] 26258#26258: *1 recv() failed (104:
    > Connection reset by peer) while reading response header from upstream,
    > client: 217.7.247.238, server: git.cedware.com, request: "GET /
    > HTTP/1.1", upstream: "http://[::1]:8002/", host: "git.cedware.com"
    > 2017/01/05 09:47:43 [error] 26258#26258: *1 no live upstreams while
    > connecting to upstream, client: 217.7.247.238, server:
    > git.cedware.com, request: "GET /favicon.ico HTTP/1.1", upstream:
    > "http://localhost/favicon.ico", host: "git.cedware.com", referrer:
    > "https://git.cedware.com/"
    

  • Copy apps on docker jboss/wildfly images container
  • How to access a web application running on Mesos?
  • How I can connect wp container with ajenti container?
  • Docker freezes even in a small setup
  • Is it possible to ignore a subfolder (e.g. node_module) in the mounted Volume in a docker container?
  • Connect with ssh to docker daemon on windows
  • One Solution collect form web for “Gitlab Docker container behind reverse Proxy”

    As per the nginx error shown in the log the upstream is not responding. This is not a nginx error.

    Most likely your container is either down or stuck in a restart loop.

    Use docker ps to see the container status. Then use docker logs <containername> to see any errors it generates.

    It is possible that gitlab doesn’t like your gitlab.rb modification. The log should tell you more.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.