Gitlab Docker container behind reverse Proxy

I installed gitlab with the offical Docker container:

docker run -d -p 8002:80 -v /mnt/gitlab/etc/gitlab:/etc/gitlab -v /mnt/gitlab/var/opt/gitlab:/var/opt/gitlab -v /mnt/gitlab/var/log/gitlab:/var/log/gitlab gitlab/gitlab-ce

  • Mesos failing to deploy container with same spec after destroying initial application
  • Running Spring Boot app inside Docker container, unable to connect MySQL
  • Is is possible to define memory and disk space for a Docker Container?
  • Graphite docker image does not accept messages from Spring boot
  • Adding docker to django project: no such file or directory
  • How to access host DB from Docker container?
  • I’m using nginx as reverse proxy:

        upstream gitlab {
            server localhost:8002;
    }
    
    server {
            listen 443 ssl;
            listen [::]:443 ssl;
            keepalive_timeout 70;
            ssl_certificate /etc/letsencrypt/live/git.cedware.com/cert.pem;
            ssl_certificate_key /etc/letsencrypt/live/git.cedware.com/privkey.pem;
            ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
            ssl_ciphers HIGH:!aNULL:!MD5;
            server_name git.cedware.com;
            client_max_body_size 300M;
            location / {
                    proxy_http_version 1.1;
                    proxy_pass http://localhost:8002/;
                    proxy_set_header Host $host;
                    proxy_set_header X-Forwared-Ssl off;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            }
    }
    

    This all works totally fine, until I add this line to the gitlab.rb

    external_url 'https://git.cedware.com';
    

    After restarting the container, nginx can’t reach gitlab. Can someone tell me what’s wrong with my setup?

    Edit:
    This is the output of curl -v https://git.cedware.com:

    * Rebuilt URL to: https://git.cedware.com/
    *   Trying 37.120.177.116...
    * Connected to git.cedware.com (37.120.177.116) port 443 (#0)
    * found 175 certificates in /etc/ssl/certs/ca-certificates.crt
    * found 700 certificates in /etc/ssl/certs
    * ALPN, offering http/1.1
    * SSL connection using TLS1.2 / ECDHE_RSA_AES_256_GCM_SHA384
    *        server certificate verification OK
    *        server certificate status verification SKIPPED
    *        common name: git.cedware.com (matched)
    *        server certificate expiration date OK
    *        server certificate activation date OK
    *        certificate public key: RSA
    *        certificate version: #3
    *        subject: CN=git.cedware.com
    *        start date: Wed, 04 Jan 2017 16:58:00 GMT
    *        expire date: Tue, 04 Apr 2017 16:58:00 GMT
    *        issuer: C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3
    *        compression: NULL
    * ALPN, server accepted to use http/1.1
    > GET / HTTP/1.1
    > Host: git.cedware.com
    > User-Agent: curl/7.47.0
    > Accept: */*
    >
    < HTTP/1.1 502 Bad Gateway
    < Server: nginx/1.10.0 (Ubuntu)
    < Date: Thu, 05 Jan 2017 08:45:52 GMT
    < Content-Type: text/html
    < Content-Length: 182
    < Connection: keep-alive
    <
    <html>
    <head><title>502 Bad Gateway</title></head>
    <body bgcolor="white">
    <center><h1>502 Bad Gateway</h1></center>
    <hr><center>nginx/1.10.0 (Ubuntu)</center>
    </body>
    </html>
    * Connection #0 to host git.cedware.com left intact
    

    And this is the content of the nginx error.log:

    > 2017/01/05 09:47:43 [error] 26258#26258: *1 recv() failed (104:
    > Connection reset by peer) while reading response header from upstream,
    > client: 217.7.247.238, server: git.cedware.com, request: "GET /
    > HTTP/1.1", upstream: "http://127.0.0.1:8002/", host: "git.cedware.com"
    > 2017/01/05 09:47:43 [error] 26258#26258: *1 recv() failed (104:
    > Connection reset by peer) while reading response header from upstream,
    > client: 217.7.247.238, server: git.cedware.com, request: "GET /
    > HTTP/1.1", upstream: "http://[::1]:8002/", host: "git.cedware.com"
    > 2017/01/05 09:47:43 [error] 26258#26258: *1 no live upstreams while
    > connecting to upstream, client: 217.7.247.238, server:
    > git.cedware.com, request: "GET /favicon.ico HTTP/1.1", upstream:
    > "http://localhost/favicon.ico", host: "git.cedware.com", referrer:
    > "https://git.cedware.com/"
    

  • Within docker container can we get the host ip and the random ports allotted
  • django postgresql password authentication failed for user
  • Docker data volume support on Docker Cloud
  • Build docker image with jetty - when should I build?
  • Docker build-arg and copy
  • Docker build failed because of “port 443: Connection timed out”
  • One Solution collect form web for “Gitlab Docker container behind reverse Proxy”

    As per the nginx error shown in the log the upstream is not responding. This is not a nginx error.

    Most likely your container is either down or stuck in a restart loop.

    Use docker ps to see the container status. Then use docker logs <containername> to see any errors it generates.

    It is possible that gitlab doesn’t like your gitlab.rb modification. The log should tell you more.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.