Gitlab Docker container behind reverse Proxy

I installed gitlab with the offical Docker container:

docker run -d -p 8002:80 -v /mnt/gitlab/etc/gitlab:/etc/gitlab -v /mnt/gitlab/var/opt/gitlab:/var/opt/gitlab -v /mnt/gitlab/var/log/gitlab:/var/log/gitlab gitlab/gitlab-ce

  • Is docker commit an atomic operation?
  • How to cat a file inside a docker image?
  • How do I make a Python Docker image an OpenWhisk action?
  • Laravel MySQL Error ONLY on Scheduled Tasks (via cron)
  • Cannot connect to the Docker daemon
  • Command for restarting all running docker containers?
  • I’m using nginx as reverse proxy:

        upstream gitlab {
            server localhost:8002;
    }
    
    server {
            listen 443 ssl;
            listen [::]:443 ssl;
            keepalive_timeout 70;
            ssl_certificate /etc/letsencrypt/live/git.cedware.com/cert.pem;
            ssl_certificate_key /etc/letsencrypt/live/git.cedware.com/privkey.pem;
            ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
            ssl_ciphers HIGH:!aNULL:!MD5;
            server_name git.cedware.com;
            client_max_body_size 300M;
            location / {
                    proxy_http_version 1.1;
                    proxy_pass http://localhost:8002/;
                    proxy_set_header Host $host;
                    proxy_set_header X-Forwared-Ssl off;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            }
    }
    

    This all works totally fine, until I add this line to the gitlab.rb

    external_url 'https://git.cedware.com';
    

    After restarting the container, nginx can’t reach gitlab. Can someone tell me what’s wrong with my setup?

    Edit:
    This is the output of curl -v https://git.cedware.com:

    * Rebuilt URL to: https://git.cedware.com/
    *   Trying 37.120.177.116...
    * Connected to git.cedware.com (37.120.177.116) port 443 (#0)
    * found 175 certificates in /etc/ssl/certs/ca-certificates.crt
    * found 700 certificates in /etc/ssl/certs
    * ALPN, offering http/1.1
    * SSL connection using TLS1.2 / ECDHE_RSA_AES_256_GCM_SHA384
    *        server certificate verification OK
    *        server certificate status verification SKIPPED
    *        common name: git.cedware.com (matched)
    *        server certificate expiration date OK
    *        server certificate activation date OK
    *        certificate public key: RSA
    *        certificate version: #3
    *        subject: CN=git.cedware.com
    *        start date: Wed, 04 Jan 2017 16:58:00 GMT
    *        expire date: Tue, 04 Apr 2017 16:58:00 GMT
    *        issuer: C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3
    *        compression: NULL
    * ALPN, server accepted to use http/1.1
    > GET / HTTP/1.1
    > Host: git.cedware.com
    > User-Agent: curl/7.47.0
    > Accept: */*
    >
    < HTTP/1.1 502 Bad Gateway
    < Server: nginx/1.10.0 (Ubuntu)
    < Date: Thu, 05 Jan 2017 08:45:52 GMT
    < Content-Type: text/html
    < Content-Length: 182
    < Connection: keep-alive
    <
    <html>
    <head><title>502 Bad Gateway</title></head>
    <body bgcolor="white">
    <center><h1>502 Bad Gateway</h1></center>
    <hr><center>nginx/1.10.0 (Ubuntu)</center>
    </body>
    </html>
    * Connection #0 to host git.cedware.com left intact
    

    And this is the content of the nginx error.log:

    > 2017/01/05 09:47:43 [error] 26258#26258: *1 recv() failed (104:
    > Connection reset by peer) while reading response header from upstream,
    > client: 217.7.247.238, server: git.cedware.com, request: "GET /
    > HTTP/1.1", upstream: "http://127.0.0.1:8002/", host: "git.cedware.com"
    > 2017/01/05 09:47:43 [error] 26258#26258: *1 recv() failed (104:
    > Connection reset by peer) while reading response header from upstream,
    > client: 217.7.247.238, server: git.cedware.com, request: "GET /
    > HTTP/1.1", upstream: "http://[::1]:8002/", host: "git.cedware.com"
    > 2017/01/05 09:47:43 [error] 26258#26258: *1 no live upstreams while
    > connecting to upstream, client: 217.7.247.238, server:
    > git.cedware.com, request: "GET /favicon.ico HTTP/1.1", upstream:
    > "http://localhost/favicon.ico", host: "git.cedware.com", referrer:
    > "https://git.cedware.com/"
    

  • Openshift node fails to start
  • Why is my dockerfile not copying directories
  • javaOptions with sbt docker:publishLocal and docker run
  • Docker read Host Env Variable
  • Play framework multiple ajax request
  • docker root crontab job not executing
  • One Solution collect form web for “Gitlab Docker container behind reverse Proxy”

    As per the nginx error shown in the log the upstream is not responding. This is not a nginx error.

    Most likely your container is either down or stuck in a restart loop.

    Use docker ps to see the container status. Then use docker logs <containername> to see any errors it generates.

    It is possible that gitlab doesn’t like your gitlab.rb modification. The log should tell you more.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.