Question Configure GitLab Docker container with Plesk and LetsEncrypt

[tdiroll]

Hi I have an issue with my GitLab setup.

What I'm trying to achieve:

• running GitLab inside a Docker container
• access GitLab through a subdomain (gitlab.mydomain.com) at ports 80 and 443 for https
• manage SSL through a wildcard certificate for *.mydomain.com provided by LetsEncrypt and Plesk (already in use for subdomains managed by Plesk)
• beeing able to run build tasks in GitLab container (npm scripts etc.) and finally move specific output files to directories of subdomains managed by Plesk (outside of container)

What I did so far:

• got a v-server running Ubuntu 18.04.2 with preinstalled Plesk Onyx 17.8.11
• setup mydomain.com through Plesk
• setup LetsEncrypt wildcard certificate for mydomain.com through Plesk
• installed Docker via ssh (not Plesk)
• ran GitLab inside a container at mydomain.com:30080

I'm completely new to server envs and Docker so I'm not sure about the needed structure of things. Maybe you guys know what to do?

Thanks!

 

[Afshahussain]

Before we can obtain an SSL certificate for our GitLab installation, we will need to download and install Certbot, the official Let's Encrypt client.

 

[Santi]

Hello,

I am trying to install Gitlab on a Ubuntu 18.04. I have tried to install it through apt and failed reconfiguring.
I have tried to install it on Docker and managed to get it working, but all urls were wrong. If I change the external_url setting in /etc/gitlab/gitlab.rb then I get an nginx error.

Can you tell me if you managed to get it working? If so, how?

Thanks.

 

[mrsombre]

I'm completely new to server envs and Docker so I'm not sure about the needed structure of things. Maybe you guys know what to do?

Hello, you need to follow this steps:
- Create subdomain gitlab.mydomain.com
- Add custom rule for gitlab.mydomain.com nginx (or apache, if nginx is not installed) to proxy requests to docker container

location / {
            proxy_pass         http://127.0.0.1:[gitlab docker port];
            proxy_redirect     off;
            proxy_set_header   Host $host;
            proxy_set_header   X-Real-IP $remote_addr;
            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header   X-Forwarded-Host $server_name;
        }

 

[Santi]

Thanks @mrsombre,

Your solution doesn't fix gitlab problem. It redirects properly to the docker container but gitlab doesn't "understand" the fully quialified domain name https://gitlab.mydomain.com.

For gitlab to understand its domain, we need to set in a file located /etc/gitlab/gitlab.rb (inside the container, not in the OS) the line:

external_url "https://gitlab.mydomain.com".​

Once we do that we get a 502 bad gateway error.

I think it is a complex configuration. Here's what I did:

On Apache & nginx settings I disable proxy mode.
Then on Aditional nginx directives I write this (edited):

location / {
proxy_pass https://127.0.0.1:32771;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
​

I have managed to make the following work:

• Let's encrypt certificate working on subdomain "https://gitlab.mydomain.com".
  
• Docker container with the following options:

manual port mapping:

22 -> 32773
443 -> 32771
80 -> 32772​

volume mapping (I created a docker_gitlab folder on /var/www/vhosts/mydomain.com):

/var/log/gitlab -> /var/www/vhosts/mydomain.com/docker_gitlab/var/log/gitlab
/var/opt/gitlab -> /var/www/vhosts/mydomain.com/docker_gitlab/var/opt/gitlab
/etc/gitlab -> /var/www/vhosts/mydomain.com/docker_gitlab/etc/gitlab
/sshcerts -> /usr/local/psa/var/modules/letsencrypt/etc/archive/mydomain.com/​

• Gitlab working on subdomain "https://gitlab.mydomain.com:<port-number>":

This is a tricky one. In the volume mapping I mapped the absolute path to the Plesk let's encrypt certificates.
I have edited the file inside gitlab's docker container /etc/gitlab/gitlab.rb to tell the proper certificates path (in my case there was cert1.. cert2... ):

external_url "https://gitlab.mydomain.com"
nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = "/sshcerts/cert3.pem"
nginx['ssl_certificate_key'] = "/sshcerts/privkey3.pem"
letsencrypt['enable'] = false​

It looks like it works fine if I place the port number in the url. However, if I create a repository in gitlab, it displays the name without the port number.

However, I can clone a repo this way:

git clone https://gitlab.mydomain.com:32771/root/testproject.git

So the final question would be...

How can I use https://gitlab.mydomain.com whithout the port number in the url using gitlab on a docker container, managed by Plesk using a let's encrypt certificate??

For now, I will leave my configuration as it is... I will tell the few users to add "manually" the port number to the git urls, I will keep on taking a look to this issue to try to solve it.

 

[mrsombre]

Thanks for a good explanation, @Santi

Let's look in details:

git clone https://gitlab.mydomain.com:32771/root/testproject.git

When you open this URL:
- Client resolve DNS record for gitlab.mydomain.com (which is pointed to your host public IP)
- Then send request (open socket connection) to port 32771. In this particular case front-end nginx (listening on port 80/443) does not involved into process, so you basically connect to the docker container directly.

Once we do that we get a 502 bad gateway error

I suppose you get this error because you pointing a nginx proxy to a port which is not served.

external_url "https://gitlab.mydomain.com"

When you use https in external_url http port will not listen in gitlab (see Configuration options | GitLab)
I recommend following:
- Disable docker nginx as explained in this doc NGINX settings | GitLab
- Point proxy to https instead:
location / {
proxy_pass https://127.0.0.1:32771;
}
Because 80 -> 32772 and 443 -> 32771

 

[Santi]

Your solution looks nice!
However... just fixed it with a simple change (very ugly):

I "double redirected" the VPS nginx and the docker nginx... I guess it drains memory since I have two nginx servers working, but it works...

I just added one line to the apache & nginx settings aditional nginx directives:

location / {
proxy_pass https://127.0.0.1:32771;
proxy_redirect https://gitlab.mydomain.com:32771 https://gitlab.mydomain.com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}​

It simply works!!!!

I think your solution looks much better, and probably I will test it later.

Thank you very much for your help

 

[mrsombre]

@Santi i'm glad you have solved your problem
Regarding proxy_redirect option, it's not work as you expect

Sets the text that should be changed in the “Location” and “Refresh” header fields of a proxied server response.

It just used to modify redirecting inside domain.
BTW seems proxy_pass https://127.0.0.1:32771; is a right solution.

PS Try this image sameersbn/docker-gitlab if you have enough time, looks like it designed better for production purpose than official one.

 

[Santi]

Thanks for your help! I used the docker image from the docker extension in Plesk. I guess it is the official one. I don't know about nginx settings... I just copy paste and try/error....

Maybe I will test the new image some day... for now, I am happy enough I got it working... It took me a lot of time cause I found lots of errors trying to use gitlab from Ubuntu 18.04 repos... It never started properly.

The docker one works... so forget the repos.

Thank you very much for your help.

 

[tdiroll]

Hello,

I am trying to install Gitlab on a Ubuntu 18.04. I have tried to install it through apt and failed reconfiguring.
I have tried to install it on Docker and managed to get it working, but all urls were wrong. If I change the external_url setting in /etc/gitlab/gitlab.rb then I get an nginx error.

Can you tell me if you managed to get it working? If so, how?

Thanks.

Yes I did manage to get it working. This is my docker config for the gitlab omnibus image:

Hello,

I am trying to install Gitlab on a Ubuntu 18.04. I have tried to install it through apt and failed reconfiguring.
I have tried to install it on Docker and managed to get it working, but all urls were wrong. If I change the external_url setting in /etc/gitlab/gitlab.rb then I get an nginx error.

Can you tell me if you managed to get it working? If so, how?

Thanks.

@Santi Great you got it to work! FYI here is my config including working registry and mailbot:

1. Create a subdomain in Plesk with Let's Encrypt certificate (or another one, if you want gitlab registry as well)
2. Run a docker container with the gitlab-omnibus image and following config:

docker run \
--detach \
--hostname gitlab.domain.com \
--name gitlab \
-p XXX22:22 -p XXX80:80 \
--volume /srv/gitlab/config:/etc/gitlab --volume /srv/gitlab/logs:/var/log/gitlab --volume /srv/gitlab/data:/var/opt/gitlab \
--env GITLAB_OMNIBUS_CONFIG=" \
external_url 'https://gitlab.domain.com'; \
nginx['listen_port']=80; \
nginx['listen_https']=false; \
registry_external_url 'https://gitlab-registry.domain.com'; \
registry_nginx['listen_port']=80; \
registry_nginx['listen_https']=false; \
gitlab_rails['smtp_enable']=true; \
gitlab_rails['smtp_address']='mail.domain.com'; \
gitlab_rails['smtp_port']=25; \
gitlab_rails['smtp_user_name']='[email protected]'; \
gitlab_rails['smtp_password']='XXXXXXXXX'; \
gitlab_rails['smtp_domain']='domain.com'; \
gitlab_rails['smtp_authentication']='login'; \
gitlab_rails['smtp_enable_starttls_auto']=true; \
gitlab_rails['smtp_openssl_verify_mode']='peer'; \
gitlab_rails['gitlab_email_from']='[email protected]'; \
gitlab_rails['gitlab_email_reply_to']='[email protected]';" \
gitlab/gitlab-ce:latest

3. Install NGINX and Plesk Docker extension (Docker)
4. Go to domain settings of your subdomain -> Docker proxy settings -> and point "/" (at port 80) to your desired port (XXX80). Use the same port for your registry domain, if you have one

This will use the Plesk Let's Encrypt certificate, automatic NGINX config through the extension and will redirect all traffic to http inside the gitlab docker container. Works for me.

 

[cathiss18]

Hello,

I am trying to install Gitlab on a Ubuntu 18.04. I have tried to install it through apt and failed reconfiguring.
I have tried to install it on Docker and managed to get it working, but all urls were wrong Rachat de crédit + trésorerie. If I change the external_url setting in /etc/gitlab/gitlab.rb then I get an nginx error.

Can you tell me if you managed to get it working? If so, how?

Thanks.

Maybe you should check the URLs with url check to see if they are working or not. It's easier for you afterwards to continue.

 

[Santi]

Thankyou @cathiss18, I got it working perfectly now, using docker and a similar configuration to the one @tdiroll said.

Thanks a lot to all of you