Configure nginx to proxy GitLab CE (both a docker container)

Question

The two following docker containers are running on my machine:

nginx                     0.0.0.0:80->80/tcp, 0.0.0.0:443->443/tcp                               nginx
gitlab/gitlab-ce:latest   0.0.0.0:32782->22/tcp, 0.0.0.0:32781->80/tcp, 0.0.0.0:32780->443/tcp   gitlab

At the moment I cannot figure out how to configure nginx to reverse proxy the user request. If a user enters http://gitlab.domain.com my setup returns a 502 Bad Gateway Error.

Server config:
    server{
        listen 80;
        listen [::]:80;
        server_name gitlab.domain.com www.gitlab.domain.com;

        location / {
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header HOST $http_host;
            proxy_set_header X-NginX-Proxy true;

            proxy_pass http://gitlab:32781;
            proxy_redirect off;
        }
}

You need to resolve `gitlab` using http://nginx.org/en/docs/http/ngx_http_core_module.html#resolver — Drifter104, Feb 24 '16 at 17:55
After following your link I am still not able to figure it out. Could you provide an example? 'gitlab' is the gitlab container linked to the nginx container by the way. — user1255102, Feb 25 '16 at 12:01
Does your nginx host know that? If you look at this guide on linking docker containers https://docs.docker.com/v1.8/userguide/dockerlinks/ towards the bottom it explains about adding entry to host file so the containers can resolve the address of the each other. You nginx container needs the network address of the gitlab container — Drifter104, Feb 25 '16 at 12:29

score 2 · Answer 1 · answered Nov 08 '16 at 12:25

For me worked following configuration for jwilder/nginx-proxy container.

web:
  image: 'gitlab/gitlab-ce:latest'
  hostname: 'gitlab.it-expert.com.ua'
  environment:
    GITLAB_OMNIBUS_CONFIG: |
      external_url 'https://gitlab.it-expert.com.ua'
      registry_external_url 'https://registry.it-expert.com.ua'
    VIRTUAL_HOST: gitlab.it-expert.com.ua,registry.it-expert.com.ua
    VIRTUAL_PORT: 443
    VIRTUAL_PROTO: https
  volumes:
    - './data/config:/etc/gitlab'
    - './data/logs:/var/log/gitlab'
    - './data/data:/var/opt/gitlab'

Tricky part was to figure out how containers is connected and which and who should process SSL.

For this configuration you should supply SSL certificates both for nginx-proxy and gitlab-ce containers, because communications between them is also using SSL. For gitlab-ce use ./data/config/ssl folder.

You can find out in my blog post how to quickly get valid certificate from Let's encrypt via handy docker container certbot.

Amine27 · Answer 2 · 2017-03-16T13:02:17.770

Here is a working docker-compose.yml:

gitlab:                                                                                                                                                                
  image: "gitlab/gitlab-ce:latest"
  container_name: gitlab                                                                                                                            
  volumes:
    - ./gitlab/config:/etc/gitlab
    - ./gitlab/logs:/var/log/gitlab
    - ./gitlab/data:/var/opt/gitlab
    - /home/user/nginx-proxy/certs:/etc/gitlab/ssl/
  environment:
    GITLAB_OMNIBUS_CONFIG: |
      external_url 'https://git.example.org'                                                                                                                    
    VIRTUAL_HOST: git.example.org
    VIRTUAL_PORT: 443
    VIRTUAL_PROTO: https
    LETSENCRYPT_HOST: git.example.org
    LETSENCRYPT_EMAIL: email@example.org
  restart: always

Using jwilder/nginx-proxy container as Max Prokopov answer. The critical part for my case was VIRTUAL_PORT and VIRTUAL_PROTO environment variables. Don't setting them propretly cause Nginx 400 error: "The plain HTTP request was sent to HTTPS port".

Here is a spinet for the gitlab part of conf.d/default.conf nginx file:

upstream git.example.org {
                                ## Can be connect with "bridge" network
                        # gitlab
                        server 172.17.0.4:443;
}
server {
        server_name git.example.org;
        listen 80 ;
        access_log /var/log/nginx/access.log vhost;
        return 301 https://$host$request_uri;
}
server {
        server_name git.example.org;
        listen 443 ssl http2 ;
        access_log /var/log/nginx/access.log vhost;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ...;
        ssl_certificate /etc/nginx/certs/git.example.org.crt;
        ssl_certificate_key /etc/nginx/certs/igit.example.org.key;
        ssl_dhparam /etc/nginx/certs/git.example.org.dhparam.pem;
        add_header Strict-Transport-Security "max-age=31536000";
        include /etc/nginx/vhost.d/default;
        location / {
                proxy_pass https://git.example.org;
        }
}

Could you share the nginx part of your setup? The asker has gitlab running, but was having issues getting nginx to proxy requests to it. — iwaseatenbyagrue, Mar 16 '17 at 07:36
The conf.d/default.conf is generated automatically by jwilder/nginx-proxy. However, I've posted a spinet for the gitlab part in my original response. — Amine27, Mar 16 '17 at 13:04

Mr_Thorynque · Answer 3 · 2016-12-02T19:26:03.513

-1

you don't need to map gitlab container ports to host port because nginx container knows other container, and try

proxy_pass http://gitlab;

You have to link the container before into run command of nginx container

--link gitlab:gitlab

edited Dec 02 '16 at 19:26

answered Dec 01 '16 at 19:37

Mr_Thorynque

141
6

Configure nginx to proxy GitLab CE (both a docker container)

3 Answers3