1

I'm trying to set up my own gitlab using https inside a docker-container.

Well, as long as I dont try to use https everything works fine!

Now my problem starts.

According to my logs, gitlab cannot load the sub.domain.com.crt file because of "malformatting".

I'm using Lets Encrypt and I have a cert.pem, privkey.pem, fullchain.pem and a chain.pem. I think the only files I'll need are fullchain.pem and privkey.pem.

Okay, I'll now tell the steps I did so far: 1. I created a docker-compose.yml.

web:
  image: 'gitlab/gitlab-ce:latest'
  restart: always
  hostname: 'git.domain.com'
  environment:
    GITLAB_OMNIBUS_CONFIG: |
      external_url 'http://git.domain.com'
      # Add any other gitlab.rb configuration here, each on its own line
  ports:
    - '20080:80'
    - '20443:443'
    - '20022:22'
  volumes:
    - '/srv/gitlab/config:/etc/gitlab'
    - '/srv/gitlab/logs:/var/log/gitlab'
    - '/srv/gitlab/data:/var/opt/gitlab'
  1. I start this using docker-compose up -d.

I have a directory /srv/gitlab/config/ssl/ where my fullchain.pem and my privkey.pem are stored. I converted these files using openssl x509 ... to get a git.domain.com.crt and a git.domain.com.key file (I also just tryied this with simply copying these files, just changing the file extension which worked better since I could "read" the content of these files...).

I have access to the file /etc/gitlab/ssl/git.domain.com.crt inside my container and my logs are saying: 2017/10/12 18:06:36 [emerg] 2176#0: PEM_read_bio_X509_AUX("/etc/gitlab /ssl/git.domain.com.crt") failed (SSL:error:0906D06C:PEMroutines:PEM_read_bio:no start line:Expecting: TRUSTED CERTIFICATE)

These .pem-files are created using letsencrypt. Below you can see the output of my fullchain.pem.

-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISA0XaZQaUu+WRxU05xvO36gAFMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNzEwMTIxNjQ1MzZaFw0x
[...]
LzANBgkqhkiG9w0BAQsFAAOCAQEAQQBhsE1JYkmrdnLEZXp8iJU6niatU7MAgeab
7ztd7mKJMr8rQ03HrBDdjQaO8S5S9hykTs6zTrU7zkRoQ27oNKFIlszHVg+2DL3/
S8Veur+WhlzAi8MlchFkMf28YI0RkbxVuJcrV0yxE7tfqKg8X5rvbeH6PoDMYydO
a5ZY1CNpR7Jrq+Tn+NoOq9qU8e2+ZMnD2FVxDoe17okWKiXk1Ogs0q1MyPbrE2c4
4KTYq3lnyhNAo1orGrNmGe+xzs7ikUjy+wzoJy3kcIjuEg8H3Bj5eNWsWJllTF0Y
I76E+yK1e2MzDhBpim27hVbwBzn/lpm/dwYs+DpAnYb0Naw/9w==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
[...]
-----END CERTIFICATE-----

Does anybody have a hint what I'm missing?

Thanks a lot!

Kind regards, Patrick

PaddaelsM
  • 111
  • 2
  • ps. I had the problem that somebody once tried to help me. Unfortunately, somebody else downvoted his answer and he thought it was me. I wont downvote anybody who is willing to help me :) – PaddaelsM Oct 12 '17 at 19:53

0 Answers0