bad permissions in gitlab after run by docker

Question

I have run gitlab via docker on windows 10 with this command:

docker run --detach --hostname gitlab.example.com  --publish 443:443 --publish 80:80 --publish 22:22  --name gitlab  --restart always  --volume D:\gitlab\config:/etc/gitlab  --volume D:\gitlab\logs:/var/log/gitlab  --volume D:\gitlab\data:/var/opt/gitlab  gitlab/gitlab-ce:latest

now I have a problem. when I enter this address: gitlab.example.com in browser I can not see the gitlab's web interface. I saw the log of gitlab in D:\gitlab\logs\sshd\current. below is some of its content which constantly insert during docker is running gitlab image whitin a container:

2018-01-08_13:01:02.92007 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
2018-01-08_13:01:02.92010 @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
2018-01-08_13:01:02.92010 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
2018-01-08_13:01:02.92010 Permissions 0755 for '/etc/gitlab/ssh_host_rsa_key' are too open.
2018-01-08_13:01:02.92010 It is required that your private key files are NOT accessible by others.
2018-01-08_13:01:02.92011 This private key will be ignored.
2018-01-08_13:01:02.92023 key_load_private: bad permissions
2018-01-08_13:01:02.92198 Could not load host key: /etc/gitlab/ssh_host_rsa_key
2018-01-08_13:01:02.92242 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
2018-01-08_13:01:02.92243 @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
2018-01-08_13:01:02.92244 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
2018-01-08_13:01:02.92244 Permissions 0755 for '/etc/gitlab/ssh_host_ecdsa_key' are too open.
2018-01-08_13:01:02.92245 It is required that your private key files are NOT accessible by others.
2018-01-08_13:01:02.92246 This private key will be ignored.
2018-01-08_13:01:02.92254 key_load_private: bad permissions
2018-01-08_13:01:02.92377 Could not load host key: /etc/gitlab/ssh_host_ecdsa_key
2018-01-08_13:01:02.92420 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
2018-01-08_13:01:02.92422 @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
2018-01-08_13:01:02.92423 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
2018-01-08_13:01:02.92424 Permissions 0755 for '/etc/gitlab/ssh_host_ed25519_key' are too open.
2018-01-08_13:01:02.92424 It is required that your private key files are NOT accessible by others.
2018-01-08_13:01:02.92425 This private key will be ignored.
2018-01-08_13:01:02.92434 key_load_private: bad permissions
2018-01-08_13:01:02.92548 Could not load host key: /etc/gitlab/ssh_host_ed25519_key
2018-01-08_13:01:02.92553 Server listening on 0.0.0.0 port 22.
2018-01-08_13:01:02.92555 Server listening on :: port 22.
2018-01-08_13:02:11.29316 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
2018-01-08_13:02:11.29339 @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
2018-01-08_13:02:11.29353 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
2018-01-08_13:02:11.29371 Permissions 0755 for '/etc/gitlab/ssh_host_rsa_key' are too open.
2018-01-08_13:02:11.29394 It is required that your private key files are NOT accessible by others.
2018-01-08_13:02:11.29411 This private key will be ignored.
2018-01-08_13:02:11.29429 key_load_private: bad permissions
2018-01-08_13:02:11.29447 Could not load host key: /etc/gitlab/ssh_host_rsa_key
2018-01-08_13:02:11.29501 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
2018-01-08_13:02:11.29510 @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
2018-01-08_13:02:11.29527 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
2018-01-08_13:02:11.29545 Permissions 0755 for '/etc/gitlab/ssh_host_ecdsa_key' are too open.
2018-01-08_13:02:11.29555 It is required that your private key files are NOT accessible by others.
2018-01-08_13:02:11.29569 This private key will be ignored.
2018-01-08_13:02:11.29588 key_load_private: bad permissions
2018-01-08_13:02:11.29674 Could not load host key: /etc/gitlab/ssh_host_ecdsa_key

what is wrong with my gitlab and how I can have gitlab's web interface?

score 3 · Answer 1 · answered Jan 08 '18 at 13:34

3

This is because you're mounting these keys in using a host mount:

--volume D:\gitlab\config:/etc/gitlab

I'm assuming that the permissions, when Docker sticks these on the VM, aren't transferred, or simply don't exist on your Windows box.

You can try making the files owner read only (400) and it might work - I don't have a Windows box to test.

Failing that, you'll need to write an entrypoint script and use with --entrypoint=/usr/local/entrypoint and mount the following script to that location:

#!/usr/bin/env sh
chmod 400 /etc/gitlab/ssh_host_{rsa,ecdsa,ed25519}_key
/assets/wrapper

answered Jan 08 '18 at 13:34

Rawkode

21,990
5
38
45

first, I used `--volume D:\gitlab\config:/etc/gitlab` and all folder are created and mounted in windows. second, where should I use `--entrypoint`? In `docker run` command in order to run gitlab? @Rawkode – helenDeveloper Jan 08 '18 at 13:41
"first, I used --volume D:\gitlab\config:/etc/gitlab and all folder are created and mounted in windows" Yes, that's what I said :) You'll need to create the new entrypoint file and mount it, then add --entrypoint. Just, the docker run command for GitLab – Rawkode Jan 09 '18 at 14:21

bad permissions in gitlab after run by docker

1 Answers1