sameersbn
docker-compose can‘t enable 443 https
This is my docker-compose.yml
version: '2'
services:
redis:
restart: always
image: sameersbn/redis:4.0.9-2
command:
- --loglevel warning
volumes:
# - redis-data:/var/lib/redis:Z
- /volumes/gitlab/redis-data:/var/lib/redis:Z
postgresql:
restart: always
image: sameersbn/postgresql:10-2
volumes:
# - postgresql-data:/var/lib/postgresql:Z
- /volumes/gitlab/postgresql-data:/var/lib/postgresql:Z
environment:
- DB_USER=gitlab
- DB_PASS=545D1031-7A10-4A0E-BE62-803E1AF70F92
- DB_NAME=gitlabhq_production
- DB_EXTENSION=pg_trgm
gitlab:
restart: always
image: sameersbn/gitlab:13.0.2
depends_on:
- redis
- postgresql
ports:
# - "127.0.0.1:10080:80"
- "80:80"
- "81:22"
# - "10080:443"
volumes:
# - gitlab-data:/home/git/data:Z
- /volumes/gitlab/gitlab-data:/home/git/data:Z
# - /volumes/gitlab/tlab-data/gitlab.yml:/home/git/gitlab/config/gitlab.yml
# - /volumes/gitlab/gitlab-data:/home/git:Z
environment:
# - DEBUG=false
- DEBUG=true
- DB_ADAPTER=postgresql
- DB_HOST=postgresql
- DB_PORT=5432
- DB_USER=gitlab
- DB_PASS=545D1031-7A10-4A0E-BE62-803E1AF70F92
- DB_NAME=gitlabhq_production
- REDIS_HOST=redis
- REDIS_PORT=6379
- TZ=Asia/Kolkata
- GITLAB_TIMEZONE=Kolkata
- GITLAB_HTTPS=true
# - GITLAB_HTTPS=false
# - SSL_SELF_SIGNED=false
- SSL_SELF_SIGNED=true
- GITLAB_HOST=www.test.com
# - GITLAB_HOST=""
- GITLAB_PORT=443
- GITLAB_SSH_PORT=22
- GITLAB_RELATIVE_URL_ROOT=
- GITLAB_SECRETS_DB_KEY_BASE=9CA8BE9D-6A91-4E6A-B094-2D2F9C4F6943E22893BF-B2B5-4721-9892-94AE01F668BE
- GITLAB_SECRETS_SECRET_KEY_BASE=81FDCF07-19BE-4A86-AF8F-2161A9BC5833CF834411-8064-4377-834A-C226AF2EAA50
- GITLAB_SECRETS_OTP_KEY_BASE=3C022734-34A5-498D-A994-1C608C7265728395327F-96CC-48DE-A1DD-ECAD9A097BCC
- GITLAB_ROOT_PASSWORD=1313537D-E70B-4779-9533-6AF59B913EF6
- [email protected]
- GITLAB_NOTIFY_ON_BROKEN_BUILDS=true
- GITLAB_NOTIFY_PUSHER=false
- [email protected]
- [email protected]
- [email protected]
- GITLAB_BACKUP_SCHEDULE=daily
- GITLAB_BACKUP_TIME=01:00
- SMTP_ENABLED=true
- SMTP_DOMAIN=exmail.qq.com
- SMTP_HOST=smtp.exmail.qq.com
- SMTP_PORT=465
- [email protected]
- SMTP_PASS=KNkhi7suwMZJRahK
- SMTP_TLS=true
- SMTP_STARTTLS=false
- SMTP_AUTHENTICATION=login
- IMAP_ENABLED=false
- IMAP_HOST=imap.exmail.qq.com
- IMAP_PORT=993
- [email protected]
- IMAP_PASS=ufEoa8Z7wPeV5hdz
- IMAP_SSL=true
- IMAP_STARTTLS=false
- OAUTH_ENABLED=false
- OAUTH_AUTO_SIGN_IN_WITH_PROVIDER=
- OAUTH_ALLOW_SSO=
- OAUTH_BLOCK_AUTO_CREATED_USERS=true
- OAUTH_AUTO_LINK_LDAP_USER=false
- OAUTH_AUTO_LINK_SAML_USER=false
- OAUTH_EXTERNAL_PROVIDERS=
- OAUTH_CAS3_LABEL=cas3
- OAUTH_CAS3_SERVER=
- OAUTH_CAS3_DISABLE_SSL_VERIFICATION=false
- OAUTH_CAS3_LOGIN_URL=/cas/login
- OAUTH_CAS3_VALIDATE_URL=/cas/p3/serviceValidate
- OAUTH_CAS3_LOGOUT_URL=/cas/logout
- OAUTH_GOOGLE_API_KEY=
- OAUTH_GOOGLE_APP_SECRET=
- OAUTH_GOOGLE_RESTRICT_DOMAIN=
- OAUTH_FACEBOOK_API_KEY=
- OAUTH_FACEBOOK_APP_SECRET=
- OAUTH_TWITTER_API_KEY=
- OAUTH_TWITTER_APP_SECRET=
- OAUTH_GITHUB_API_KEY=
- OAUTH_GITHUB_APP_SECRET=
- OAUTH_GITHUB_URL=
- OAUTH_GITHUB_VERIFY_SSL=
- OAUTH_GITLAB_API_KEY=
- OAUTH_GITLAB_APP_SECRET=
- OAUTH_BITBUCKET_API_KEY=
- OAUTH_BITBUCKET_APP_SECRET=
- OAUTH_SAML_ASSERTION_CONSUMER_SERVICE_URL=
- OAUTH_SAML_IDP_CERT_FINGERPRINT=
- OAUTH_SAML_IDP_SSO_TARGET_URL=
- OAUTH_SAML_ISSUER=
- OAUTH_SAML_LABEL="Our SAML Provider"
- OAUTH_SAML_NAME_IDENTIFIER_FORMAT=urn:oasis:names:tc:SAML:2.0:nameid-format:transient
- OAUTH_SAML_GROUPS_ATTRIBUTE=
- OAUTH_SAML_EXTERNAL_GROUPS=
- OAUTH_SAML_ATTRIBUTE_STATEMENTS_EMAIL=
- OAUTH_SAML_ATTRIBUTE_STATEMENTS_NAME=
- OAUTH_SAML_ATTRIBUTE_STATEMENTS_USERNAME=
- OAUTH_SAML_ATTRIBUTE_STATEMENTS_FIRST_NAME=
- OAUTH_SAML_ATTRIBUTE_STATEMENTS_LAST_NAME=
- OAUTH_CROWD_SERVER_URL=
- OAUTH_CROWD_APP_NAME=
- OAUTH_CROWD_APP_PASSWORD=
- OAUTH_AUTH0_CLIENT_ID=
- OAUTH_AUTH0_CLIENT_SECRET=
- OAUTH_AUTH0_DOMAIN=
- OAUTH_AUTH0_SCOPE=
- OAUTH_AZURE_API_KEY=
- OAUTH_AZURE_API_SECRET=
- OAUTH_AZURE_TENANT_ID=
# volumes:
# redis-data:
# postgresql-data:
# gitlab-data:
I run the docker-compose.yml:
docker-compose up -d
I get resault with docker ps
[root@ansible2 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
28203a05dc43 sameersbn/gitlab:13.0.2 "/sbin/entrypoint.sh…" 45 minutes ago Up 45 minutes 0.0.0.0:80->80/tcp, 443/tcp, 0.0.0.0:81->22/tcp root_gitlab_1
21a787e61b63 sameersbn/redis:4.0.9-2 "/sbin/entrypoint.sh…" 45 minutes ago Up 45 minutes 6379/tcp root_redis_1
735979f6feca sameersbn/postgresql:10-2 "/sbin/entrypoint.sh" 45 minutes ago Up 45 minutes 5432/tcp root_postgresql_1
[root@ansible2 ~]#
I confused that the 443 port can't access What I want to see: I want to enable 443 and enable https
Try adding - 443:443 to ports section, in order to map host port to container port.
Try adding
- 443:443toportssection, in order to map host port to container port. I has added -443:443, but not enabled
I found gitlab container 443 port not running when came in the container with ss command, I confused
In the docker ps you posted before shows that port 443 are opened only in the container, but you need to open it also in your host machine. That's why is necessary add 443:443 (<HOST PORT>:<CONTAINER PORT>)
this is my certificate
You need enviroments to point where gitlab will found your certificates. Add:
- SSL_KEY_PATH=/home/git/data/certs/gitlab.key
- SSL_CERTIFICATE_PATH=/home/git/data/certs/gitlab.crt
- SSL_CA_CERTIFICATES_PATH=/home/git/data/certs/gitlab.crt
You need enviroments to point where gitlab will found your certificates. Add:
- SSL_KEY_PATH=/home/git/data/certs/gitlab.key - SSL_CERTIFICATE_PATH=/home/git/data/certs/gitlab.crt - SSL_CA_CERTIFICATES_PATH=/home/git/data/certs/gitlab.crt
It's doesn't work for me , I came in the gitlab containerd, I can't find 443 port in nginx.conf ,only 80 port
You need enviroments to point where gitlab will found your certificates. Add:
- SSL_KEY_PATH=/home/git/data/certs/gitlab.key - SSL_CERTIFICATE_PATH=/home/git/data/certs/gitlab.crt - SSL_CA_CERTIFICATES_PATH=/home/git/data/certs/gitlab.crt
The docker-compose can run on your host ?
The docker-compose can run on your host ?
Yes. It has been running for 4 or 5 years in a row, but never with self-signed certificate.
You need enviroments to point where gitlab will found your certificates. Add:
- SSL_KEY_PATH=/home/git/data/certs/gitlab.key - SSL_CERTIFICATE_PATH=/home/git/data/certs/gitlab.crt - SSL_CA_CERTIFICATES_PATH=/home/git/data/certs/gitlab.crtIt's doesn't work for me , I came in the gitlab containerd, I can't find 443 port in nginx.conf ,only 80 port
The environment variable SSL_CA_CERTIFICATES_PATH is NOT necessary, but SSL_DHPARAM_PATH is.
You can generate the dhparam with this command:
openssl dhparam -out dhparam.pem 2048
And upload it in /home/git/data/certs/ or other path you like.
中文版:
看了一下脚本,不用配置SSL_CA_CERTIFICATES_PATH,但是要配置SSL_DHPARAM_PATH,可以用以上命令生成一个扔上去。
参考脚本此行:https://github.com/sameersbn/docker-gitlab/blob/7665a499af62ddf2f67e49548c6bd6f795b80d84/assets/runtime/functions#L1246
