如何 运行 Gitlab in docker container with nginx-proxy over ssl with letsencrypt securely
How to run Gitlab in docker container with nginx-proxy over ssl with letsencrypt securely
几天来我一直在与这个配置作斗争,无论我做什么我都无法让它完全工作。谁能帮帮我??
我正在使用此处描述的解决方案:https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion 它适用于我所有其他容器,但不适用于 gitlab。使用这种方法,一旦登录绿色挂锁,只有 gitlab 登录页面是完全安全的,文本 Secure 消失并且 https 告诉我; "Your connection to this site is not fully secure"。我已经检查了 gitlab 容器内的日志,它发现 ssl 证书很好并且没有给出其他错误或指示有问题。有人吗?
文件:start.up
#!/bin/bash
docker run -d \
--name ng \
-p 80:80 \
-p 443:443 \
-v /etc/nginx/conf.d \
-v /root/network/nginx/vhost.d:/etc/nginx/vhost.d \
-v /root/network/nginx/html:/usr/share/nginx/html \
-v /root/network/nginx/certs:/etc/nginx/certs:ro \
-e DEFAULT_HOST=domain.com \
-e VIRTUAL_PROTO=https \
-e VIRTUAL_PORT=443 \
--label com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy \
nginx
docker run -d \
--name ngg \
--volumes-from ng \
-v /root/network/nginx/templates:/etc/docker-gen/templates:ro \
-v /var/run/docker.sock:/tmp/docker.sock:ro \
--label com.github.jrcs.letsencrypt_nginx_proxy_companion.docker_gen \
jwilder/docker-gen \
-notify-sighup nginx -watch -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
docker run -d \
--name ngl \
--volumes-from ng \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
-v /root/network/nginx/certs:/etc/nginx/certs:rw \
jrcs/letsencrypt-nginx-proxy-companion
文件:docker-compose.yml
version: "3"
services:
gitlab:
container_name: gl
image: "gitlab/gitlab-ce:latest"
restart: always
hostname: "gitlab.domain.com"
environment:
GITLAB_OMNIBUS_CONFIG:
external_url "https://gitlab.domain.com"
expose:
- 80
- 443
- 22
volumes:
- "./gitlab/config:/etc/gitlab"
- "./gitlab/logs:/var/log/gitlab"
- "./gitlab/data:/var/opt/gitlab"
- "./nginx/certs:/etc/gitlab/ssl"
environment:
- VIRTUAL_HOST=gitlab.domain.com
- LETSENCRYPT_HOST=gitlab.domain.com
- LETSENCRYPT_EMAIL=info@domain.com
network_mode: "bridge"
我认为您在 docker-compose.yml.
中缺少 nginx 配置
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'https://gitlab.example.com'
nginx['listen_port'] = 80
nginx['listen_https'] = false
nginx['proxy_set_headers'] = {
"X-Forwarded-Proto" => "https",
"X-Forwarded-Ssl" => "on"
}
以下要点对我帮助很大!
https://gist.github.com/netdesk/c1db2985b542f9916995139318e5a7ce
我遇到了同样的问题,并在自定义 HTTP 端口上通过 运行 GitLab docker 解决了这个问题。
docker-compose.yaml:
web:
image: 'gitlab/gitlab-ee:latest'
restart: always
hostname: 'git.example.com'
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'https://git.example.com'
gitlab_rails['gitlab_shell_ssh_port'] = 2224
nginx['listen_port'] = 8929
nginx['listen_https'] = false
ports:
- '8929:8929'
- '2224:22'
Nginx 配置:
server {
server_name git.example.com;
location / {
proxy_pass http://localhost:8929;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/git.example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/git.example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
几天来我一直在与这个配置作斗争,无论我做什么我都无法让它完全工作。谁能帮帮我??
我正在使用此处描述的解决方案:https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion 它适用于我所有其他容器,但不适用于 gitlab。使用这种方法,一旦登录绿色挂锁,只有 gitlab 登录页面是完全安全的,文本 Secure 消失并且 https 告诉我; "Your connection to this site is not fully secure"。我已经检查了 gitlab 容器内的日志,它发现 ssl 证书很好并且没有给出其他错误或指示有问题。有人吗?
文件:start.up
#!/bin/bash
docker run -d \
--name ng \
-p 80:80 \
-p 443:443 \
-v /etc/nginx/conf.d \
-v /root/network/nginx/vhost.d:/etc/nginx/vhost.d \
-v /root/network/nginx/html:/usr/share/nginx/html \
-v /root/network/nginx/certs:/etc/nginx/certs:ro \
-e DEFAULT_HOST=domain.com \
-e VIRTUAL_PROTO=https \
-e VIRTUAL_PORT=443 \
--label com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy \
nginx
docker run -d \
--name ngg \
--volumes-from ng \
-v /root/network/nginx/templates:/etc/docker-gen/templates:ro \
-v /var/run/docker.sock:/tmp/docker.sock:ro \
--label com.github.jrcs.letsencrypt_nginx_proxy_companion.docker_gen \
jwilder/docker-gen \
-notify-sighup nginx -watch -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
docker run -d \
--name ngl \
--volumes-from ng \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
-v /root/network/nginx/certs:/etc/nginx/certs:rw \
jrcs/letsencrypt-nginx-proxy-companion
文件:docker-compose.yml
version: "3"
services:
gitlab:
container_name: gl
image: "gitlab/gitlab-ce:latest"
restart: always
hostname: "gitlab.domain.com"
environment:
GITLAB_OMNIBUS_CONFIG:
external_url "https://gitlab.domain.com"
expose:
- 80
- 443
- 22
volumes:
- "./gitlab/config:/etc/gitlab"
- "./gitlab/logs:/var/log/gitlab"
- "./gitlab/data:/var/opt/gitlab"
- "./nginx/certs:/etc/gitlab/ssl"
environment:
- VIRTUAL_HOST=gitlab.domain.com
- LETSENCRYPT_HOST=gitlab.domain.com
- LETSENCRYPT_EMAIL=info@domain.com
network_mode: "bridge"
我认为您在 docker-compose.yml.
中缺少 nginx 配置environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'https://gitlab.example.com'
nginx['listen_port'] = 80
nginx['listen_https'] = false
nginx['proxy_set_headers'] = {
"X-Forwarded-Proto" => "https",
"X-Forwarded-Ssl" => "on"
}
以下要点对我帮助很大! https://gist.github.com/netdesk/c1db2985b542f9916995139318e5a7ce
我遇到了同样的问题,并在自定义 HTTP 端口上通过 运行 GitLab docker 解决了这个问题。
docker-compose.yaml:
web:
image: 'gitlab/gitlab-ee:latest'
restart: always
hostname: 'git.example.com'
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'https://git.example.com'
gitlab_rails['gitlab_shell_ssh_port'] = 2224
nginx['listen_port'] = 8929
nginx['listen_https'] = false
ports:
- '8929:8929'
- '2224:22'
Nginx 配置:
server {
server_name git.example.com;
location / {
proxy_pass http://localhost:8929;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/git.example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/git.example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}