7

I am using nginx-proxy to connect subdomains to different docker services. Since one of the last image updates I am not able to connect to my gitlab instance anymore. I don't know if a nginx-proxy or gitlab update resulted in this issue. When I try to connect to gitlab.mydomain.com I get the following errors:

  1. Browser: 502 Bad Gateway. nginx/1.13.3

  2. nginx-proxy logs:

    nginx-proxy_1 | nginx.1 | 2017/08/14 11:44:10 [error] 39#39: *1672 connect() failed (111: Connection refused) while connecting to upstream, client: 178.201.120.94, server: gitlab.mydomain.com, request: "GET / HTTP/2.0", upstream: "https://172.18.0.2:443/", host: "gitlab.mydomain.com"

    nginx-proxy_1 | nginx.1 | gitlab.mydomain.com 178.201.120.94 - - [14/Aug/2017:11:44:10 +0000] "GET / HTTP/2.0" 502 575 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36"

    nginx-proxy_1 | nginx.1 | 2017/08/14 11:44:11 [error] 39#39: *1672 connect() failed (111: Connection refused) while connecting to upstream, client: 178.201.120.94, server: gitlab.mydomain.com, request: "GET /favicon.ico HTTP/2.0", upstream: "https://172.18.0.2:443/favicon.ico", host: "gitlab.mydomain.com", referrer: "https://gitlab.***.com/"

My docker-compose file: 

version: '2'

services:
   nginx-proxy:
     image: jwilder/nginx-proxy
     ports:
     - "80:80"
     - "443:443"
     volumes:
     - /var/local/nginx/certs:/etc/nginx/certs
     - /etc/letsencrypt:/etc/letsencrypt
     - /var/run/docker.sock:/tmp/docker.sock:ro

   gitlab:
     image: gitlab/gitlab-ce:latest
     ports:
     - "2222:22"
     hostname: 'gitlab.***.com'
     expose:
     - 443
     - 22
     - 80
     - 25
     environment:
     - "VIRTUAL_HOST=gitlab.***.com,www.gitlab.***.com"
     - "VIRTUAL_PORT=443"
     - "VIRTUAL_PROTO=https"
     volumes:
     - "gitlab-config:/etc/gitlab"
     - "gitlab-log:/var/log/gitlab"
     - "gitlab-data:/var/opt/gitlab"
     - "/etc/letsencrypt:/etc/letsencrypt"

Any ideas on that? Thanks.
Edit: Networksettings from docker inspect gitlab:

    "NetworkSettings": {
        "Bridge": "",
        "SandboxID": "...",
        "HairpinMode": false,
        "LinkLocalIPv6Address": "",
        "LinkLocalIPv6PrefixLen": 0,
        "Ports": {
            "22/tcp": [
                {
                    "HostIp": "0.0.0.0",
                    "HostPort": "2222"
                }
            ],
            "25/tcp": null,
            "443/tcp": null,
            "80/tcp": null
        },
        "SandboxKey": "/var/run/docker/netns/...",
        "SecondaryIPAddresses": null,
        "SecondaryIPv6Addresses": null,
        "EndpointID": "",
        "Gateway": "",
        "GlobalIPv6Address": "",
        "GlobalIPv6PrefixLen": 0,
        "IPAddress": "",
        "IPPrefixLen": 0,
        "IPv6Gateway": "",
        "MacAddress": "",
        "Networks": {
            "docker_default": {
                "IPAMConfig": null,
                "Links": null,
                "Aliases": [
                    "abb170528bcc",
                    "gitlab"
                ],
                "NetworkID": "...",
                "EndpointID": "...",
                "Gateway": "172.18.0.1",
                "IPAddress": "172.18.0.2",
                "IPPrefixLen": 16,
                "IPv6Gateway": "",
                "GlobalIPv6Address": "",
                "GlobalIPv6PrefixLen": 0,
                "MacAddress": "02:42:ac:12:00:02"
            }
        }
    }
Improve this question
8
  • Do docker ps and docker inspect on your gitlab container and see if the IP it is fetching is correct or not? Commented Aug 14, 2017 at 11:59
  • a docker inspect on gitlab gave me the following values: "Gateway": "172.18.0.1", "IPAddress": "172.18.0.2", ... looks like an error to me? Commented Aug 14, 2017 at 12:07
  • Check how many networks are associated with gitlab in your case? Commented Aug 14, 2017 at 12:08
  • i have added the networksettings part from docker inspect. is this sufficient for you? is this error maybe related to SSL encryption? or some ipv6 stuff? Commented Aug 14, 2017 at 15:07
  • In order to make your docker-compose.yml testable by someone else, it would be useful to have the contents of your gitlab-config volume. Can you post a version stripped of your private data? Commented Aug 23, 2017 at 18:21

1 Answer 1

Reset to default
0

this setup works for me, maybe you can compare it and find out, what's wrong:

https://superuser.com/a/1242682/762931

maybe it is this: https://gitlab.com/gitlab-org/omnibus-gitlab/issues/1307

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

thank you, I will try it out. If it works I will post the necessary modifications and accept your answer!
Are there any files within /etc/gitlab/trusted-certs on your gitlab docker machine? I feel like there are some problems concerning the SSL certificates.
No there aren't, they are being put into the volume and then directly into the /etc/gitlab/ssl folder in the container

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.