Gitlab (docker) behind traefik v2

Hi,

I'm trying to migrate my gitlab + traefik 1.7 and i got some issues.

So to get rid of config errors from git or anything i started a fresh Gitlab install and ofc Traefik V2.

Here what i got atm :
A gitlab just installed via a Docker-Compose file (with OMNIBUS (official docker install from gitlab)) running on https. I can access to early password settings from gitlab install, it works well.

Here is my docker-compose.yml without traefik [Working]:

version: "3.3"
services:
  gitlab:
    image: 'gitlab/gitlab-ce:latest'
    restart: always
    hostname: 'gitlab.myhostname'
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        external_url 'httpsgitlab.myhostname'
        gitlab_rails['gitlab_shell_ssh_port'] = 2200
    ports:
      - '80:80'
      - '443:443'
      - '2200:22'
    volumes:
      - '/srv/gitlab/config:/etc/gitlab'
      - '/srv/gitlab/logs:/var/log/gitlab'
      - '/srv/gitlab/data:/var/opt/gitlab'

Now come the struggle, so i modified my config as follow so it fit to traefik :

gitlab docker-compose with traefik [not working :/]

version: "3.3"
services:
  gitlab:
     labels:
     - "traefik.enable=true"
     - "traefik.http.routers.gitlab.rule=Host(`gitlab.myhostname`)"
     - "traefik.http.routers.gitlab.entrypoints=web,web-secure"
    image: 'gitlab/gitlab-ce:latest'
    restart: always
    hostname: 'gitlab.myhostname'
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        external_url 'httpsgitlab.myhostname'
        gitlab_rails['gitlab_shell_ssh_port'] = 2200
    ports:
      - '2200:22'
    volumes:
      - '/srv/gitlab/config:/etc/gitlab'
      - '/srv/gitlab/logs:/var/log/gitlab'
      - '/srv/gitlab/data:/var/opt/gitlab'

and ofc here is my traefik docker-compose.yml [not working with gitlab]:

version: '3.3'

services:
  reverse-proxy:
    image: traefik:latest
    command:
      - "--entrypoints.web.address=:80"
      - "--entrypoints.web-secure.address=:443"
      - "--entrypoints.api.address=:8080"
      - "--api=true"
      - "--api.dashboard=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
    ports:
      - 80:80
      - 443:443
      - 8080:8080
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.api.rule=Host(`traefik.myhostname`)"
      - "traefik.http.routers.api.service=api@internal"
      - "traefik.http.routers.api.entrypoints=api"
      - "traefik.http.routers.api.middlewares=auth"
      - "traefik.http.middlewares.auth.basicauth.users=User:salted.password"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"

I'm not using any other config file like toml/yaml for traefik, i wanted to make it simple as possible to minimize possible errors. I did tryed my config before with a basic Httpd docker image (http and https config) and it work but since i try with gitlab i get a 404 page not found. (BTW my traefik dashboard/api is reachable and everything works well)

If someone is using this kind of gitlab config or has any clue i will really appreciate it.

NB : I removed any links so weird external link config and domains config are normal

Hi,
I am having a working version flying around on my server, but sadly I cannot explain, why the second Host or the header middleware were needed. I just translated the traefikv1 version to traefikv2...
But I hope my version still helps.

version: '3.7'
services:
  gitlab:
    image: 'gitlab/gitlab-ce:latest'
    ports:
      - '30022:22'
    networks:
      - web
    restart: unless-stopped
    environment:
      - GITLAB_SHELL_SSH_PORT=30022
    volumes:
      - '/srv/docker/gitlab/config:/etc/gitlab:Z'
      - '/srv/docker/gitlab/logs:/var/log/gitlab:Z'
      - '/srv/docker/gitlab/data:/var/opt/gitlab:Z'
      - '/etc/localtime:/etc/localtime:ro'
    hostname: git.seoka.tld
    labels:
      - "traefik.enable=true" 
      - "traefik.http.routers.gitlab.rule=Host(`git.seoka.tld`)" 
      - "traefik.http.routers.gitlab.entrypoints=https" 
      - "traefik.http.routers.gitlab.tls.certresolver=letsencrypt" 
      - "traefik.http.routers.gitlab.middlewares=gitlab-headers" 
      - "traefik.http.routers.gitlab.service=gitlab" 
      - "traefik.http.middlewares.gitlab-headers.headers.customrequestheaders.X_FORWARDED_PROTO=https" 
      - "traefik.http.middlewares.gitlab-headers.headers.customrequestheaders.X_Forwarded-Ssl=on" 
      - "traefik.http.middlewares.gitlab-headers.headers.customresponseheaders.X_FORWARDED_PROTO=https" 
      - "traefik.http.middlewares.gitlab-headers.headers.customresponseheaders.X_Forwarded-Ssl=on" 
      - "traefik.http.services.gitlab.loadbalancer.server.port=80" 
      - "traefik.http.routers.gitlab-registry.rule=Host(`registry.seoka.tld`)" 
      - "traefik.http.routers.gitlab-registry.entrypoints=https" 
      - "traefik.http.routers.gitlab-registry.tls.certresolver=letsencrypt" 
      - "traefik.http.routers.gitlab-registry.service=gitlab-registry" 
      - "traefik.http.services.gitlab-registry.loadbalancer.server.port=8500"
    cap_add:
      - SYS_ADMIN

networks:
  web:
    external:
      name: web
2 Likes

Thanks for the clue, it helped actually, we found out that traefik took the first opened port wich was 22 to send http request (thanks to accesslogs), it seems that traefik struggle to pass https headers even with the middleware, we are digging up.

Edit : doesn't work even in a classic http config.

Solved we forget to bind container to the same network, after so it didn't worked (Internal server error) we added --serversTransport.insecureSkipVerify=true for test purpose and it worked.