我试图在haproxy后面设置gitlab。我使用官方的gitlab docker容器和dockercloud / haproxy容器。如果我尝试从我的连接 浏览器到gitlab我在gitlab中得到以下错误:
==> /var/log/gitlab/sshd/current <==
2016-09-16_00:24:09.98430 Bad protocol version identification 'GET /users /sign_in HTTP/1.1' from 172.17.0.7 port 49514
haproxy输出:(域名,ips等已更改)
00000008:port_80.accept(0008)=0009 from [184.11.129.10:60554]
00000009:port_443.accept(0007)=000a from [184.11.129.10:59956]
00000009:port_443.clireq[000a:ffffffff]: GET / HTTP/1.1
00000009:port_443.clihdr[000a:ffffffff]: Host: gitlab.example.com
00000009:port_443.clihdr[000a:ffffffff]: User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:48.0) Gecko/20100101 Firefox/48.0
00000009:port_443.clihdr[000a:ffffffff]: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
00000009:port_443.clihdr[000a:ffffffff]: Accept-Language: en-US,en;q=0.5
00000009:port_443.clihdr[000a:ffffffff]: Accept-Encoding: gzip, deflate, br
00000009:port_443.clihdr[000a:ffffffff]: Cookie: _gitlab_session=c68e65e7d79ef8af9c4aef14e29bed7a
00000009:port_443.clihdr[000a:ffffffff]: Connection: keep-alive
00000009:port_443.clihdr[000a:ffffffff]: Upgrade-Insecure-Requests: 1
00000009:SERVICE_GITLAB.srvrep[000a:000b]: HTTP/1.1 302 Found
00000009:SERVICE_GITLAB.srvhdr[000a:000b]: Server: nginx
00000009:SERVICE_GITLAB.srvhdr[000a:000b]: Date: Fri, 16 Sep 2016 00:15:12 GMT
00000009:SERVICE_GITLAB.srvhdr[000a:000b]: Content-Type: text/html; charset=utf-8
00000009:SERVICE_GITLAB.srvhdr[000a:000b]: Content-Length: 105
00000009:SERVICE_GITLAB.srvhdr[000a:000b]: Connection: keep-alive
00000009:SERVICE_GITLAB.srvhdr[000a:000b]: Cache-Control: no-cache
00000009:SERVICE_GITLAB.srvhdr[000a:000b]: Location: https://gitlab.example.com/users/sign_in
00000009:SERVICE_GITLAB.srvhdr[000a:000b]: Set-Cookie: _gitlab_session=2b529bf6639da2b83406dcdf1312c385; path=/; secure; HttpOnly
00000009:SERVICE_GITLAB.srvhdr[000a:000b]: Status: 302 Found
00000009:SERVICE_GITLAB.srvhdr[000a:000b]: X-Content-Type-Options: nosniff
00000009:SERVICE_GITLAB.srvhdr[000a:000b]: X-Frame-Options: SAMEORIGIN
00000009:SERVICE_GITLAB.srvhdr[000a:000b]: X-Request-Id: b97cbe2a-0147-4ccd-9cf1-c80542d35b0f
00000009:SERVICE_GITLAB.srvhdr[000a:000b]: X-Runtime: 0.278044
00000009:SERVICE_GITLAB.srvhdr[000a:000b]: X-Xss-Protection: 1; mode=block
0000000a:port_443.clireq[000a:000b]: GET /users/sign_in HTTP/1.1
0000000a:port_443.clihdr[000a:000b]: Host: gitlab.example.com
0000000a:port_443.clihdr[000a:000b]: User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:48.0) Gecko/20100101 Firefox/48.0
0000000a:port_443.clihdr[000a:000b]: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
0000000a:port_443.clihdr[000a:000b]: Accept-Language: en-US,en;q=0.5
0000000a:port_443.clihdr[000a:000b]: Accept-Encoding: gzip, deflate, br
0000000a:port_443.clihdr[000a:000b]: Cookie: _gitlab_session=2b529bf6639da2b83406dcdf1312c385
0000000a:port_443.clihdr[000a:000b]: Connection: keep-alive
0000000a:port_443.clihdr[000a:000b]: Upgrade-Insecure-Requests: 1
0000000a:SERVICE_GITLAB.srvcls[000a:000b]
0000000a:SERVICE_GITLAB.clicls[000a:000b]
0000000a:SERVICE_GITLAB.closed[000a:000b]
00000008:port_80.clicls[0009:ffffffff]
00000008:port_80.closed[0009:ffffffff]
0000000b:port_443.accept(0007)=000b from [184.11.129.10:59990]
0000000c:port_443.accept(0007)=000a from [184.11.129.10:59994]
0000000d:port_443.accept(0007)=0009 from [184.11.129.10:59992]
0000000b:port_443.clireq[000b:ffffffff]: GET /users/sign_in HTTP/1.1
0000000b:port_443.clihdr[000b:ffffffff]: Host: gitlab.example.com
0000000b:port_443.clihdr[000b:ffffffff]: Connection: keep-alive
0000000b:port_443.clihdr[000b:ffffffff]: Cache-Control: max-age=0
0000000b:port_443.clihdr[000b:ffffffff]: Upgrade-Insecure-Requests: 1
0000000b:port_443.clihdr[000b:ffffffff]: User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.92 Safari/537.36
0000000b:port_443.clihdr[000b:ffffffff]: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
0000000b:port_443.clihdr[000b:ffffffff]: Accept-Encoding: gzip, deflate, sdch, br
0000000b:port_443.clihdr[000b:ffffffff]: Accept-Language: en-US,en;q=0.8
0000000b:port_443.clihdr[000b:ffffffff]: Cookie: _gitlab_session=efd1f2dca673f443a756b93743097228
0000000b:port_443.clihdr[000b:ffffffff]: If-None-Match: W/"bc26f64dfe227748fcff77508b9b63c5"
0000000b:SERVICE_GITLAB.srvrep[000b:000c]: HTTP/1.1 302 Found
0000000b:SERVICE_GITLAB.srvhdr[000b:000c]: Server: nginx
0000000b:SERVICE_GITLAB.srvhdr[000b:000c]: Date: Fri, 16 Sep 2016 00:15:20 GMT
0000000b:SERVICE_GITLAB.srvhdr[000b:000c]: Content-Type: text/html; charset=utf-8
0000000b:SERVICE_GITLAB.srvhdr[000b:000c]: Content-Length: 153
0000000b:SERVICE_GITLAB.srvhdr[000b:000c]: Connection: keep-alive
0000000b:SERVICE_GITLAB.srvhdr[000b:000c]: Cache-Control: no-cache
0000000b:SERVICE_GITLAB.srvhdr[000b:000c]: Location: https://gitlab.example.com/users/password/edit?reset_password_token=BpNnrPG4mrQ3h85hqrgz
0000000b:SERVICE_GITLAB.srvhdr[000b:000c]: Set-Cookie: _gitlab_session=0f9ecb6d6096e6809e151f5d8654394b; path=/; secure; HttpOnly
0000000b:SERVICE_GITLAB.srvhdr[000b:000c]: Status: 302 Found
0000000b:SERVICE_GITLAB.srvhdr[000b:000c]: X-Content-Type-Options: nosniff
0000000b:SERVICE_GITLAB.srvhdr[000b:000c]: X-Frame-Options: SAMEORIGIN
0000000b:SERVICE_GITLAB.srvhdr[000b:000c]: X-Request-Id: c67da4bd-5d84-46e5-bc1c-6b382991c27c
0000000b:SERVICE_GITLAB.srvhdr[000b:000c]: X-Runtime: 0.672426
0000000b:SERVICE_GITLAB.srvhdr[000b:000c]: X-Xss-Protection: 1; mode=block
0000000e:port_443.clireq[000b:000c]: GET /users/password/edit?reset_password_token=BpNnrPG4mrQ3h85hqrgz HTTP/1.1
0000000e:port_443.clihdr[000b:000c]: Host: gitlab.example.com
0000000e:port_443.clihdr[000b:000c]: Connection: keep-alive
0000000e:port_443.clihdr[000b:000c]: Cache-Control: max-age=0
0000000e:port_443.clihdr[000b:000c]: Upgrade-Insecure-Requests: 1
0000000e:port_443.clihdr[000b:000c]: User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.92 Safari/537.36
0000000e:port_443.clihdr[000b:000c]: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
0000000e:port_443.clihdr[000b:000c]: Accept-Encoding: gzip, deflate, sdch, br
0000000e:port_443.clihdr[000b:000c]: Accept-Language: en-US,en;q=0.8
0000000e:port_443.clihdr[000b:000c]: Cookie: _gitlab_session=0f9ecb6d6096e6809e151f5d8654394b
0000000e:SERVICE_GITLAB.srvcls[000b:000c]
00000017:port_443.clihdr[000a:ffffffff]: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
00000017:port_443.clihdr[000a:ffffffff]: Accept-Language: en-US,en;q=0.5
00000017:port_443.clihdr[000a:ffffffff]: Accept-Encoding: gzip, deflate, br
00000017:port_443.clihdr[000a:ffffffff]: Cookie: _gitlab_session=2b529bf6639da2b83406dcdf1312c385
00000017:port_443.clihdr[000a:ffffffff]: Connection: keep-alive
00000017:port_443.clihdr[000a:ffffffff]: Upgrade-Insecure-Requests: 1
00000017:SERVICE_GITLAB.srvrep[000a:000b]: HTTP/1.1 302 Found
00000017:SERVICE_GITLAB.srvhdr[000a:000b]: Server: nginx
00000017:SERVICE_GITLAB.srvhdr[000a:000b]: Date: Fri, 16 Sep 2016 00:24:09 GMT
00000017:SERVICE_GITLAB.srvhdr[000a:000b]: Content-Type: text/html; charset=utf-8
00000017:SERVICE_GITLAB.srvhdr[000a:000b]: Content-Length: 105
00000017:SERVICE_GITLAB.srvhdr[000a:000b]: Connection: keep-alive
00000017:SERVICE_GITLAB.srvhdr[000a:000b]: Cache-Control: no-cache
00000017:SERVICE_GITLAB.srvhdr[000a:000b]: Location: https://gitlab.example.com/users/sign_in
00000017:SERVICE_GITLAB.srvhdr[000a:000b]: Status: 302 Found
00000017:SERVICE_GITLAB.srvhdr[000a:000b]: X-Content-Type-Options: nosniff
00000017:SERVICE_GITLAB.srvhdr[000a:000b]: X-Frame-Options: SAMEORIGIN
00000017:SERVICE_GITLAB.srvhdr[000a:000b]: X-Request-Id: 43311710-97be-439b-87ea-a5bee9e7a6d3
00000017:SERVICE_GITLAB.srvhdr[000a:000b]: X-Runtime: 0.296297
00000017:SERVICE_GITLAB.srvhdr[000a:000b]: X-Xss-Protection: 1; mode=block
00000018:port_443.clireq[000a:000b]: GET /users/sign_in HTTP/1.1
00000018:port_443.clihdr[000a:000b]: Host: gitlab.example.com
00000018:port_443.clihdr[000a:000b]: User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:48.0) Gecko/20100101 Firefox/48.0
00000018:port_443.clihdr[000a:000b]: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
00000018:port_443.clihdr[000a:000b]: Accept-Language: en-US,en;q=0.5
00000018:port_443.clihdr[000a:000b]: Accept-Encoding: gzip, deflate, br
00000018:port_443.clihdr[000a:000b]: Cookie: _gitlab_session=2b529bf6639da2b83406dcdf1312c385
00000018:port_443.clihdr[000a:000b]: Connection: keep-alive
00000018:port_443.clihdr[000a:000b]: Upgrade-Insecure-Requests: 1
00000018:SERVICE_GITLAB.srvcls[000a:000b]
00000018:SERVICE_GITLAB.clicls[000a:000b]
00000018:SERVICE_GITLAB.closed[000a:000b]
00000016:port_80.clicls[0009:ffffffff]
00000016:port_80.closed[0009:ffffffff]
这就是我启动gitlab容器(域名和内容更改)的方式:
docker run --detach \
--expose 80 --expose 22 \
--hostname gitlab.example.com
--name gitlab \
--restart always \
--env VIRTUAL_HOST=https://gitlab.example.com,gitlab.example.com \
--env FORCE_SSL=yes \
--volume /srv/gitlab/config:/etc/gitlab \
--volume /srv/gitlab/logs:/var/log/gitlab \
--volume /srv/gitlab/data:/var/opt/gitlab \
gitlab/gitlab-ce:latest
这是haproxy的docker撰写文件:
version: '2'
services:
haProxy:
image: dockercloud/haproxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /srv/certs:/certs/
external_links:
- gitlab:gitlab
ports:
- 80:80
- 443:443
- 9090:9090
environment:
- STATS_AUTH="dummy:dummy"
- STATS_PORT=9090
- CERT_FOLDER=/certs/
- FORCE_SSL=yes
- EXTRA_GLOBAL_SETTINGS="debug"
network_mode: "bridge"
networks:
default:
external:
name: bridge
非常感谢任何提示!
谢谢你!
答案 0 :(得分:0)
您并未真正使用HAProxy终止SSL - 您的GitLab容器正在发布端口80,因此它会公开收听HTTP流量,但您还在使用FORCE_SSL
,所以我不要以为它会在HTTP上回答。
要在代理层执行SSL,您可以从GitLab中删除FORCE_SSL
,使其在HTTP上运行,并从HAProxy到GitLab建立私有连接,因此访问GitLab的唯一方法是通过HAProxy。 / p>
如果您将GitLab作为服务放在与HAProxy相同的Docker Compose文件中,那么您不需要从GitLab发布端口80。当您docker-compose up -d
时,容器将在同一个Docker网络中运行,并且代理容器将能够在映像中公开的任何端口上通过其容器名访问GitLab(您不必为容器发布端口在同一个网络中沟通)。
或者,如果您正在运行GitLab,那么您不需要HAProxy - 您可以Enable HTTPS in GitLab本身。