如何使用jwilder-nginx-proxy链接到gitlab容器来设置反向代理

时间:2019-11-17 13:53:51

标签: docker-compose jwilder-nginx-proxy gitlab-ee

我正在使用jwilder / nginx-proxy和jrcs / letsencrypt-nginx-proxy-companion和gitlab / gitlab-ee:latest

我希望nginx-proxy将请求传递给gitlab,但是我有 https://gitlab.domain.org上的502错误网关。 ssl证书已生成,并且可以在nginx-proxy上使用。感谢您的帮助。

我的gitlab.rb:

external_url 'http://gitlab.domain.org:8081'

我的docker-compose.yml:

version: "3.5"                                                                                                                                                                             

services:                                                                                                                                                                                  
    nginx-proxy:                                                                                                                                                                           
        image: jwilder/nginx-proxy                                                                                                                                                         
        container_name: frontend                                                                                                                                                           
        restart: always                                                                                                                                                                    
        environment:                                                                                                                                                                       
            DEFAULT_HOST: gitlab.domain.org                                                                                                                                               
            DHPARAM_GENERATION: "false"                                                                                                                                                    
        ports:                                                                                                                                                                             
            - "80:80"                                                                                                                                                                      
            - "443:443"                                                                                                                                                                    
        volumes:                                                                                                                                                                           
            - /srv/nginx/certs:/etc/nginx/certs                                                                                                                                            
            - /srv/nginx/vhost:/etc/nginx/vhost.d                                                                                                                                          
            - /srv/nginx/html:/usr/share/nginx/html                                                                                                                                        
            - /srv/nginx/conf.d:/etc/nginx/conf.d
            - /var/run/docker.sock:/tmp/docker.sock:ro

nginx-proxy-letsencrypt:
        image: jrcs/letsencrypt-nginx-proxy-companion
        container_name: letsencrypt
        environment:
            DEFAULT_EMAIL: my.person@domain.org
            NGINX_PROXY_CONTAINER: frontend
        volumes:
            - /srv/nginx/certs:/etc/nginx/certs
            - /srv/nginx/vhost:/etc/nginx/vhost.d
            - /srv/nginx/html:/usr/share/nginx/html
            - /var/run/docker.sock:/var/run/docker.sock:ro

gitlab:
        image: gitlab/gitlab-ee:latest
        container_name: gitlab
        restart: always
        environment:
            LETSENCRYPT_HOST: gitlab.domain.org
            LETSENCRYPT_EMAIL: my.person@domain.org
            VIRTUAL_HOST: gitlab.domain.org
            VIRTUAL_PORT: 8081
        hostname: 'gitlab.domain.org'
        ports:
            - "8081:8081"
            - "122:22"
        volumes:
            - /srv/gitlab/config:/etc/gitlab
            - /srv/gitlab/logs:/var/log/gitlab
            - /srv/gitlab/data:/var/opt/gitlab

default.conf:

# gitlab.domain.org
upstream gitlab.domain.org {
                                ## Can be connected with "frontend" network
                        # gitlab
                        server 172.21.0.2:8081;
}
server {
        server_name gitlab.domain.org;
        listen 80 default_server;
        access_log /var/log/nginx/access.log vhost;
        return 301 https://$host$request_uri;
}
server {
        server_name gitlab.domain.org;
        listen 443 ssl http2 default_server;
        access_log /var/log/nginx/access.log vhost;
        ssl_session_timeout 5m;
        ssl_session_cache shared:SSL:50m;
        ssl_session_tickets off;
        ssl_certificate /etc/nginx/certs/gitlab.domain.org.crt;
        ssl_certificate_key /etc/nginx/certs/gitlab.domain.org.key;
        ssl_dhparam /etc/nginx/certs/gitlab.domain.org.dhparam.pem;
        ssl_stapling on;
        ssl_stapling_verify on;
        ssl_trusted_certificate /etc/nginx/certs/gitlab.domain.org.chain.pem;
        add_header Strict-Transport-Security "max-age=31536000" always;
        include /etc/nginx/vhost.d/default;
        location / {
                proxy_pass https://gitlab.domain.org;
        }
}

0 个答案:

没有答案
相关问题
最新问题