Docker-gitlab: https support via lets encrypt with auto renewal certificates

Will take a look at it.

+1 !!!!!!!

On Sun, Feb 7, 2016, 8:04 AM Sameer Naik [email protected] wrote:

Will take a look at it.

—
Reply to this email directly or view it on GitHub
https://github.com/sameersbn/docker-gitlab/issues/594#issuecomment-180965204
.

I'm enjoying lets encrypt + docker-gitlab. Instead of configuring the in-container nginx,
I run another simple load balancer - caddy in front of the gitlab container. See how simple my config file is.

Hopefully gitlab will be decoupled from nginx soon and making all these things much easier!

This is what I'm currently using to do that. I'm running this as a separate stack from gitlab on docker cloud. https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion#separate-containers-recommended-method

+1 on support fro SSL/TLS :) For now, I guess we can do nginx.

+1 but can't find the time to add new features. will try to make time. I am very interested in lets-encrypt as well.

guess there is no new about it ? :3

I just setup manually and I think using docker-compose and this image it should not be so hard to implement it with minimal changes to the gitlab part.

any news ?

Same as @ihilt, I added a docker-letsencrypt-nginx-proxy-companion to my docker compose. Works like a charm

@lordvlad Are you using builtin gitlab builtin nginx ?

If so, mind sharing your compose settings for this ?

It seems a waste of resources to run a proxy just for SSL termination on a single node. I'd like to see this built in.

@jffz something like this should do:

volumes:
  nginx_conf: {}
  nginx_vhost: {}
  nginx_html: {}
  certs: {}

services:
  ...
  gitlab:
    ...
    environment:
      ...
      LETSENCRYPT_HOST: $HOST
      VIRTUAL_HOST: $HOST
      LETSENCRYPT_EMAIL: $MAIL

 nginx:
    image: nginx
    container_name: nginx
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - "nginx_conf:/etc/nginx/conf.d"
      - "nginx_vhost:/etc/nginx/vhost.d"
      - "nginx_html:/usr/share/nginx/html"
      - "certs:/etc/nginx/certs:ro"
    labels:
      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
    restart: unless-stopped

  nginx_gen:
    image: jwilder/docker-gen
    container_name: nginx_gen
    restart: unless-stopped
    volumes:
      - "./nginx.tmpl:/nginx.tmpl:ro"
      - "nginx_conf:/etc/nginx/conf.d"
      - "nginx_vhost:/etc/nginx/vhost.d"
      - "nginx_html:/usr/share/nginx/html"
      - "certs:/etc/nginx/certs:ro"
      - "/var/run/docker.sock:/tmp/docker.sock:ro"
    labels:
      com.github.jrcs.letsencrypt_nginx_proxy_companion.docker_gen: "true"
    command: -notify-sighup nginx -watch -wait 5s:30s /nginx.tmpl /etc/nginx/conf.d/default.conf

  nginx_letsencrypt:
    image: jrcs/letsencrypt-nginx-proxy-companion
    container_name: nginx_letsencrypt
    depends_on:
      - nginx
    volumes:
      - "nginx_conf:/etc/nginx/conf.d"
      - "nginx_vhost:/etc/nginx/vhost.d"
      - "nginx_html:/usr/share/nginx/html"
      - "certs:/etc/nginx/certs:rw"
      - "/var/run/docker.sock:/var/run/docker.sock"
    environment:
      NGINX_PROXY_CONTAINER: nginx
      NGINX_DOCKER_GEN_CONTAINER: nginx_gen
    restart: unless-stopped

@davidwindell
I'm not using it to proxy only gitlab, but other services as well, e.g. nexus, ldap, etc, so I'd actually rather see nginx disabled in the container, leaving only rails

This issue has been automatically marked as stale because it has not had any activity for the last 60 days. It will be closed if no further activity occurs during the next 7 days. Thank you for your contributions.