Ensure that your certificate files are correctly formatted and accessible within the Docker container. The files should be in PEM format, and the paths specified in your docker-compose.yaml should point to the correct files.
You can verify that the files are readable by the GitLab container by running a shell in the container:
docker exec -it gitlab /bin/bash
Then, check if the files are present and readable:
ls -l /etc/gitlab/ssl/
Make sure that the certificate chain is correct. Your .crt file should contain the server certificate followed by the intermediate certificates (if any) and should not include the root certificate. You can check the certificate chain with:
openssl s_client -connect gitlab.env-pri.com:8443 -showcerts
Since you’re using GitLab’s built-in Nginx, verify that the Nginx settings are correct. You can check the Nginx configuration within the GitLab container:
gitlab-ctl nginx-validate
If there are any errors in the configuration, it will indicate them.
4. Firewall and Security Groups
Even though you’ve turned off the firewall, double-check that there are no other security groups or firewall rules that might be blocking traffic to port 8443. Ensure that the port is open and accessible from the client machine where you’re running curl.
You can run GitLab in debug mode to get more detailed logs. You can change the logging level in the GITLAB_OMNIBUS_CONFIG like this:
GITLAB_OMNIBUS_CONFIG: |
external_url 'https://gitlab.env-pri.com:8443'
letsencrypt['enable'] = false
nginx['enable'] = true
nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.env-pri.com.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.env-pri.com.key"
logging['log_level'] = "debug"
After updating the configuration, restart the GitLab service:
docker-compose down
docker-compose up -d
Use OpenSSL to test the SSL connection:
openssl s_client -connect gitlab.env-pri.com:8443
This will give you more insight into the SSL handshake process and might reveal specific errors or issues.
If the above steps don’t resolve the issue, check the GitLab logs for any relevant error messages:
docker logs gitlab
Make sure that you’re accessing the correct port. Your docker-compose.yaml maps port 8443 on the host to port 443 in the container. Ensure that your curl command uses port 8443.
Sometimes, browser-related caching or SSL state issues can cause problems. If you haven’t done so already, try accessing GitLab from a different browser or incognito mode.
If you continue to experience issues after following these steps, consider re-generating your SSL certificates or simplifying your configuration to isolate the problem. You might also check the GitLab community forums for similar issues.