且构网

分享程序员开发的那些事...
且构网 - 分享程序员编程开发的那些事

traefik代理后面的docker中的gitlab失败(通常)

更新时间:2023-09-19 12:40:34

这个答案对您来说可能太迟了,但我遇到了同样的问题并能够解决.

重要的线索是日志错误是由sshd守护程序造成的!

Traefik默认情况下会选择容器公开的第一个端口(通过Dockerfile,而不是您手动公开的端口!). 如果是Gitlab容器,则为 ssh 端口22.

Traefik会将Web请求定向到Gitlab的SSH守护程序.

要解决此问题,您需要使用标签明确设置Traefik的端口:

labels:
    ...
    - traefik.port=80

I have several web sites running in docker with LetsEncrypt credentials and routed via traefik. I would like to run a local gitlab-ce in docker similarly with LetsEncrypt and traefik.

So I added this to my traefik.toml file:

[[acme.domains]]
  main = "gitlab.mydomain.com"

And this to config/gitlab.rb:

external_url "http://gitlab.mydomain.com"

And I start gitlab with:

docker run -d --restart=always \
     --hostname gitlab.mydomain.com \
     --expose 80 \
     --volume /srv/gitlab/config:/etc/gitlab \
     --volume /srv/gitlab/data:/var/opt/gitlab \
     --volume /var/log/gitlab:/var/log/gitlab \
     --label traefik.frontend.rule=Host:gitlab.mydomain.com \
     --name gitlab gitlab/gitlab-ce:latest

Going to https://gitlab.mydomain.com/ I get a secure site with a LetsEncrypt generated certificate, but the site doesn't load:

Internal Server Error

When I reload the page I see this in docker logs gitlab -f:

==> /var/log/gitlab/sshd/current <==
2017-02-12_16:51:31.00446 Bad protocol version identification 'GET / HTTP/1.1' from 172.17.0.8 port 41138
2017-02-12_16:51:31.26238 Bad protocol version identification 'GET /favicon.ico HTTP/1.1' from 172.17.0.8 port 41140

Searching for /error/i in the logs I see several things that could be issues (lots of errors reported in zruby/gems/2.3.0/gems/redis-3.2.2z) but no "smoking gun" AFAICT.

And to top off the craziness, about every ten or so (random) times that I run docker restart gitlab the site comes up perfectly. I've been tempted to just leave it up, but therein lies madness...

How can I get it to come up reliably? Or how can I debug this more completely?

This answer probably comes way too late for you, but I ran into the same issue and was able to solve it.

The important clue is that the log errors are by the sshd daemon!

Traefik will, by default, pick the first port exposed by the container (by the Dockerfile, not the ports you manually expose!). In case of the Gitlab container, this is the ssh port 22.

So Traefik will direct the web requests to Gitlab's SSH daemon.

To fix this, you need to set the port for Traefik explicitly, with a label:

labels:
    ...
    - traefik.port=80