Expose port in docker-compose or configure second letsencrypt certificateExposing a port on a live Docker containerParsing error on salt docker-formula while using composeng“nginx-proxy” docker image socket volume not mountedWhat is the difference between docker-compose ports vs exposeLetsEncrypt in a Docker (docker-compose) app container not workingGitlab Docker container behind reverse ProxyDocker multisite SSL certificates all have same emailNginx Reverse Proxy with Docker LetsEncryptUnderstanding Docker Compose Nginx-Proxy with Docker-Alpine-Python-Flasknginx docker compose redirect delay
Where is Jon going?
Job Market: should one hide their (young) age?
Why isn't Tyrion mentioned in the in-universe book "A Song of Ice and Fire"?
Which European Languages are not Indo-European?
What could a self-sustaining lunar colony slowly lose that would ultimately prove fatal?
What's difference between "depends on" and "is blocked by" relations between issues in Jira next-gen board?
How to deal with a colleague who is being aggressive?
Why are Stein manifolds/spaces the analog of affine varieties/schemes in algebraic geometry?
SFDX: where can set Field-level security and accessibility?
How to melt snow without fire or body heat?
Security vulnerabilities of POST over SSL
Why do Russians almost not use verbs of possession akin to "have"?
Translation of “with that”
Can a person survive on blood in place of water?
Why haven't we yet tried accelerating a space station with people inside to a near light speed?
Why did Jon Snow do this immoral act if he is so honorable?
Is there a simple example that empirical evidence is misleading?
Is it possible to prohibit all prohibitable schools of magic with a single character?
How can I tell if I'm being too picky as a referee?
What does kpsewhich stand for?
How to patch glass cuts in a bicycle tire?
Writing style before Elements of Style
Does French have the English "short i" vowel?
What Armor Optimization applies to a Mithral full plate?
Expose port in docker-compose or configure second letsencrypt certificate
Exposing a port on a live Docker containerParsing error on salt docker-formula while using composeng“nginx-proxy” docker image socket volume not mountedWhat is the difference between docker-compose ports vs exposeLetsEncrypt in a Docker (docker-compose) app container not workingGitlab Docker container behind reverse ProxyDocker multisite SSL certificates all have same emailNginx Reverse Proxy with Docker LetsEncryptUnderstanding Docker Compose Nginx-Proxy with Docker-Alpine-Python-Flasknginx docker compose redirect delay
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
I'm running a selfhosted gitlab docker instance, but I'm facing some problems configuring the registry as I do get the error
Error response from daemon: Get https://example.com:4567/v2/: dial tcp <IP>:4567: connect: connection refused
for doing docker login example.com:4567.
So it seems that I have to expose the port
4567somehow.An (better) alternative would be to configure a second domain for the registry - like
registry.example.com. As you can see below I'm using letsencrypt certificates for my gitlab instance. But how do I get a second certificate for the registry?
This is how my docker-compose looks like - I'm using jwilder/nginx-proxy for my reverse proxy.
docker-compose.yml
gitlab:
image: gitlab/gitlab-ce:11.9.0-ce.0
container_name: gitlab
networks:
- reverse-proxy
restart: unless-stopped
ports:
- '50022:22'
volumes:
- /opt/gitlab/config:/etc/gitlab
- /opt/gitlab/logs:/var/log/gitlab
- /opt/gitlab/data:/var/opt/gitlab
- /opt/nginx/conf.d:/etc/nginx/conf.d
- /opt/nginx/certs:/etc/nginx/certs:ro
environment:
VIRTUAL_HOST: example.com
VIRTUAL_PROTO: https
VIRTUAL_PORT: 443
LETSENCRYPT_HOST: example.com
LETSENCRYPT_EMAIL: certs@example.com
gitlab.rb
external_url 'https://example.com'
nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = '/etc/nginx/certs/example.com/fullchain.pem'
nginx['ssl_certificate_key'] = '/etc/nginx/certs/example.com/key.pem'
gitlab_rails['backup_keep_time'] = 604800
gitlab_rails['backup_path'] = '/backups'
gitlab_rails['registry_enabled'] = true
registry_external_url 'https://example.com:4567'
registry_nginx['ssl_certificate'] = "/etc/nginx/certs/example.com/fullchain.pem"
registry_nginx['ssl_certificate_key'] = "/etc/nginx/certs/example.com/key.pem"
For the second alternative it would look like:
registry_external_url 'https://registry.example.com'
registry_nginx['ssl_certificate'] = "/etc/nginx/certs/registry.example.com/fullchain.pem"
registry_nginx['ssl_certificate_key'] = "/etc/nginx/certs/registry.example.com/key.pem"
But how do I set this up in my docker-compose?
Update
Im configuring nginx just via jwilder package, without changing anyhting. So this part of my docker-compose.yml file just looks like this:
services:
nginx-proxy:
image: jwilder/nginx-proxy
container_name: nginx-proxy
networks:
- reverse-proxy
ports:
- "80:80"
- "443:443"
volumes:
- /opt/nginx-proxy/vhost.d:/etc/nginx/vhost.d:rw
- /opt/nginx/certs:/etc/nginx/certs:ro
- html:/usr/share/nginx/html
- /var/run/docker.sock:/tmp/docker.sock:ro
nginx-letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: nginx-letsencrypt
networks:
- reverse-proxy
depends_on:
- nginx-proxy
volumes:
- /opt/nginx-proxy/vhost.d:/etc/nginx/vhost.d:rw
- html:/usr/share/nginx/html
- /opt/nginx/certs:/etc/nginx/certs:rw
- /var/run/docker.sock:/var/run/docker.sock:rw
environment:
NGINX_PROXY_CONTAINER: "nginx-proxy"
docker docker-compose gitlab lets-encrypt
asked Mar 24 at 0:59
user3142695user3142695
1,9901249140
add a comment |
I'm running a selfhosted gitlab docker instance, but I'm facing some problems configuring the registry as I do get the error
Error response from daemon: Get https://example.com:4567/v2/: dial tcp <IP>:4567: connect: connection refused
for doing docker login example.com:4567.
So it seems that I have to expose the port
4567somehow.An (better) alternative would be to configure a second domain for the registry - like
registry.example.com. As you can see below I'm using letsencrypt certificates for my gitlab instance. But how do I get a second certificate for the registry?
This is how my docker-compose looks like - I'm using jwilder/nginx-proxy for my reverse proxy.
docker-compose.yml
gitlab:
image: gitlab/gitlab-ce:11.9.0-ce.0
container_name: gitlab
networks:
- reverse-proxy
restart: unless-stopped
ports:
- '50022:22'
volumes:
- /opt/gitlab/config:/etc/gitlab
- /opt/gitlab/logs:/var/log/gitlab
- /opt/gitlab/data:/var/opt/gitlab
- /opt/nginx/conf.d:/etc/nginx/conf.d
- /opt/nginx/certs:/etc/nginx/certs:ro
environment:
VIRTUAL_HOST: example.com
VIRTUAL_PROTO: https
VIRTUAL_PORT: 443
LETSENCRYPT_HOST: example.com
LETSENCRYPT_EMAIL: certs@example.com
gitlab.rb
external_url 'https://example.com'
nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = '/etc/nginx/certs/example.com/fullchain.pem'
nginx['ssl_certificate_key'] = '/etc/nginx/certs/example.com/key.pem'
gitlab_rails['backup_keep_time'] = 604800
gitlab_rails['backup_path'] = '/backups'
gitlab_rails['registry_enabled'] = true
registry_external_url 'https://example.com:4567'
registry_nginx['ssl_certificate'] = "/etc/nginx/certs/example.com/fullchain.pem"
registry_nginx['ssl_certificate_key'] = "/etc/nginx/certs/example.com/key.pem"
For the second alternative it would look like:
registry_external_url 'https://registry.example.com'
registry_nginx['ssl_certificate'] = "/etc/nginx/certs/registry.example.com/fullchain.pem"
registry_nginx['ssl_certificate_key'] = "/etc/nginx/certs/registry.example.com/key.pem"
But how do I set this up in my docker-compose?
Update
Im configuring nginx just via jwilder package, without changing anyhting. So this part of my docker-compose.yml file just looks like this:
services:
nginx-proxy:
image: jwilder/nginx-proxy
container_name: nginx-proxy
networks:
- reverse-proxy
ports:
- "80:80"
- "443:443"
volumes:
- /opt/nginx-proxy/vhost.d:/etc/nginx/vhost.d:rw
- /opt/nginx/certs:/etc/nginx/certs:ro
- html:/usr/share/nginx/html
- /var/run/docker.sock:/tmp/docker.sock:ro
nginx-letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: nginx-letsencrypt
networks:
- reverse-proxy
depends_on:
- nginx-proxy
volumes:
- /opt/nginx-proxy/vhost.d:/etc/nginx/vhost.d:rw
- html:/usr/share/nginx/html
- /opt/nginx/certs:/etc/nginx/certs:rw
- /var/run/docker.sock:/var/run/docker.sock:rw
environment:
NGINX_PROXY_CONTAINER: "nginx-proxy"
docker docker-compose gitlab lets-encrypt
asked Mar 24 at 0:59
user3142695user3142695
1,9901249140
I understand that you have a domainexample.comconfigured to point on your machine hosting Gitlab in Docker and a reverse proxy with nginx, is that correct? If so, can you upload the related nginx config?
– Pierre B.
Mar 26 at 11:07
@PierreB. I'm using the jwilder package which configures nginx. I don't have to change anything...
– user3142695
Mar 26 at 12:40
What's yourjwilder/nginx-proxyconfig then? (which host do you configure?) it may be an issue with the proxy config which does not expose the port properly
– Pierre B.
Mar 26 at 13:46
@PierreB. Just updated the post to show how I'm running nginx proxy. I don't configure anything else. Just running the docker-compose on my ubuntu server and that's it. Everything is working beside the registry stuff...
– user3142695
Mar 26 at 13:58
Thanks for the details, I tried to provide some leads in my answer
– Pierre B.
Mar 26 at 17:34
add a comment |
I'm running a selfhosted gitlab docker instance, but I'm facing some problems configuring the registry as I do get the error
Error response from daemon: Get https://example.com:4567/v2/: dial tcp <IP>:4567: connect: connection refused
for doing docker login example.com:4567.
So it seems that I have to expose the port
4567somehow.An (better) alternative would be to configure a second domain for the registry - like
registry.example.com. As you can see below I'm using letsencrypt certificates for my gitlab instance. But how do I get a second certificate for the registry?
This is how my docker-compose looks like - I'm using jwilder/nginx-proxy for my reverse proxy.
docker-compose.yml
gitlab:
image: gitlab/gitlab-ce:11.9.0-ce.0
container_name: gitlab
networks:
- reverse-proxy
restart: unless-stopped
ports:
- '50022:22'
volumes:
- /opt/gitlab/config:/etc/gitlab
- /opt/gitlab/logs:/var/log/gitlab
- /opt/gitlab/data:/var/opt/gitlab
- /opt/nginx/conf.d:/etc/nginx/conf.d
- /opt/nginx/certs:/etc/nginx/certs:ro
environment:
VIRTUAL_HOST: example.com
VIRTUAL_PROTO: https
VIRTUAL_PORT: 443
LETSENCRYPT_HOST: example.com
LETSENCRYPT_EMAIL: certs@example.com
gitlab.rb
external_url 'https://example.com'
nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = '/etc/nginx/certs/example.com/fullchain.pem'
nginx['ssl_certificate_key'] = '/etc/nginx/certs/example.com/key.pem'
gitlab_rails['backup_keep_time'] = 604800
gitlab_rails['backup_path'] = '/backups'
gitlab_rails['registry_enabled'] = true
registry_external_url 'https://example.com:4567'
registry_nginx['ssl_certificate'] = "/etc/nginx/certs/example.com/fullchain.pem"
registry_nginx['ssl_certificate_key'] = "/etc/nginx/certs/example.com/key.pem"
For the second alternative it would look like:
registry_external_url 'https://registry.example.com'
registry_nginx['ssl_certificate'] = "/etc/nginx/certs/registry.example.com/fullchain.pem"
registry_nginx['ssl_certificate_key'] = "/etc/nginx/certs/registry.example.com/key.pem"
But how do I set this up in my docker-compose?
Update
Im configuring nginx just via jwilder package, without changing anyhting. So this part of my docker-compose.yml file just looks like this:
services:
nginx-proxy:
image: jwilder/nginx-proxy
container_name: nginx-proxy
networks:
- reverse-proxy
ports:
- "80:80"
- "443:443"
volumes:
- /opt/nginx-proxy/vhost.d:/etc/nginx/vhost.d:rw
- /opt/nginx/certs:/etc/nginx/certs:ro
- html:/usr/share/nginx/html
- /var/run/docker.sock:/tmp/docker.sock:ro
nginx-letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: nginx-letsencrypt
networks:
- reverse-proxy
depends_on:
- nginx-proxy
volumes:
- /opt/nginx-proxy/vhost.d:/etc/nginx/vhost.d:rw
- html:/usr/share/nginx/html
- /opt/nginx/certs:/etc/nginx/certs:rw
- /var/run/docker.sock:/var/run/docker.sock:rw
environment:
NGINX_PROXY_CONTAINER: "nginx-proxy"
docker docker-compose gitlab lets-encrypt
asked Mar 24 at 0:59
user3142695user3142695
1,9901249140
I'm running a selfhosted gitlab docker instance, but I'm facing some problems configuring the registry as I do get the error
Error response from daemon: Get https://example.com:4567/v2/: dial tcp <IP>:4567: connect: connection refused
for doing docker login example.com:4567.
So it seems that I have to expose the port
4567somehow.An (better) alternative would be to configure a second domain for the registry - like
registry.example.com. As you can see below I'm using letsencrypt certificates for my gitlab instance. But how do I get a second certificate for the registry?
This is how my docker-compose looks like - I'm using jwilder/nginx-proxy for my reverse proxy.
docker-compose.yml
gitlab:
image: gitlab/gitlab-ce:11.9.0-ce.0
container_name: gitlab
networks:
- reverse-proxy
restart: unless-stopped
ports:
- '50022:22'
volumes:
- /opt/gitlab/config:/etc/gitlab
- /opt/gitlab/logs:/var/log/gitlab
- /opt/gitlab/data:/var/opt/gitlab
- /opt/nginx/conf.d:/etc/nginx/conf.d
- /opt/nginx/certs:/etc/nginx/certs:ro
environment:
VIRTUAL_HOST: example.com
VIRTUAL_PROTO: https
VIRTUAL_PORT: 443
LETSENCRYPT_HOST: example.com
LETSENCRYPT_EMAIL: certs@example.com
gitlab.rb
external_url 'https://example.com'
nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = '/etc/nginx/certs/example.com/fullchain.pem'
nginx['ssl_certificate_key'] = '/etc/nginx/certs/example.com/key.pem'
gitlab_rails['backup_keep_time'] = 604800
gitlab_rails['backup_path'] = '/backups'
gitlab_rails['registry_enabled'] = true
registry_external_url 'https://example.com:4567'
registry_nginx['ssl_certificate'] = "/etc/nginx/certs/example.com/fullchain.pem"
registry_nginx['ssl_certificate_key'] = "/etc/nginx/certs/example.com/key.pem"
For the second alternative it would look like:
registry_external_url 'https://registry.example.com'
registry_nginx['ssl_certificate'] = "/etc/nginx/certs/registry.example.com/fullchain.pem"
registry_nginx['ssl_certificate_key'] = "/etc/nginx/certs/registry.example.com/key.pem"
But how do I set this up in my docker-compose?
Update
Im configuring nginx just via jwilder package, without changing anyhting. So this part of my docker-compose.yml file just looks like this:
services:
nginx-proxy:
image: jwilder/nginx-proxy
container_name: nginx-proxy
networks:
- reverse-proxy
ports:
- "80:80"
- "443:443"
volumes:
- /opt/nginx-proxy/vhost.d:/etc/nginx/vhost.d:rw
- /opt/nginx/certs:/etc/nginx/certs:ro
- html:/usr/share/nginx/html
- /var/run/docker.sock:/tmp/docker.sock:ro
nginx-letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: nginx-letsencrypt
networks:
- reverse-proxy
depends_on:
- nginx-proxy
volumes:
- /opt/nginx-proxy/vhost.d:/etc/nginx/vhost.d:rw
- html:/usr/share/nginx/html
- /opt/nginx/certs:/etc/nginx/certs:rw
- /var/run/docker.sock:/var/run/docker.sock:rw
environment:
NGINX_PROXY_CONTAINER: "nginx-proxy"
docker docker-compose gitlab lets-encrypt
docker docker-compose gitlab lets-encrypt
asked Mar 24 at 0:59
user3142695user3142695
1,9901249140
asked Mar 24 at 0:59
user3142695user3142695
1,9901249140
edited Mar 26 at 13:56
user3142695
asked Mar 24 at 0:59
user3142695user3142695
1,9901249140
asked Mar 24 at 0:59
user3142695user3142695
1,9901249140
asked Mar 24 at 0:59
user3142695user3142695
1,9901249140
1,9901249140
I understand that you have a domainexample.comconfigured to point on your machine hosting Gitlab in Docker and a reverse proxy with nginx, is that correct? If so, can you upload the related nginx config?
– Pierre B.
Mar 26 at 11:07
@PierreB. I'm using the jwilder package which configures nginx. I don't have to change anything...
– user3142695
Mar 26 at 12:40
What's yourjwilder/nginx-proxyconfig then? (which host do you configure?) it may be an issue with the proxy config which does not expose the port properly
– Pierre B.
Mar 26 at 13:46
@PierreB. Just updated the post to show how I'm running nginx proxy. I don't configure anything else. Just running the docker-compose on my ubuntu server and that's it. Everything is working beside the registry stuff...
– user3142695
Mar 26 at 13:58
Thanks for the details, I tried to provide some leads in my answer
– Pierre B.
Mar 26 at 17:34
add a comment |
I understand that you have a domainexample.comconfigured to point on your machine hosting Gitlab in Docker and a reverse proxy with nginx, is that correct? If so, can you upload the related nginx config?
– Pierre B.
Mar 26 at 11:07
@PierreB. I'm using the jwilder package which configures nginx. I don't have to change anything...
– user3142695
Mar 26 at 12:40
What's yourjwilder/nginx-proxyconfig then? (which host do you configure?) it may be an issue with the proxy config which does not expose the port properly
– Pierre B.
Mar 26 at 13:46
@PierreB. Just updated the post to show how I'm running nginx proxy. I don't configure anything else. Just running the docker-compose on my ubuntu server and that's it. Everything is working beside the registry stuff...
– user3142695
Mar 26 at 13:58
Thanks for the details, I tried to provide some leads in my answer
– Pierre B.
Mar 26 at 17:34
I understand that you have a domain
example.com configured to point on your machine hosting Gitlab in Docker and a reverse proxy with nginx, is that correct? If so, can you upload the related nginx config?– Pierre B.
Mar 26 at 11:07
I understand that you have a domain
example.com configured to point on your machine hosting Gitlab in Docker and a reverse proxy with nginx, is that correct? If so, can you upload the related nginx config?– Pierre B.
Mar 26 at 11:07
@PierreB. I'm using the jwilder package which configures nginx. I don't have to change anything...
– user3142695
Mar 26 at 12:40
@PierreB. I'm using the jwilder package which configures nginx. I don't have to change anything...
– user3142695
Mar 26 at 12:40
What's your
jwilder/nginx-proxy config then? (which host do you configure?) it may be an issue with the proxy config which does not expose the port properly– Pierre B.
Mar 26 at 13:46
What's your
jwilder/nginx-proxy config then? (which host do you configure?) it may be an issue with the proxy config which does not expose the port properly– Pierre B.
Mar 26 at 13:46
@PierreB. Just updated the post to show how I'm running nginx proxy. I don't configure anything else. Just running the docker-compose on my ubuntu server and that's it. Everything is working beside the registry stuff...
– user3142695
Mar 26 at 13:58
@PierreB. Just updated the post to show how I'm running nginx proxy. I don't configure anything else. Just running the docker-compose on my ubuntu server and that's it. Everything is working beside the registry stuff...
– user3142695
Mar 26 at 13:58
Thanks for the details, I tried to provide some leads in my answer
– Pierre B.
Mar 26 at 17:34
Thanks for the details, I tried to provide some leads in my answer
– Pierre B.
Mar 26 at 17:34
add a comment |
1 Answer
1
active
oldest
votes
TL; DR:
So it seems that I have to expose the port 4567 somehow.
Yes, however jwilder/nginx-proxy does not support more than one port per virtual host and port 443 is already exposed. There is a pull request for that feature but it has not been merged yet. You'll need to expose this port another way (see below)
You are using jwilder/nginx-proxy as reverse proxy to access a Gitlab instance in a container but with your current configuration onlyport 443 is exposed:
environment:
VIRTUAL_HOST: example.com
VIRTUAL_PROTO: https
VIRTUAL_PORT: 443
All other Gitlab services (including the registry on port 4567) are not proxied and therefore not reachable through example.com.
Unfortunately it is not possible yet to expose multiple port on a single hostname with jwilder/nginx-proxy. There is a pull request open for that use case but it had not been merged yet (you are not the only one with this kind of issue).
An (better) alternative would be to configure a second domain for the registry
This won't work if you keep using jwilder/nginx-proxy as even if you changed registry_external_url, you'll still be stuck with the port issue, and you cannot allocate the same port to two different services.
What you can do:
- vote and comment for mentioned PR to be merged :)
- try to build the Docker image from mentionned pull request's fork and configure your compose with something like
VIRTUAL_HOST=example.com:443,example.com:4567 - configure a reverse proxy manually fort port 4567 - you may wind-up a plain
nginxcontainer in addition with your current configuration which would specifically do this, or re-configure your entire proxying scheme without using jwilder images - update your configuration to expose example.com:4567 instead of example.com:443 but you'll lose HTTPS access. (though it's probably not what you are looking for)
I am aware this does not provide a finite solution but I hope it helps.
answered Mar 26 at 17:33
Pierre B.Pierre B.
2,40011127
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55319812%2fexpose-port-in-docker-compose-or-configure-second-letsencrypt-certificate%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
TL; DR:
So it seems that I have to expose the port 4567 somehow.
Yes, however jwilder/nginx-proxy does not support more than one port per virtual host and port 443 is already exposed. There is a pull request for that feature but it has not been merged yet. You'll need to expose this port another way (see below)
You are using jwilder/nginx-proxy as reverse proxy to access a Gitlab instance in a container but with your current configuration onlyport 443 is exposed:
environment:
VIRTUAL_HOST: example.com
VIRTUAL_PROTO: https
VIRTUAL_PORT: 443
All other Gitlab services (including the registry on port 4567) are not proxied and therefore not reachable through example.com.
Unfortunately it is not possible yet to expose multiple port on a single hostname with jwilder/nginx-proxy. There is a pull request open for that use case but it had not been merged yet (you are not the only one with this kind of issue).
An (better) alternative would be to configure a second domain for the registry
This won't work if you keep using jwilder/nginx-proxy as even if you changed registry_external_url, you'll still be stuck with the port issue, and you cannot allocate the same port to two different services.
What you can do:
- vote and comment for mentioned PR to be merged :)
- try to build the Docker image from mentionned pull request's fork and configure your compose with something like
VIRTUAL_HOST=example.com:443,example.com:4567 - configure a reverse proxy manually fort port 4567 - you may wind-up a plain
nginxcontainer in addition with your current configuration which would specifically do this, or re-configure your entire proxying scheme without using jwilder images - update your configuration to expose example.com:4567 instead of example.com:443 but you'll lose HTTPS access. (though it's probably not what you are looking for)
I am aware this does not provide a finite solution but I hope it helps.
answered Mar 26 at 17:33
Pierre B.Pierre B.
2,40011127
add a comment |
TL; DR:
So it seems that I have to expose the port 4567 somehow.
Yes, however jwilder/nginx-proxy does not support more than one port per virtual host and port 443 is already exposed. There is a pull request for that feature but it has not been merged yet. You'll need to expose this port another way (see below)
You are using jwilder/nginx-proxy as reverse proxy to access a Gitlab instance in a container but with your current configuration onlyport 443 is exposed:
environment:
VIRTUAL_HOST: example.com
VIRTUAL_PROTO: https
VIRTUAL_PORT: 443
All other Gitlab services (including the registry on port 4567) are not proxied and therefore not reachable through example.com.
Unfortunately it is not possible yet to expose multiple port on a single hostname with jwilder/nginx-proxy. There is a pull request open for that use case but it had not been merged yet (you are not the only one with this kind of issue).
An (better) alternative would be to configure a second domain for the registry
This won't work if you keep using jwilder/nginx-proxy as even if you changed registry_external_url, you'll still be stuck with the port issue, and you cannot allocate the same port to two different services.
What you can do:
- vote and comment for mentioned PR to be merged :)
- try to build the Docker image from mentionned pull request's fork and configure your compose with something like
VIRTUAL_HOST=example.com:443,example.com:4567 - configure a reverse proxy manually fort port 4567 - you may wind-up a plain
nginxcontainer in addition with your current configuration which would specifically do this, or re-configure your entire proxying scheme without using jwilder images - update your configuration to expose example.com:4567 instead of example.com:443 but you'll lose HTTPS access. (though it's probably not what you are looking for)
I am aware this does not provide a finite solution but I hope it helps.
answered Mar 26 at 17:33
Pierre B.Pierre B.
2,40011127
add a comment |
TL; DR:
So it seems that I have to expose the port 4567 somehow.
Yes, however jwilder/nginx-proxy does not support more than one port per virtual host and port 443 is already exposed. There is a pull request for that feature but it has not been merged yet. You'll need to expose this port another way (see below)
You are using jwilder/nginx-proxy as reverse proxy to access a Gitlab instance in a container but with your current configuration onlyport 443 is exposed:
environment:
VIRTUAL_HOST: example.com
VIRTUAL_PROTO: https
VIRTUAL_PORT: 443
All other Gitlab services (including the registry on port 4567) are not proxied and therefore not reachable through example.com.
Unfortunately it is not possible yet to expose multiple port on a single hostname with jwilder/nginx-proxy. There is a pull request open for that use case but it had not been merged yet (you are not the only one with this kind of issue).
An (better) alternative would be to configure a second domain for the registry
This won't work if you keep using jwilder/nginx-proxy as even if you changed registry_external_url, you'll still be stuck with the port issue, and you cannot allocate the same port to two different services.
What you can do:
- vote and comment for mentioned PR to be merged :)
- try to build the Docker image from mentionned pull request's fork and configure your compose with something like
VIRTUAL_HOST=example.com:443,example.com:4567 - configure a reverse proxy manually fort port 4567 - you may wind-up a plain
nginxcontainer in addition with your current configuration which would specifically do this, or re-configure your entire proxying scheme without using jwilder images - update your configuration to expose example.com:4567 instead of example.com:443 but you'll lose HTTPS access. (though it's probably not what you are looking for)
I am aware this does not provide a finite solution but I hope it helps.
answered Mar 26 at 17:33
Pierre B.Pierre B.
2,40011127
TL; DR:
So it seems that I have to expose the port 4567 somehow.
Yes, however jwilder/nginx-proxy does not support more than one port per virtual host and port 443 is already exposed. There is a pull request for that feature but it has not been merged yet. You'll need to expose this port another way (see below)
You are using jwilder/nginx-proxy as reverse proxy to access a Gitlab instance in a container but with your current configuration onlyport 443 is exposed:
environment:
VIRTUAL_HOST: example.com
VIRTUAL_PROTO: https
VIRTUAL_PORT: 443
All other Gitlab services (including the registry on port 4567) are not proxied and therefore not reachable through example.com.
Unfortunately it is not possible yet to expose multiple port on a single hostname with jwilder/nginx-proxy. There is a pull request open for that use case but it had not been merged yet (you are not the only one with this kind of issue).
An (better) alternative would be to configure a second domain for the registry
This won't work if you keep using jwilder/nginx-proxy as even if you changed registry_external_url, you'll still be stuck with the port issue, and you cannot allocate the same port to two different services.
What you can do:
- vote and comment for mentioned PR to be merged :)
- try to build the Docker image from mentionned pull request's fork and configure your compose with something like
VIRTUAL_HOST=example.com:443,example.com:4567 - configure a reverse proxy manually fort port 4567 - you may wind-up a plain
nginxcontainer in addition with your current configuration which would specifically do this, or re-configure your entire proxying scheme without using jwilder images - update your configuration to expose example.com:4567 instead of example.com:443 but you'll lose HTTPS access. (though it's probably not what you are looking for)
I am aware this does not provide a finite solution but I hope it helps.
answered Mar 26 at 17:33
Pierre B.Pierre B.
2,40011127
answered Mar 26 at 17:33
Pierre B.Pierre B.
2,40011127
answered Mar 26 at 17:33
Pierre B.Pierre B.
2,40011127
answered Mar 26 at 17:33
Pierre B.Pierre B.
2,40011127
2,40011127
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55319812%2fexpose-port-in-docker-compose-or-configure-second-letsencrypt-certificate%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
I understand that you have a domain
example.comconfigured to point on your machine hosting Gitlab in Docker and a reverse proxy with nginx, is that correct? If so, can you upload the related nginx config?– Pierre B.
Mar 26 at 11:07
@PierreB. I'm using the jwilder package which configures nginx. I don't have to change anything...
– user3142695
Mar 26 at 12:40
What's your
jwilder/nginx-proxyconfig then? (which host do you configure?) it may be an issue with the proxy config which does not expose the port properly– Pierre B.
Mar 26 at 13:46
@PierreB. Just updated the post to show how I'm running nginx proxy. I don't configure anything else. Just running the docker-compose on my ubuntu server and that's it. Everything is working beside the registry stuff...
– user3142695
Mar 26 at 13:58
Thanks for the details, I tried to provide some leads in my answer
– Pierre B.
Mar 26 at 17:34