When real_ip_trusted_addresses has a hostname in the array GitLab will not load
Summary
For 18.3.0
In package or docker installations setting a hostname in nginx['real_ip_trusted_addresses'] will result in GitLab failing to start with a 502. This is due to recent changes in reverse proxy handling.
This results in errors in puma logs:
2025-08-25 12:11:33 +0000 Rack app ("GET /help" - (127.0.0.1, 127.0.0.1)): #<NoMethodError: undefined method `include?' for nil:NilClass>
Error reached top of thread-pool: stack level too deep (SystemStackError)
2025-08-25 12:11:41 +0000 Rack app ("GET /api/v4/internal/check" - (127.0.0.1)): #<NoMethodError: undefined method `include?' for nil:NilClass>Steps to reproduce
- Install or Upgrade to 18.3.0
- set
nginx['real_ip_trusted_addresses'] = ['localhost'] - restart nginx
What is the current bug behavior?
GitLab UI will no longer load and fail with 502
What is the expected correct behavior?
GitLab continue to load or present a clear error as to what is wrong.
Relevant logs and/or screenshots
2025-08-25 12:11:33 +0000 Rack app ("GET /help" - (127.0.0.1, 127.0.0.1)): #<NoMethodError: undefined method `include?' for nil:NilClass>
Error reached top of thread-pool: stack level too deep (SystemStackError)
2025-08-25 12:11:41 +0000 Rack app ("GET /api/v4/internal/check" - (127.0.0.1)): #<NoMethodError: undefined method `include?' for nil:NilClass>Possible fixes
short term: restore the .compact !196981 (comment 2707827915) to remove nil entries from the array
long term: resolve hostnames as set_real_ip_from supports them.
Patch release information for backports
If the bug fix needs to be backported in a patch release to a version under the maintenance policy, please follow the steps on the patch release runbook for GitLab engineers.
Refer to the internal "Release Information" dashboard for information about the next patch release, including the targeted versions, expected release date, and current status.
High-severity bug remediation
To remediate high-severity issues requiring an internal release for single-tenant SaaS instances, refer to the internal release process for engineers.