Skip to content

Chef is trying to create letsencrypt certificate if set to disabled but external URL is https

Summary

Starting the current Gitlab CE Docker container (gitlab/gitlab-ce:12.2.3-ce.0) via a docker-compose file and a few configuration parameters, Chef ignores the letsencrypt['enabled'] = false setting if the external_url is HTTPS.

Steps to reproduce

  1. Create a docker-compose file, see docker-compose.yml
  2. Start it via 'docker-compose up' and watch the log output

What is the current bug behavior?

  • even though letsencrypt['enabled'] = false is set but external_url has https, the Chef script still tries to generate a letsencrypt certificate

What is the expected correct behavior?

Chef should honour the letsencrypt=false settings and skips certificate create even if the external URL is https.

Relevant logs

Relevant logs docker-gitlab-logoutput.log

Details of package version

Provide the package version installation details 
gitlab/gitlab-ce:12.2.3-ce.0

Environment details

  • Operating System: Host Linux version 4.15.0-58-generic (buildd@lcy01-amd64-013) (gcc version 7.4.0 (Ubuntu 7.4.0-1ubuntu1~18.04.1)) #64-Ubuntu SMP Tue Aug 6 11:12:41 UTC 2019
  • Installation Target, remove incorrect values:
    • Bare Metal Machine
  • Installation Type, remove incorrect values:
    • New Installation (via Docker image)
  • Is there any other software running on the machine: Docker version 19.03.1, build 74b1e89
  • Is this a single or multiple node installation? Single
  • Resources
    • CPU: Intel(R) Core(TM) i3-5010U CPU @ 2.10GHz
    • Memory total: 16308468 kB

Configuration details

Provide the relevant sections of `/etc/gitlab/gitlab.rb` See the docker-compose.yml file

Additional notes

  • Gitlab runs inside a Docker container and is accessible via a virtual host configuration on the hosts Nginx webserver. That NGinx is already taking care of SSL (and the certificate) so there would be no actual need for the Docker Gitlab to run with HTTPS. However to have https-links e.g. in e-mails sent by Gitlab it is required to configure the external URL as https - but this again triggers Chef to configure both Gitlab's NGinx with SSL and tries to generate a LE certificate.
  • the initial docker-compose up will stop and not completely start Gitlab after the LE scripts fails
  • bringing the container down and up again seems to fix this issue

/label ~bug

Edited by Hendrik Brandt