Docker container health checks failing if nginx['ssl_verify_client'] and nginx['ssl_client_certificate'] are set

Summary

Health checks are failing when values are set for nginx['ssl_verify_client'] and nginx['ssl_client_certificate']. I'm using Cloudflare's authenticated origin pulls. The main and registry domains work so there's no problem with the certificates or the configuration. But the container stays in a "Starting" state for a long time and then is marked as "Unhealthy".

This biggest problem is that this makes Swarm exit, so I've had to switch to regular docker compose for now.

Steps to reproduce

Laumch this Compose file with valid a valid cert for nginx['ssl_client_certificate'].

version: '3.6'
services:
  web:
    image: 'gitlab/gitlab-ce:latest'
    restart: always
    hostname: 'gitlab.xxxx.dev'
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        external_url 'https://gitlab.xxxx.com'
        nginx['ssl_certificate'] = "/etc/gitlab/ssl/xxxx.crt"
        nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/xxxx.key"
        nginx['ssl_verify_client'] = "on"
        nginx['ssl_client_certificate'] = "/etc/gitlab/ssl/cloudflare-origin-pull-ca.pem"
        gitlab_rails['gitlab_shell_ssh_port'] = 2222
        registry_external_url 'https://registry.yyyy.com'
        registry_nginx['ssl_certificate'] = "/etc/gitlab/ssl/yyyy.crt"
        registry_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/yyyy.key"
        registry_nginx['ssl_verify_client'] = "on"
        registry_nginx['ssl_client_certificate'] = "/etc/gitlab/ssl/cloudflare-origin-pull-ca.pem"
    ports:
      - '80:80'
      - '443:443'
      - '2222:22'
    volumes:
      - '/srv/gitlab/config:/etc/gitlab'
      - '/srv/gitlab/logs:/var/log/gitlab'
      - '/srv/gitlab/data:/var/opt/gitlab'
    shm_size: '256m'

Watch the container state. It will eventually be marked as unheathy.

Then comment out the ssl_verify_client and ssl_client_certificate lines and run it again. Health checks will pass and the container will be marked as healthy.

Relevant logs

Relevant logs

Details of package version

Provide the package version installation details 
Gitlab CE docker image: 15.1.3-ce.0

Environment details

  • Operating System: Ubuntu 22.04
  • Installation Target, remove incorrect values:
    • Bare Metal Machine
    • VM: Hetzner
    • Installation Type, remove incorrect values:
    • New Installation
    • Is there any other software running on the machine: No
  • Is this a single or multiple node installation? Single
  • Resources
    • CPU: 4 cores
    • Memory total: 8GB

Configuration details

Provide the relevant sections of `/etc/gitlab/gitlab.rb`

All configs listed in the docker-compose file above

Edited by Raj Siva-Rajah