Reputation: 21
Gitlab runner clone timeout behind traefik (relative path)
I am trying to get a instance of Gitlab running on a relative path (/dev/git/) behind a Traefik proxy.
Gitlab itself works like a charm, but I have no luck with adding a Runner to the project.
The registration of the runner ist successfully, but when it grabs a job, the cloning of the repository fails with a timeout error:
Cloning into '/builds/dev/git/root/ci-test'...
fatal: unable to access 'https://gitlab-ci-
token:[email protected]/dev/git/root/ci-test.git/': Failed to connect to SUBDOMAIN.DOMAIN.de port 443: Operation timed out
Gitlab is available under https://SUBDOMAIN.DOMAIN.de/dev/git/
Docker-Config "docker-compose.yml":
version: "2.1"
services:
proxy1:
container_name: proxy1
image: traefik:latest
restart: always
networks:
- web
ports:
- 80:80
- 443:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /srv/docker/config/proxy1/acme.json:/acme.json
- /srv/docker/config/proxy1/traefik.toml:/traefik.toml
labels:
- "traefik.docker.network=web"
- "traefik.enable=true"
- "traefik.basic.frontend.rule=Host:SUBDOMAIN.DOMAIN.de;PathPrefixStrip:/traefik/"
- "traefik.basic.port=8080"
- "traefik.basic.protocol=http"
gitlab1:
container_name: gitlab1
image: gitlab/gitlab-ce:latest
restart: always
networks:
- web
volumes:
- /srv/docker/volumes/gitlab1/config:/etc/gitlab
- /srv/docker/volumes/gitlab1/log:/var/log/gitlab
- /srv/docker/volumes/gitlab1/data:/var/opt/gitlab
labels:
- "traefik.docker.network=web"
- "traefik.enable=true"
- "traefik.basic.frontend.rule=Host:SUBDOMAIN.DOMAIN.de;PathPrefix:/dev/git/"
- "traefik.basic.port=80"
- "traefik.basic.protocol=http"
gitlab-runner1:
container_name: gitlab-runner1
image: gitlab/gitlab-runner:latest
restart: always
networks:
- web
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /srv/docker/volumes/runner1/config:/etc/gitlab-runner
networks:
web:
Traefik config "traefik.toml":
debug = true
logLevel = "ERROR"
defaultEntryPoints = ["https", "http"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[retry]
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "SUBDOMAIN.DOMAIN.de"
watch = true
exposedByDefault = false
[acme]
email = "[email protected]"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"
[api]
entryPoint = "traefik"
dashboard = true
Gitlab is configured to listen on HTTP behind the proxy, which handles SSL.
Gitlab config "gitlab.rb":
external_url "https://SUBDOMAIN.DOMAIN.de/dev/git/"
nginx['redirect_http_to_https'] = true
nginx['listen_port'] = 80
nginx['listen_https'] = false
nginx['proxy_set_headers'] = {
"Host" => "$http_host",
"X-Real-IP" => "$remote_addr",
"X-Forwarded-For" => "$proxy_add_x_forwarded_for",
"X-Forwarded-Proto" => "https",
"X-Forwarded-Ssl" => "on"
}
Gitlab-Runner config "config.toml":
concurrent = 1
check_interval = 0
[session_server]
session_timeout = 1800
[[runners]]
name = "runner1"
url = "http://gitlab1/dev/git/"
token = "TOKEN"
executor = "docker"
[runners.docker]
tls_verify = false
image = "alpine:latest"
privileged = false
disable_entrypoint_overwrite = false
oom_kill_disable = false
disable_cache = false
volumes = ["/cache"]
shm_size = 0
[runners.cache]
[runners.cache.s3]
[runners.cache.gcs]
It would be a pleasure for me, if you could help me with this. I searched a lot on the internet, but I can't find anyone who already solved this.
Thank you very much for every answer.
Upvotes: 1
Views: 1330
Answers (1)
Reputation: 21
I figured out a solution:
The job, which is running on the gitlab-runner, doesn't connect to the web network, but to the standard bridge network.
So I had to reconfigure the gitlab runner as followed by adding:
[[runners]]
url = "http://gitlab1/dev/git/"
clone_url = "http://gitlab1/dev/git/"
[runners.docker]
network_mode = "docker_gitlab"
privileged = true
docker_gitlab is the name of the network, which I added to the docker-compose file above to connect gitlab and the gitlab-runner.
new docker-compose.yml
gitlab1:
container_name: gitlab1
image: gitlab/gitlab-ce:latest
restart: always
networks:
- gitlab
- web
volumes:
- /srv/docker/volumes/gitlab1/config:/etc/gitlab
- /srv/docker/volumes/gitlab1/log:/var/log/gitlab
- /srv/docker/volumes/gitlab1/data:/var/opt/gitlab
hostname: SUBDOMAIN.DOMAIN.de
labels:
- "traefik.enable=true"
- "traefik.docker.network=docker_web"
- "traefik.port=80"
- "traefik.backend=gitlab"
- "traefik.frontend.rule=Host:SUBDOMAIN.DOMAIN.de;PathPrefix:/dev/git/"
gitlab-runner1:
container_name: gitlab-runner1
image: gitlab/gitlab-runner:latest
restart: always
networks:
- gitlab
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /srv/docker/volumes/runner1/config:/etc/gitlab-runner
links:
- gitlab1
labels:
- "traefik.enable=false"
Upvotes: 1
Related Questions
- GitLab runner unable to clone repository via http
- gitlab in docker behind traefik proxy fails (usually)
- Runner cannot clone gitlab repository
- gitlab ci failing with custom runner
- How to proxy Gitlab in Docker through Traefik
- Gitlab-CI cannot clone
- Gitlab CI: job hangs up on cloning repo
- Gitlab Runner on local VM with Gitlab CE cannot clone repo
- git runner is unable to access
- Can’t clone repo from GitLab CI in Docker