DO floating IP for the main GitLab and GitLab Pages setup on separate droplets

November 3, 2019 79 views
Applications

I have an Omnibus GitLab CE setup with Pages on a second droplet. I am using floating IP for required second IP when enabling custom domains (per this doc). With this setup I am having the following issues with custom domain pages:

  1. Custom domains serve the Pages wildcard certificate instead of the custom domain certificates. even though I did added custom domain certificate manually and also enabled for it an automatic certificate management. I can view custom page published website if I add exception in the browser.
  2. Custom domains do not get redirected to HTTPS, with redirection checkbox enabled.
  3. Custom domains HTTP isn’t working and is getting 502 Gitlab error.

I am suspecting I am either misconfigured my gitlab.rb or maybe the DO floating IP isn’t fully/properly working for such setup, so DO droplets ultimately will not support it.

Any help would be hugely appreciated.

gitlab.rb for main GitLab droplet

external_url 'https://GITLAB.DOMAIN'
nginx['redirect_http_to_https'] = true

pages_external_url "https://PAGES.DOMAIN"
gitlab_pages['enable'] = false
gitlab_rails['pages_path'] = "/mnt/pages"

pages_nginx['redirect_http_to_https'] = true
pages_nginx['ssl_certificate'] = "/etc/letsencrypt/live/PAGES.DOMAIN/fullchain.pem"
pages_nginx['ssl_certificate_key'] = "/etc/letsencrypt/live/PAGES.DOMAIN/privkey.pem"

pages_nginx['enable'] = false
nginx['listen_addresses'] = ['GITLAB_IP']
gitlab_pages['external_http'] = ['GITLAB_FLOATING_IP:80']
gitlab_pages['external_https'] = ['GITLAB_FLOATING_IP:443']

gitlab.rb for Pages droplet

pages_external_url "https://PAGES.DOMAIN"

external_url "http://GITLAB_IP"
postgresql['enable'] = false
redis['enable'] = false
prometheus['enable'] = false
unicorn['enable'] = false
sidekiq['enable'] = false
gitlab_workhorse['enable'] = false
gitaly['enable'] = false
alertmanager['enable'] = false
node_exporter['enable'] = false
gitlab_rails['auto_migrate'] = false

pages_nginx['enable'] = true
pages_nginx['redirect_http_to_https'] = true
pages_nginx['ssl_certificate'] = "/etc/letsencrypt/live/PAGES.DOMAIN/fullchain.pem"
pages_nginx['ssl_certificate_key'] = "/etc/letsencrypt/live/PAGES.DOMAIN/privkey.pem"
Be the first one to answer this question.