Enabling https in Gitlab on Docker

Hello all,

I have a problem with getting HTTPS to work on my Synology NAS, I hope you can help me out. I want to mention up front, that I also posted this question on Stackoverflow but it hasn’t gotten any traction and has since been deleted.

I have installed Gitlab (gitlabce:latest) on Docker (17.05.0-0379) on my Synology NAS (918+ with DSM 6.2.23739) through the GUI. Gitlab per se worked right away, but I would like to force https connection, when someone from outside my network connects to it. Here’s What I did so far:

  1. Create a dynDNS on no-ip[dot]com (domainname[dot]ddns[dot]net)

  2. Create a let’s encrypt Certificate under Control Panel >> Security >> Certificate.

  3. Followed the instructions here to enable HTTPS: https://steemit.com/security/@the-tech-guy/let-s-encrypt-ssl-certificate-for-gitlab-with-docker-on-synology. I used the command openssl dhparam -dsaparam -out dhparam.pem 4096 after the first try took more than 6 hours without a result. The step where I was supposed to stop the package in package manager didn’t make any sense to me, though, as I only have the container in docker and not the additional (Version 8) package that can be installed there.

This did not work, so I searched around a bit and manually added the Environment variables SSL_DHPARAM_PATH, SSL_CERTIFICATE_PATH and SSL_KEY_PATH to point the container at the location of the certificates.

Access through domainname[dot]ddns[dot]net:80 still works normally, doesn’t force https and port 443 can’t be reached. The error message in Opera says “This site can’t be reached. The connection was reset”, this seems to be a different message from the normal “server IP address can’t be found”,

I also had a look at the documentation of the container (https://hub.docker.com/r/sameersbn/gitlab/#enabling-https-support), but when I followed those instructions, nothing changed.
Installing a self signed certificate didn’t work either.

Potential errors I see:

  • The whole certificate generation step might have been done completely wrong.
  • I executed the shell commands when connected to the NAS itself and not Gitlab within the Container. Is that correct?

Can anyone point me in the right direction, please? I am new to this and am sure to have made some errors while setting this up. Help is greatly appreciated.

Well, if anyone gets as desperate as me, here’s what I suspect happened and my workaround.
I was running the dynDNS on the modem rather than the NAS, which probably caused the container to not recognize its intended domain name. Not sure if this makes sense, but that’s what I believe now.

Even after transferring the dynDNS onto the NAS I still couldn’t manage to get HTTPS working and when I configured Gitlab with a https:// domain, the container just wouldn’t start anymore. At this point I was pretty tired of trying anything more and created a VPN tunnel to my NAS for people to use. It’s an extra step, but with openVPN it comes down to clicking connect. Plus, it has the added advantage of safe access to all applications on the NAS without going through this again for each one.