Forward .well-known of gitlab to docker image

[jacob-v-dam]

Checklist

• Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
  • Yes
• Are you sure you're not using someone else's docker image?
  • Yes
• Have you searched for similar issues (both open and closed)?
  • Yes

Describe the bug We have a docker image which runs Gitlab. In this image we need to enable Let's encrypt for extra security. But we can't request any certificate. When you reconfigure Gitlab it would send a request to Let's encrypt which will validate the domain and enable the certificate.

In this case we are not able to validate the domain. But, if we expose Gitlab directly this succeeds and we get a certificate.

Nginx Proxy Manager Version v2.9.18

To Reproduce Steps to reproduce the behavior:

1. Create a docker image
2. Add a proxy to the docker image
3. Try to reconfigure the Gitlab instance and enable the lets encrypt option

Expected behavior Validated certificate

Screenshots No screenshots, but this error might help:

ruby_block[create certificate for git.example.com] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/resources/certificate.rb line 108) had an error: RuntimeError: [git.example.com] Validation failed, unable to request certificate, Errors: [{url: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/2605180644/8ep2fQ, status: invalid, error: {"type"=>"urn:ietf:params:acme:error:unauthorized", "detail"=>"IP: Invalid response from http://git.example.com/.well-known/acme-challenge/CHANLANGE: 404", "status"=>403}} ]

Operating System Ubuntu

Additional context I tried a lot of online stuff like editing the config file or changing the domain name, but this doesn't help. I also tried to forward port 443 instead of 80 and vice versa.

[the1ts]

This is I think pretty simple, NPM is the place that the SSL certs are created and used, Gitlab will sit behind NPM with no direct connections on http/https except via NPM. Therefore, the only place that needs letsencrypt certs is NPM, not Gitlab. If you really need SSL on the connection NPM -> Gitlab, then use a self signed cert in Gitlab, NPM will happily connect to it.

[github-actions[bot]]

Issue is now considered stale. If you want to keep it open, please comment :+1: