Gitlab SSL_ERROR_INTERNAL_ERROR_ALERT

vhalragnarok · June 27, 2025, 12:28am

1. The problem I’m having:

I have Gitlab-CE installed via Docker in a VM using this exact compose:

services:
  gitlab:
    image: gitlab/gitlab-ce:latest
    container_name: gitlab
    restart: always
    hostname: 'gitlabeval.7imezones.com'
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        # Add any other gitlab.rb configuration here, each on its own line
        external_url 'https://gitlabeval.7imezones.com'
    ports:
      - '80:80'
      - '443:443'
      - '22:22'
    volumes:
      - '$GITLAB_HOME/config:/etc/gitlab'
      - '$GITLAB_HOME/logs:/var/log/gitlab'
      - '$GITLAB_HOME/data:/var/opt/gitlab'
    shm_size: '256m'

I have also tried the instructions found in: Caddy reverse-proxying Gitlab and I cannot get GitLab to load. It is failing in my browser with a SSL_ERROR_INTERNAL_ERROR_ALERT . I have not adjusted any settings in the gitlab.rb file.

curl -vL produces:

TLSv1.3 (IN), TLS alert, internal error (592):
OpenSSL/3.0.16: error:0A000438:SSL routines::tlsv1 alert internal error

Going to

192.168.1.230:80

in my browser directly works however.

2. Error messages and/or full log output:

TLSv1.3 (IN), TLS alert, internal error (592):
OpenSSL/3.0.16: error:0A000438:SSL routines::tlsv1 alert internal error

3. Caddy version:

v2.10.0

4. How I installed and ran Caddy:

apt install caddy
systemctl enable caddy

a. System environment:

Proxmox Host, Debian 12 VM, direct install from Debian Repositories (no Docker Container).

b. Command:

PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.

c. Service/unit/compose file:

d. My complete Caddy config:

code.7imezones.com {
     reverse_proxy 192.168.1.251:300
}
gitlabeval.7imezones.com {
     reverse_proxy 192.168.1.230:80
}

5. Links to relevant resources:

I tried the instructions from when the OP solved not being able to run GitLab in this following thread:

And it did not work for me.

https://www.reddit.com/r/selfhosted/comments/1lkzpm5/gitlab_caddy/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button

Also trying suggestions here and nothing is working as well.

vhalragnarok · June 27, 2025, 1:11am

I wish to report I have success.

1: I had to systemctl reload caddy after changing the Caddyfile.

2:

services:
  gitlab:
    image: gitlab/gitlab-ce:latest
    container_name: gitlab
    restart: always
    hostname: 'gitlabeval.7imezones.com'
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        # Add any other gitlab.rb configuration here, each on its own line
        external_url 'http://192.168.1.230'
    ports:
      - '80:80'
      - '443:443'
      - '22:22'
    volumes:
      - '$GITLAB_HOME/config:/etc/gitlab'
      - '$GITLAB_HOME/logs:/var/log/gitlab'
      - '$GITLAB_HOME/data:/var/opt/gitlab'
    shm_size: '256m'

I have to use this Docker Compose exactly.

3:

gitlabeval.7imezones.com {
    reverse_proxy 192.168.1.230:80
}

Is all you need for the Caddyfile.

vhalragnarok · June 27, 2025, 2:38am

You’ll run into an issue with Gitlab where on non-local devices clicking on some links will hard direct you to a local network IP. Aka sites broken if you try to access it externally.

services:
  gitlab:
    image: gitlab/gitlab-ce:latest
    container_name: gitlab
    restart: always
    hostname: 'gitlabeval.7imezones.com'
    environment:
      GITLAB_OMNIBUS_CONFIG: |
        # Add any other gitlab.rb configuration here, each on its own line
        external_url 'http://gitlabeval.7imezones.com'
    ports:
      - '80:80'
      - '443:443'
      - '22:22'
    volumes:
      - '$GITLAB_HOME/config:/etc/gitlab'
      - '$GITLAB_HOME/logs:/var/log/gitlab'
      - '$GITLAB_HOME/data:/var/opt/gitlab'
    shm_size: '256m'

This appears to be working.