Struggling to deploy with domain name

Hey there,

I’ve been trying to deploy the Self Hosted service onto GCP and found while I am inserting a Domain Name, the application is not connecting.

I have tried the following:

  1. Deploy without a domain name. This has deployed successfully on a separate GCP Project. I am able to authenticate the application with OAuth 2.0 on my GitHub and is working as expected.

  2. Deploying with a subdomain of gitpod. and without a subdomain at my URL. I have bought a domain via Google Domains and have changed the DNS record to point first at the subdomain and secondly at the main Domain route.

On both, I kept receiving an error:
[Error in fetching sampling strategy: Error: connect ECONNREFUSED 0.0.0.0:5778]

On the GSuite Toolbox: https://toolbox.googleapps.com/apps/dig/#A/

I could see that both my URL’s are mapped correctly to the Public IP as instructed by the end of the startup script.

Really appreciate any help!
Jordan

After doing some digging, it looks like it is a HTTP vs HTTPS issue.

Will look at https://www.gitpod.io/docs/self-hosted/latest/install/https-certs// to see if I can resolve it.

I’ve generated the dhparams.pem file, however, I’m not sure where I’m suppose to put it?

Any support would be highly appreciated!
Thanks
Jordan

Hi Jordan,

although certificates are not essential to the installation, they are highly recommended.
If you have a public domain, you can use certbot to get them for your domain. Gitpod creates workspaces using subdomains. Therefore you have to get wildcard certificates for your-domain.com, *.your-domain.com and *.ws.your-domain.com. The dhparams.pem is also placed in the same folder as the certificates. The path can be configured in the values.yaml.

gitpod:
  certificatesSecret:
    secretName: proxy-config-certificates
    path: secrets/https-certificates/*
gitpod_selfhosted:
  variants:
    customCerts: true

The path is relative to the helm directory.

Best regards,
Wulf

@wulfthimm I am following the documentation at https://github.com/gitpod-io/gitpod/tree/main/install/docker

I get the following error

gitpod_1  | time="2021-04-13T21:43:58.204653917Z" level=error msg="Failed to process config: failed to process /var/lib/rancher/k3s/server/manifests/gitpod-helm-installer.yaml: Object 'Kind' is missing in '{\"certificatesSecret\":{\"secretName\":\"proxy-config-certificates\"},\"components\":{\"imageBuilder\":{\"dindMtu\":1450},\"workspace\":{\"template\":{\"spec\":{\"dnsConfig\":null,\"dnsPolicy\":\"ClusterFirst\"}}},\"wsDaemon\":{\"containerRuntime\":{\"containerd\":{\"socket\":\"/run/k3s/containerd/containerd.sock\"},\"nodeRoots\":[\"/var/lib\",\"/run/k3s/containerd/io.containerd.runtime.v1.linux\",\"/run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io\",\"/var/lib\",\"/run/k3s/containerd/io.containerd.runtime.v1.linux\",\"/run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io\",\"/var/lib\",\"/run/k3s/containerd/io.containerd.runtime.v1.linux\",\"/run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io\"]}}},\"docker-registry\":{\"persistence\":{\"enabled\":true,\"existingClaim\":\"docker-registry\"}},\"forceHTTPS\":true,\"gitpod\":{\"certificatesSecret\":{\"path\":\"../secrets/https-certificates/*\",\"secretName\":\"proxy-config-certificates\"}},\"gitpod_selfhosted\":{\"variants\":{\"customCerts\":true}},\"hostname\":\"code-server.simoncarr.co.uk\",\"ingressMode\":\"pathAndHost\",\"minio\":{\"accessKey\":\"add-here-a-random-string\",\"persistence\":{\"existingClaim\":\"minio\"},\"secretKey\":\"add-here-another-random-string\"},\"mysql\":{\"persistence\":{\"existingClaim\":\"mysql\"}}}'"
gitpod_1  | E0413 21:43:59.434885      72 secret.go:195] Couldn't get secret default/https-certificates: secret "https-certificates" not found
gitpod_1  | E0413 21:43:59.435075      72 nestedpendingoperations.go:301] Operation for "{volumeName:kubernetes.io/secret/86b6c235-4e48-4ddb-9a42-068fe0a588e9-https-certificates podName:86b6c235-4e48-4ddb-9a42-068fe0a588e9 nodeName:}" failed. No retries permitted until 2021-04-13 21:44:07.435010836 +0000 UTC m=+31.780152195 (durationBeforeRetry 8s). Error: "MountVolume.SetUp failed for volume \"https-certificates\" (UniqueName: \"kubernetes.io/secret/86b6c235-4e48-4ddb-9a42-068fe0a588e9-https-certificates\") pod \"registry-facade-dwhnl\" (UID: \"86b6c235-4e48-4ddb-9a42-068fe0a588e9\") : secret \"https-certificates\" not found"
gitpod_1  | E0413 21:48:09.659025      72 kubelet.go:1653] Unable to attach or mount volumes for pod "registry-facade-dwhnl_default(86b6c235-4e48-4ddb-9a42-068fe0a588e9)": unmounted volumes=[https-certificates], unattached volumes=[config pull-secret https-certificates cache]: timed out waiting for the condition; skipping pod
gitpod_1  | E0413 21:48:09.659103      72 pod_workers.go:191] Error syncing pod 86b6c235-4e48-4ddb-9a42-068fe0a588e9 ("registry-facade-dwhnl_default(86b6c235-4e48-4ddb-9a42-068fe0a588e9)"), skipping: unmounted volumes=[https-certificates], unattached volumes=[config pull-secret https-certificates cache]: timed out waiting for the condition

Here is my docker file

version: '3'
services:

  gitpod:
    image: eu.gcr.io/gitpod-core-dev/build/gitpod-k3s:${VERSION:-latest}
    privileged: true
    volumes:
      - ./values:/values
      - ./secrets/https-certificates:/https-certificates
      - ./secrets/https-certificates:/certs
    ports:
      - 443:443
      - 80:80
    environment:
      - DOMAIN=${DOMAIN}
      - BASEDOMAIN=${BASEDOMAIN}

I have put a values.yaml file both in the same directory as my docker-compose.yaml file and in a directory called values. The content of values.yaml is (in the values/values.yaml I added …/ to path:)

gitpod:
  certificatesSecret:
    secretName: proxy-config-certificates
    path: secrets/https-certificates/*
gitpod_selfhosted:
  variants:
    customCerts: true

I have a folder secrets/https-certificates which contain my letsencrypt certs that were created using the documentation here https://www.gitpod-staging.com/docs/self-hosted/latest/install/34_https_certs/

I am getting so frustrated. I have been at this now for 3 days and getting no where. Any help would be much appreciated.

Thanks
Simon