Home > front end >  Gitlab behind Apache Proxy
Gitlab behind Apache Proxy

Time:02-21

After searching for hours for a solution to Gitlab running behind an Apache Reverse Proxy. To be clear I can connect to the Gitlab Instance and I also can do every basic function like pushing, cloning code, and so on.

My Problem is that every image I post in an Issue always has http://127.0.0.1:8090/.../ as the URL. I tried changing the external_url this always resulted in Gitlab responding with a 502. Any other settings I changed and tried had either no effect or resulted in 500s or 503s. I decided to ask any of you for a hint.

My current Configuration is: /etc/gitlab/gitlab.rb

 external_url 'http://127.0.0.1:8090'
 gitlab_rails['time_zone'] = 'Europe/Berlin'

 gitlab_rails['smtp_enable'] = true
 gitlab_rails['smtp_address'] = "mail.server.de"
 gitlab_rails['smtp_port'] = 465
 gitlab_rails['smtp_user_name'] = "[email protected]"
 gitlab_rails['smtp_password'] = "password"
 gitlab_rails['smtp_domain'] = "mail.server.de"
 gitlab_rails['smtp_authentication'] = "login"
 gitlab_rails['smtp_enable_starttls_auto'] = false
 gitlab_rails['smtp_tls'] = true
 gitlab_rails['smtp_pool'] = false

 gitlab_rails['smtp_openssl_verify_mode'] = 'none'

 gitlab_rails['gitlab_email_enabled'] = true

 gitlab_rails['gitlab_email_from'] = '[email protected]'
 gitlab_rails['gitlab_email_display_name'] = 'NoReply Server'
 gitlab_rails['gitlab_email_reply_to'] = '[email protected]'

 gitlab_rails['gitlab_default_theme'] = 2

 letsencrypt['enable'] = false

/etc/apache2/sites-available/gitlab.conf

<VirtualHost *:443>
    ServerName gitlab.server.de
    
    ProxyPreserveHost On
    ProxyRequests Off
    ProxyPass /.well-known/acme-challenge !
    ProxyPass / http://127.0.0.1:8090/ retry=0
    ProxyPassReverse / http://127.0.0.1:8090/
    
    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/gitlab.server.de/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/gitlab.server.de/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>

Can you guys help me with that? Thanks in advance.

CodePudding user response:

Set your external_url to the URL users use to reach your GitLab server. e.g. gitlab.server.de according to your Apache config.

Additionally, you'll want to fix the proxy headers to deal with the protocol change if you're not using mutual TLS.

Most importantly, you'll need to explicitly configure GitLab's internal nginx to listen on the port you've specified in your proxy/proxypass config and not use https.

So, something like this:

external_url "https://gitlab.server.de"

# set listen port explicitly, required when using non-default port
# and port is not specified in external_url
nginx['listen_port'] = 8090

# disable https listener, since Apache is setup for SSL/TLS termination
nginx['listen_https'] = false


# technically optional, set proxy headers
nginx['proxy_set_headers'] = {
    "X-Forwarded-Proto" => "http",
    "X-Forwarded-Port" => "80"
}

It's also important to note that GitLab itself should be able to reach itself using its external_url. In other words, your Apache server should (1) be resolvable by DNS on the host and (2) be allowed to be reached from GitLab.

Page link:https//www.codepudding.com/frontend/308727.html

Prev:Swift retrieve user info from firebase firebase firestore
Next:Rewriting url php, newbie with basic problem
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding