LrMaker
文章
30
分类
5
评论
0

CentOS安装gitlab并使用外部nginx开启ssl

| 后端
字数总计 3455 | 阅读时长 8分钟 | 阅读量 317
  • 安装gitlab,添加镜像源:新建 /etc/yum.repos.d/gitlab-ce.repo,内容为
[gitlab-ce]
name=Gitlab CE Repository
baseurl=https://mirrors.tuna.tsinghua.edu.cn/gitlab-ce/yum/el$releasever/
gpgcheck=0
enabled=1

然后重建缓存,安装

yum makecache
yum install gitlab-ce
  • 修改配置文件/etc/gitlab/gitlab.rb
nginx['enable'] = false
gitlab_workhorse['listen_network'] = "tcp"
gitlab_workhorse['listen_addr'] = "127.0.0.1:7777"
external_url 'https://****.com'
gitlab_rails['trusted_proxies'] = ['****.com']
  • 修改外部nginx配置
upstream gitlab {
    server 127.0.0.1:7777;
}


server {
    listen 80;
    listen [::]:80;
    server_name ****.com;
    client_max_body_size 200m;
    rewrite ^(.*)$ https://$host$1 permanent;

    error_page 404 /404.html;
    location = /40x.html {
    }

    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
    }
}

# Settings for a TLS enabled server.

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name gitlab.mostops.cn;
    client_max_body_size 200m;

    ssl_certificate "****cert.pem";
    ssl_certificate_key "****key.pem";
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout 10m;
    ssl_ciphers PROFILE=SYSTEM;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;

    location / {
        #root  html;
        #index index.html index.htm;
        proxy_pass http://gitlab/;
        proxy_set_header HOST $host:$server_port;
        proxy_set_header X-Forwarded-Proto  "https";
        proxy_set_header X-Forwarded-Ssl  "on";
        proxy_set_header Via "nginx";
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Port $server_port;
        proxy_set_header X-Forwarded-Ssl  "on";
    }

    error_page 404 /404.html;
    location = /40x.html {
    }

    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
    }
}
  • 最后刷新配置并重启nginx
gitlab-ctl reconfigure && service nginx restart
  • 要注意必须加上
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto "https";
    否则在nginx代理后,会出现在域名后自动添加:443导致400错误,如:
    https://gitlab.***.cn:443/users/sign_in
    正确的代理:
    https://gitlab.***.cn/users/sign_in
    还有如果gitlab配置文件的external_url配置为http,可能导致gitlab出现502错误
文章作者: LrMaker
本文链接:
版权声明: 本站所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明来自 最上级
后端 git
喜欢就支持一下吧