gitlab使用外部nginx进行代理并且开启https

1.打开/etc/gitlab/gitlab.rb,找到external_url变量,输入你要部署的gitlab外部访问地址

2.搜索nginx,禁用内部nginx。

################################################################################

## GitLab NGINX

##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html

################################################################################

 

 nginx['enable'] = true

3.配置可以访问 gitlab 工作目录的用户,赋予 用户对该目录的读写权限。由于我们安装的nginx是用www用户,所以把www用户加上

################################################################################

## GitLab Web server

##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#using-a-non-bundled-web-server

################################################################################

 

##! When bundled nginx is disabled we need to add the external webserver user to

##! the GitLab webserver group.

 web_server['external_users'] = ['www','git','root']

4.配置nginx转发

upstream gitlab-workhorse {

  server unix:/var/opt/gitlab/gitlab-workhorse/socket;

}

server {

    listen       80;

    server_name  git.yourgitlab.com;

    return 301 https://$server_name$request_uri;

}

 

 

server {

    listen       443;

    ssl                  on;

    ssl_certificate      /usr/local/nginx/conf/crt/git.yourgitlab.com.pem;

    ssl_certificate_key   /usr/local/nginx/conf/crt/git.yourgitlab.com.key;

    ssl_session_timeout 5m;

    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    ssl_prefer_server_ciphers on;

    server_name  git.yourgitlab.com;

 

    location / {

        proxy_set_header Host $host;

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_set_header X-Forwarded-Proto  "https";

        proxy_set_header X-Forwarded-Ssl  "on";

        proxy_pass http://gitlab-workhorse;

    }

}

 

时间:2021-04-27 | 分类:技术文摘 | 标签: HTTPS  gitlab  nginx 
评论列表
暂无评论
发表评论
昵称
邮箱
内容