1.打开/etc/gitlab/gitlab.rb,找到external_url变量,输入你要部署的gitlab外部访问地址
2.搜索nginx,禁用内部nginx。
################################################################################
## GitLab NGINX
##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html
################################################################################
nginx['enable'] = true
3.配置可以访问 gitlab 工作目录的用户,赋予 用户对该目录的读写权限。由于我们安装的nginx是用www用户,所以把www用户加上
################################################################################
## GitLab Web server
##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#using-a-non-bundled-web-server
################################################################################
##! When bundled nginx is disabled we need to add the external webserver user to
##! the GitLab webserver group.
web_server['external_users'] = ['www','git','root']
4.配置nginx转发
upstream gitlab-workhorse {
server unix:/var/opt/gitlab/gitlab-workhorse/socket;
}
server {
listen 80;
server_name git.yourgitlab.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443;
ssl on;
ssl_certificate /usr/local/nginx/conf/crt/git.yourgitlab.com.pem;
ssl_certificate_key /usr/local/nginx/conf/crt/git.yourgitlab.com.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
server_name git.yourgitlab.com;
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
proxy_set_header X-Forwarded-Ssl "on";
proxy_pass http://gitlab-workhorse;
}
}