I installed gitlab-ce on CentOS8. It is behind nginx (not the bundled one, another), it has been configured for https connection. The clone access is configured for both ssh and http(s). My problem is, that the Clone button of a project shows this:
Why is it only HTTP and not HTTPS?
The other problem is (I suppose related) that the http clone link is not working, I get this:
“fatal: unable to access ‘http://…’: Empty reply from server”
However the ssh link works fine.
What am I missing? Thanks!
Welcome @waszil
Sounds to me that the problem is your external_url in /etc/gitlab/gitlab.rb is configured for HTTP and not HTTPS.
I’m also assuming yours HTTPS is only configured in NGINX and you are redirecting to port 80 on your gitlab instance. Any particular reason for doing it like this and not using the bundled NGINX?
Your best bet to be honest, is to use the bundled NGINX and configure external_url to use HTTPS. If you wish to use a separate nginx, then you’ll need to configure NGINX to deal with the links correctly which means additonal configuration with X-Forwarded-Proto etc so that HTTP links returned from gitlab are then changed to HTTPS. This is normal behaviour when you are attempting to proxy SSL requests via NGINX to non SSL connections like you are doing here. Sadly though it’s problematic like you see already when it’s not configured properly.
Hi, thanks for the fast answer! Indeed, I forgot to update the external_url in gitlab.rb. Now I have the correct URL, and I’ll figure out why it still does not work (I have configured the unbundled nginx based on the gitlab documentation and this: https://www.linode.com/docs/development/version-control/how-to-unbundle-nginx-from-omnibus-gitlab-for-serving-multiple-websites/ , and actually I have an already running nginx on the server, so I need to use that.)
I had a similar situation having Apache on the same server as gitlab. I got around it by adding a second public IP to the VPS from my hosting provider although I guess could have done it like you have. Kept it much simpler though as I just had to bind gitlab just to one IP instead of doing a load of config changes. And Apache bound to the other IP since they would conflict with ports 80 and 443 otherwise.