Configure apache2 mod_proxy and Gitlab

How to Use GitLab
1

I easily installed Gitlab on my Ubuntu 14.04 Server and got it running from my internal IP Adresse. Now i try to figure out how i can Setup my Apache2 mod_proxy to have my Gitlab installation open for my external IP Adress.

Here is what i have

  • working Gitlab installation on Ubuntu 14.04, there is a Apache2 on the same server, offering Owncloud and some other Websites too.
  • static public IPv4 adress.
  • static public IPv6 adress.
  • public DNS Name.
  • Port forwarding on my Router to my mod_proxy Apache2 Server (Ubuntu 14.04).
  • mod_proxy configured to successfully serve owncloud and other sites (wich are on the same server as gitlab is installed on, but served by apache2)

My proxyservers apache configuration

for http:

<VirtualHost *:80>
ServerName my_external_domainname.de

          ServerAdmin me@my_external_domainname.de
          DocumentRoot /var/www/html
   
          ErrorLog ${APACHE_LOG_DIR}/error.log
          CustomLog ${APACHE_LOG_DIR}/access.log combined
           ProxyPreserveHost On
           ProxyRequests Off

           AllowEncodedSlashes NoDecode

          ProxyPass "/owncloud" "https://192.168.7.6/owncloud"
          ProxyPassReverse "/owncloud" "https://192.168.7.6/owncloud"

           ProxyPass "/git" "https://192.168.7.6:8443/"
           ProxyPassReverse /git "https://192.168.7.6:8443/"

          ProxyPass "/fhem" "https://192.168.7.6:8083/fhem"
          ProxyPassReverse "/fhem" "https://192.168.7.6:8083/fhem"

          ProxyPass "/webmail" "http://192.168.7.6/webmail"
          ProxyPassReverse "/webmail" "http://192.168.7.6/webmail"

          ProxyPass "/shuffle" "http://192.168.7.6/shuffle"
          ProxyPassReverse "/shuffle" "http://192.168.7.6/shuffle"

          ProxyPass "/prtg" "https://192.168.7.10:444"
          ProxyPassReverse "/prtg" "https://192.168.7.10:.444"

          ProxyPass "/tt-rss" "https://192.168.7.6/tt-rss"
          ProxyPassReverse "/tt-rss" "https://192.168.7.6/tt-rss"

          ProxyPass "/bouncer" "https://192.168.7.4:8080"
          ProxyPassReverse "/bouncer" "https://192.168.7.4:8080"

vim: syntax=apache ts=4 sw=4 sts=4 sr noet

for https:

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
            ServerName my_external_domainname.de
            ServerAdmin me@my_external_domainname.de
            ServerSignature Off
            DocumentRoot /var/www/html

            ErrorLog ${APACHE_LOG_DIR}/error.log
            CustomLog ${APACHE_LOG_DIR}/access.log combined

            SSLEngine on
            SSLCertificateFile      /etc/apache2/ssl/my_external_domainname.de/my_external_domainname.de.cer
            SSLCertificateKeyFile /etc/apache2/ssl/my_external_domainname.de/my_external_domainname.de.key
            SSLCertificateChainFile /etc/apache2/ssl/my_external_domainname.de/sub.class1.server.ca.pem
            SSLProtocol All -SSLv2 -SSLv3
            SSLCompression off
            SSLHonorCipherOrder On
            SSLCipherSuite EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+S$
            Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"

            SSLProxyEngine on
            SSLProxyVerify none
            SSLProxyCheckPeerCN off
            SSLProxyCheckPeerName off

            ProxyPreserveHost On
            ProxyRequests Off

            AllowEncodedSlashes NoDecode

          ProxyPass "/owncloud" "https://192.168.7.6/owncloud"
          ProxyPassReverse "/owncloud" "https://192.168.7.6/owncloud"

          ProxyPass "/git" "https://192.168.7.6:8443/"
          ProxyPassReverse /git "https://192.168.7.6:8443/"

          ProxyPass "/fhem" "https://192.168.7.6:8083/fhem"
          ProxyPassReverse "/fhem" "https://192.168.7.6:8083/fhem"

          ProxyPass "/webmail" "http://192.168.7.6/webmail"
          ProxyPassReverse "/webmail" "http://192.168.7.6/webmail"

          ProxyPass "/shuffle" "http://192.168.7.6/shuffle"
          ProxyPassReverse "/shuffle" "http://192.168.7.6/shuffle"

          ProxyPass "/prtg" "https://192.168.7.10:444"
          ProxyPassReverse "/prtg" "https://192.168.7.10:.444"

          ProxyPass "/tt-rss" "https://192.168.7.6/tt-rss"
          ProxyPassReverse "/tt-rss" "https://192.168.7.6/tt-rss"

         ProxyPass "/bouncer" "https://192.168.7.4:8080"
         ProxyPassReverse "/bouncer" "https://192.168.7.4:8080"
    </VirtualHost>

my Gitlab config (gitlab.rb) besides al lot of email stuff is:

external_url ‘https://my_external_domainname.de’
nginx[‘listen_port’] = 8443

All proxied sites are available trough: my_external_domainname.de/subfoldername, except Gitlab. When i call:
https://192.168.7.5/git (wich ist my proxy’s internal IP) i get redirected to https://192.168.7.5/users/sign_in
from the external IP https://my_external_domainname.de/git i get:

404 Not Found

The requested URL /git was not found on this server.

I don’t know what to do, to reach Gitlab from https://my_external_domainname.de.de/git

Maybe someone here can help me?

Thanks

Dirk

2

Gitlab does not support running in a “subfolder”. The best solution is to add another subdomain (as a CNAME from git.my_external_domainname.de pointing to my_external_domainname.de) and have Gitlab run there.

Alternatively, you could actually use Gitlab on another port (say 8443), and have https://my_external_domainname.de/git redirect you to https://my_external_domainname.de:8443/. The first option is much better though, if you can do it.

3

Gitlab already runs on Port 8443 and my mod_proxy is configured to proxy my_external_domain.de/git to internal.local:8443 but everytime i call my.
_external_domain.de/git i get redirected to my_external_domain.de/users/login, wich can’t be reached because “git” is missing in the URL