Custom nginx config for Kroki

Hey everyone,

I want to make Kroki available on my self-hosted GitLab server. Installing Kroki and integrating it with GitLab was quite easy, but I hat to use my server’s IP address to reach the Kroki API (e.g. http://1.2.3.4:8000), which is not encrypted and I would prefer to use a domain name instead. My goal would be to use https://kroki.gitlab.example.com or https://gitlab.example.com:8042.

This means I have to adjust the nginx config of my Omnibus GitLab installation on Ubuntu.
I set nginx['custom_nginx_config'] = "include /etc/gitlab/nginx.conf.d/*.conf;" in gitlab.rb and then started experimenting with different nginx configs, followed by gitlab-ctl reconfigure, but nothing seems to work so far.

I would like to do a proxy_pass that redirects external traffic from https://gitlab.example.com:8042 to localhost:8000

server {
    listen *:8042 ssl http2;
    listen [::]:8042 ssl http2;
    server_name gitlab.example.com;

    location / {
        proxy_pass http://localhost:8000;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

But there is no answer from http://gitlab.example.com:8042 or https://gitlab.example.com:8042. Any idea why?

it works now, here’s what was wrong

  • GitLab’s nginx config does not provide any default TLS settings, you have to repeat those in your custom config. You can use the config for the GitLab registry as template, it’s in /var/opt/gitlab/nginx/conf/gitlab-registry.conf. All you need to adjust are the external and internal ports.
  • I forgot to add a firewall rule for port 8042 :sweat_smile: