Disable GitLab HTTP page

I would like to completely disable (not redirect) the HTTP page for the web UI. Currently, the following is being shown when accessing the http url. The https page is working as expected.


For security reasons, I need there to be no result at all for the http page. I am hoping for a result like this:


What I would suggest is that you open /etc/nginx/sites-available/default and comment out the two lines:

 listen 80 default_server;
        listen [::]:80 default_server;

After that restart your nginx.

I am using docker to deploy GitLab - I probably should have mentioned that in the original post. Do you know where I can find these settings if using docker?

Here is my docker-compose:

version: "3.1"
        image: 'hostname:9091/gitlab/gitlab-ce:13.2.4-ce.0'
              - node.hostname == hostname.dev.local
            condition: any
        hostname: 'hostname.dev.local'
            CHEF_FIPS: ''
                external_url 'https://hostname:9096'
                gitlab_exporter['enable'] = false
                gitlab_rails['gitlab_username_changing_enabled'] = false
                gitlab_rails['gitlab_email_enabled'] = true
                gitlab_rails['gitlab_email_from'] = 'gitlab@hostname'
                gitlab_rails['gitlab_email_display_name'] = 'GitLab'
                gitlab_rails['gitlab_email_reply_to'] = 'noreply@nobody'
                gitlab_rails['smtp_enable'] = true
                gitlab_rails['smtp_address'] = "example.com"
                gitlab_rails['smtp_openssl_verify_mode'] = 'none'
                nginx['ssl_ciphers'] = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256"
        user: root
            - '9096:9096'
            - '30022:22'
            - '/u01/cicd/gitlab/config:/etc/gitlab'
            - '/u01/cicd/gitlab/logs:/var/log//gitlab'
            - '/u01/cicd/gitlab/data:/var/opt/gitlab'
            - '/u01/cicd/toolkit:/var/opt/toolkit'
            - '/u01/cicd/gitlab/backups:/var/opt/gitlab/backups'
            - '/home/DEV/appadm/keystore:/keystores'

Hmm i’m not familiar with docker however i might suggest then that you block the port 80 (HTTP server), if you only want access via HTTPS. I would add iptables rule in that case.

sudo iptables -A INPUT -p tcp  --dport 8080 -j DROP
sudo iptables -A INPUT -p tcp  --dport 80 -j DROP

This will disable HTTP access. However if that is something that doesn’t work out for you then just use the commands below to revert those changes.

sudo iptables -D INPUT -p tcp  --dport 8080 -j DROP
sudo iptables -D INPUT -p tcp  --dport 80 -j DROP

Thanks for the suggestion, however I am using port 9096 for the connection. The valid url is https://hostname:9096/ and the one that I am trying to disable is http://hostname:9096/. So I am not sure how to block the port for http without also blocking it for https

No problem. Good luck in finding a solution that suits you :slight_smile: