Gitlab pages behind a reverse proxy on different machine

acorbe · December 27, 2022, 3:49pm

Hello,

I have a working gitlab deployment on machine A.

I’d like to add a gitlab pages deployment, yet with the following complication:

1.- pages is reverse proxied by machine B
2.- machine B has an nginx reverse proxy that applies the wildcard ssl certificate.
3.- authentication for pages is enabled

I have a working setup with points 1+2, which however breaks when I enable authentication.

The procedure breaks when gitlab tries to set the secrets (gitlab reconfigure):

 * ruby_block[authorize pages with gitlab] action run[2022-12-27T15:22:34+00:00] WARN: Connecting to GitLab to generate new app_id and app_secret for GitLab Pages.
[2022-12-27T15:22:57+00:00] WARN: Something went wrong while executing gitlab-rails runner command to get or create the app ID and secret.
[2022-12-27T15:22:57+00:00] INFO: ruby_block[authorize pages with gitlab] called

To provide more details:

A has a public eth interface on which gitlab is served and a private one that enables the communication with B
B has the wildcard alias

B nginx config

server {
	
	listen 443 ssl ;
	listen [::]:443 ssl ;
	
	server_name ~.*.pages.<omissis>;

	location / {
		proxy_pass http://192.168.32.5:82;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
    		proxy_set_header Connection "upgrade";
    		proxy_set_header Host $http_host;

    		proxy_set_header X-Real-IP $remote_addr;
    		proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
    		proxy_set_header X-Forward-Proto http;
    		proxy_set_header X-Nginx-Proxy true;
    		proxy_redirect off;
		
	}

	ssl_certificate    /XXX;
        ssl_certificate_key    /XXX;
	ssl_password_file /XXX;
}

whereas the relevant gitlab.rb configuration is:

pages_external_url "https://pages.XXX"
gitlab_pages['enable'] = true
## from bug https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/4890#note_261373269           

## WHEN I ENABLE AUTHENTICATION IT BREAKS!       
gitlab_rails["pages_enabled"] =  false

##! Configure to expose GitLab Pages on external IP address, serving the HTTP                          
gitlab_pages['external_http'] = ['192.168.32.5:82']
                           
gitlab_pages['propagate_correlation_id'] = false

Any help appreciated.

`

paultir · December 11, 2023, 4:13pm

Hello there,
I’m running into the same problem with a similar setup. Have you found a solution already?

Thanks and have a nice day!
Paul

acorbe · December 14, 2023, 6:45am

No solution yet, unfortunately. Still stuck…