Gitlab working with Nginx as Reverse Proxy

Dear All
i want used my gitlab server behind Nginx as Reverse Proxy.
my nginx config is :

server {
listen 8080;

location /gitlab/ {
rewrite /gitlab(.*) $1 break;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header HOST $host;
proxy_redirect off;
proxy_pass http://ip-gitlab:port;

and my gitlab.rb is :

external_url ‘http://gitlab-ip-address
nginx[‘real_ip_header’] = ‘X-Real-IP’
nginx[‘real_ip_recursive’] = ‘on’

but when i access to http://reverse-proxy-ip:8080/gitlab , /gitlab context has been remove , and nginx reverse to address http://reverse-proxy-ip/users/sign_in (without /gitlab context) and i face with This error: site can’t be reached. could you please fix my this big issue?

Start here (assuming you are using an Omnibus installation): Using a non-bundled web-server

Skip step 4.

For step 5, start with this sample NGINX config file (or this one if you’re setting it up with SSL).
Note how the proxy_pass directive points at an upstream called gitlab-workhorse, which is configured at the top of the file. Don’t change this.

If you need to, change the port of the listen directives to 8080.
If you have a (sub)domain that you want to use for GitLab, change YOUR_SERVER_FQDN to this, otherwise change it to the public IP address of the server.

Next, Configure the external URL for GitLab.
If you have to serve GitLab from /gitlab, change the location directive in the NGINX config from / to /gitlab and Configure a relative URL for GitLab to match*.

Examples for external_url in gitlab.rb (without SSL):

  • If you are using a (sub)domain and serving from / on port 80
    external_url ""
  • If you are using the IP address and serving from /gitlab on port 8080
    external_url "http://gitlab-ip-address:8080/gitlab"

You don’t need any rewrite directive in your NGINX config. The way you have it set up now, you are actually telling it to remove the /gitlab part from the URL.

* This should only be necessary if you are serving other applications on the same domain/ip and port combination.

1 Like

many thanks for your respond ! but i have question about step 2 ( Set the username of the non-bundled web-server user) is that neccessary for create user for nginx ? and please send to me sample about step 2.

If you have NGINX installed then the user already exists, it’s probably www-data or nginx depending on your setup. It should be on the first line of /etc/nginx/nginx.conf.

1 Like

sorry !! iam confuse !!
in gitlab document say : Set the username of the non-bundled web-server user on etc/gitlab/gitlab.rb , but you say set on nginx.conf !
and my second question is , i should only write
web_server[‘external_users’] = [‘www-data’] without any change in statement in gitlab.rb or nginx.conf?

Sorry, what I meant was that you can find out what the username should be by looking at the first line of nginx.conf. You don’t need to change anything in that file.

In gitlab.rb add web_server[‘external_users’] = [‘www-data’] but change www-data to the username that you found in nginx.conf, if necessary.

1 Like

but i cant find “user” in my nginx.conf !!
should i add “user” in my nginx.conf?
and if your answer is YES , which user should be add in this line?

Try running ps -eo user,comm | grep nginx

It will print something like:

root     nginx
nginx    nginx
nginx    nginx


root     nginx
www-data nginx
www-data nginx

Ignore the first line, the user is on the left side starting from line 2.

1 Like

This is to thank you for devoting your time to answering my questions

1 Like