Please share a working example of setting up NGINX when it receives requests and proxies them to another server with Gitlab. Used such
server {
listen 80;
listen [::]:80;
server_name gitlab.mysite.com www.gitlab.mysite.com;
server_tokens off;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return https://gitlab.mysite.com$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name gitlab.mysite.com www.gitlab.mysite.com;
ssl_certificate /etc/nginx/ssl/live/gitlab.mysite.com/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/live/gitlab.mysite.com/privkey.pem;
location / {
proxy_pass https://192.168.1.40;
}
}
reconfigure Gitlab with these settings external_url ‘https://gitlab.mysite.com’,
everything seems to be working, received certificate on the nginx server and the gilab itself received it too, but the problem is that after logging in it says that the certificate is invalid in the browser
Finally worked this configuration
nginx.conf:
server {
listen 80;
listen [::]:80;
server_name gitlab.mysite.com www.gitlab.mysite.com;
server_tokens off;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return https://gitlab.mysite.com$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name gitlab.mysite.com www.gitlab.mysite.com;
ssl_certificate /etc/nginx/ssl/live/gitlab.mysite.com/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/live/gitlab.mysite.com/privkey.pem;
location / {
proxy_pass http://192.168.1.40:80;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Ssl on;
}
}
server {
listen 80;
listen [::]:80;
client_max_body_size 20000M;
server_name registry.mysite.com www.registry.mysite.com;
server_tokens off;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return https://registry.mysite.com$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
client_max_body_size 20000M;
server_name registry.mysite.com www.registry.mysite.com;
ssl_certificate /etc/nginx/ssl/live/registry.mysite.com/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/live/registry.mysite.com/privkey.pem;
location / {
proxy_pass http://192.168.1.40;
proxy_redirect off;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Ssl on;
}
}
gitlab.rb:
external_url 'https://gitlab.mysite.com'
nginx['listen_port'] = 80
nginx['listen_https'] = false
registry_external_url 'https://registry.mysite.com'
gitlab_rails['registry_enabled'] = true
registry['enable'] = true
registry_nginx['enable'] = true
registry_nginx['proxy_set_headers'] = {
"Host" => "$http_host",
"X-Real-IP" => "$remote_addr",
"X-Forwarded-For" => "$proxy_add_x_forwarded_for",
"X-Forwarded-Proto" => "https",
"X-Forwarded-Ssl" => "on"
}
registry_nginx['listen_port'] = 80
registry_nginx['listen_https'] = false
1 Like
i have been trying to figure this out for the past 2 days. You saved my live