Hello. I think other users have this setup, and hopefully this post can document for others how to get it going!
I run an omnibus gitlab-ce behind an nginx reverse proxy that performs ssl termination but get 404 when attempting to route for Pages.
I have a wildcard cert for my domain, and I would like to use it.
I have active runners, and I have cloned the template for Jekyll, the pipe succeeds, and if I download the artifact I see inside the zip file an index.html
At this point, I can only assume my proxy/routing are bad, so if anyone can please help me fix them, here are my current settings:
external nginx proxy, conf file for pages:
upstream gitlab-pages {
server gitlab_gitlab_1:8090;
}
server {
listen 80;
listen 443;
server_name pages.ttr.services;
ssl_certificate /certs/ttr.services/fullchain.pem;
ssl_certificate_key /certs/ttr.services/privkey.pem;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
# This is too small for the places_service image.
# client_max_body_size 1000M;
#
# Setting to 0 turns off checking (i.e. no limit)
client_max_body_size 0;
# following two lines needed for DNS propagation to work
# resolver 127.0.0.11 ipv6=off valid=10s;
# set $gitlab $gitlab-pages;
location / {
proxy_pass http://gitlab-pages;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-Proto http;
proxy_set_header X-Nginx-Proxy true;
proxy_redirect off;
}
}
Here are all settings from gitlab.rb (some redactions, and replaced my tld to “acme.services” which my LE cert covers .acme.services and I do use it with docker.acme.services already )
external_url 'https://gitlab.acme.services'
gitlab_rails['gitlab_email_enabled'] = true
gitlab_rails['gitlab_email_from'] = 'x'
gitlab_rails['gitlab_email_display_name'] = 'Gitlab'
gitlab_rails['gitlab_email_reply_to'] = 'x'
gitlab_rails['gitlab_email_subject_suffix'] = ''
gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "x"
gitlab_rails['smtp_port'] = 25
gitlab_rails['smtp_domain'] = "x"
gitlab_rails['smtp_authentication'] = "none"
gitlab_rails['smtp_enable_starttls_auto'] = false
gitlab_rails['smtp_tls'] = false
gitlab_rails['incoming_email_enabled'] = true
gitlab_rails['incoming_email_address'] = "x"
gitlab_rails['incoming_email_email'] = "x"
gitlab_rails['incoming_email_password'] = "x"
gitlab_rails['incoming_email_host'] = "x"
gitlab_rails['incoming_email_port'] = 993
gitlab_rails['incoming_email_ssl'] = true
gitlab_rails['ldap_enabled'] = true
gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
# LDAP SETTINGS - WORKS FINE
EOS
gitlab_rails['gitlab_shell_ssh_port'] = 2222
registry_external_url 'https://docker.acme.services'
registry['log_level'] = "debug"
unicorn['worker_processes'] = 4
nginx['ssl_client_certificate'] = "/etc/gitlab/ssl/acme.services.crt"
nginx['listen_port'] = 80
nginx['listen_https'] = false
pages_external_url "http://pages.acme.services/"
gitlab_pages['enable'] = true
gitlab_pages['redirect_http'] = false
gitlab_pages['inplace_chroot'] = true
gitlab_pages['external_http'] = []
gitlab_pages['listen_proxy'] = "0.0.0.0:8090"
pages_nginx['enable'] = true
pages_nginx['listen_https'] = false
pages_nginx['redirect_http_to_https'] = false
registry_nginx['enable'] = true
registry_nginx['listen_port'] = 4567
prometheus['listen_address'] = '0.0.0.0:9090'
letsencrypt['enable'] = false
both gitlab and docker work fine behind the proxy.
Assuming someone comments that my non-Pages settings won’t affect things, I will remove them for clarity for later forum lurkers 
I really appreciate any help!
Thanks