(had to replace http with hxxp because “new forum users are only allowed 2 links”)
I’ve installed gitlab_7.7.1-omnibus.5.4.1.ci-1_amd64.deb which worked well. I then went on and configured it to use a non bundled nginx server. The problem I get is that if I go to hxxps://git.mydomain.com I get into a redirect loop. Interestingly if I go directly to hxxps://git.mydomain.com/ and then login once authenticated even hxxps://git.mydomain.com works fine until I logout again.
Below is my nginx host file, can anyone tell me the solution please.
upstream gitlab {
server unix:/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket fail_timeout=0;
}
server {
listen *:80;
server_name git.mydomain.com;
server_tokens off;
root /nowhere;
rewrite ^ https://$server_name$request_uri permanent;
}
server {
listen 443 ssl;
server_name git.mydomain.com;
server_tokens off;
root /opt/gitlab/embedded/service/gitlab-ci/public;
client_max_body_size 20m;
ssl on;
ssl_certificate /etc/nginx/ssl/gitlab.crt;
ssl_certificate_key /etc/nginx/ssl/gitlab.key;
ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4';
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache builtin:1000 shared:SSL:10m;
add_header Strict-Transport-Security max-age=63072000;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;
location / {
try_files $uri $uri/index.html $uri.html @gitlab;
}
location @gitlab {
gzip off;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_set_header X-Forwared-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host git.mydomain.com:443;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_pass http://gitlab;
}
location ~ ^/(assets)/ {
root /opt/gitlab/embedded/service/gitlab-rails/public;
gzip_static on;
expires max;
add_header Cache-Control public;
}
error_page 502 /502.html;
}