Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
I
I
Iceforest2022-03-18 14:15:19
Nginx
Iceforest, 2022-03-18 14:15:19

How to correctly configure gitlab config behind nginx reverse proxy so that certificates are registered on the nginx server and not on the gitlab server?

there is a gitlab server that works in the internal grid and there is nginx (external ip) the
nginx config is simple, proxy_pass 10.10.10.10 + the certificate and path on the nginx server are added to the config.
If you go from outside to gitlab, then the ssl certificate is displayed correctly, and if you look at the certificate from the gitlab server, then he does not see it. What needs to be written in the /etc/gitlab/gitlab.rb configs so that the certificate is correct, which is visible to external users? Or the option is only to manually register in the settings. I don’t want to register a certificate on the gitlab server every 3 months =))

nginx['ssl_certificate'] = "/etc/gitlab/ssl/git-le.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/git-le-key.key"

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
S
SlavikF, 2022-03-21
@Iceforest

You can set up everyone to log into Gitlab through an external Nginx. Then you won't have to mess around with different settings.
I have Gitlab configured to work only over HTTP, and SSL is added to Traefik (and not through Nginx, like you have)
Gitlab config:

services:
  gitlab-web:
    image: 'gitlab/gitlab-ce:14.8.2-ce.0'
    hostname: 'dev.slavikf.com'
    ports:
      - '22:22'
    labels:
      - traefik.enable=true
      - traefik.http.routers.gitlab-web.tls.certresolver=myresolver
      - traefik.http.routers.gitlab-web.tls=true
      - traefik.http.routers.gitlab-web.rule=Host(`dev.slavikf.com`)
      - traefik.http.services.gitlab-web.loadbalancer.server.port=80
    environment:
      GITLAB_OMNIBUS_CONFIG: |
          external_url 'https://dev.slavikf.com'
          registry_external_url 'https://dev.slavikf.com'
          nginx['real_ip_header'] = 'X-Forwarded-For'
          nginx['real_ip_recursive'] = 'on'
          nginx['listen_port'] = 80
          nginx['listen_https'] = false
          nginx['redirect_http_to_https'] = false
...

Similar questions
G
Galdar Turin2021-07-21 12:43:27
How to resolve socket io + nginx error? 1Reply
S
Semyon Dubina2012-05-04 07:43:34
What are the limitations for nginx+fastcgi redirect requests? 1Reply
T
try4tune2012-05-11 00:27:40
Articles/helps on setting up a high-performance web server. What to read? 4Reply
P
pazoozoo2018-03-31 15:38:20
Node.js Digitalocean Ubuntu NGINX net::ERR_CONNECTION_TIMED_OUT what could be the problem? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question