The initial solution of nginx. is coexistence. Then, in doing so, it uses its own nginx. There is too little information on the internet, and the official documents are mainly for centos. So it takes time to do a ubuntu. The more comfortable one is to use the coexistence scheme, only need to change the configuration. But the coexistence is too rough. So it is still to use the method of nginx load balancing to do it. Come out. I hope I can give some help to those who need it.
1. Installation of gitlab
Reference resources: Official documents
sudo apt update
sudo apt upgrade
sudo apt-get install curl openssh-server ca-certificates postfix
Send Mail Select'Internet Site'
sudo gitlab-ctl reconfigure
Now you can use it directly.
2. Configuration of gitlab
2.1 View of Gitlab Version Number
cat /opt/gitlab/embedded/service/gitlab-rails/VERSION
2.2 gitlab ssh port modification
2.2.1 Open the configuration file
sudo vim /etc/gitlab/gitlab.rb
Then modify your port
gitlab_rails['gitlab_shell_ssh_port']=2000
Note: It needs to be consistent with port in the following SSH configuration file. If you do not modify the default port of ssh, port modification can be skipped.
sudo vim /etc/ssh/sshd_config
2.2.2 Use commands to rebuild configurations
sudo gitlab-ctl reconfigure
2.3 https
2.3.1 Upload certificates or use self-created ones (see my other article for details)
vim /etc/gitlab/gitlab.rb
Modify the following configuration
external_url 'https://mypzh.com'
3. Non-binding nginx
3.1 gitlab configuration modification
vim /etc/gitlab/gitlab.rb
Modify the following configuration
nginx['enable'] = false
web_server['external_users'] = ['www-data']
Not applicable before Version 8
upstream gitlab-workhorse {
server unix:/var/opt/gitlab/gitlab-workhorse/socket fail_timeout=0;
}
server {
listen 0.0.0.0:80;
listen [::]:80 ipv6only=on default_server;
server_name mypzh.com; #Change to your address
server_tokens off;
return 301 https://$http_host$request_uri;
access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;
}
server {
listen 0.0.0.0:443 ssl;
listen [::]:443 ipv6only=on ssl default_server;
server_name mypzh.com; #Change to your address
root /opt/gitlab/embedded/service/gitlab-rails/public;
ssl on;
ssl_certificate /etc/nginx/cert/mypzh.com.pem;#I put in Ali Yun.
ssl_certificate_key /etc/nginx/cert/mypzh.com.key;#I put in Ali Yun.
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;
location / {
client_max_body_size 0;
gzip off;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://gitlab-workhorse;
}
}
4. Other issues
4.1 Configuration modification ssh port number:
gitlab_rails['gitlab_shell_ssh_port'] = 2000