ubuntu16.04+gitlab + nginx without binding

Keywords: GitLab Nginx ssh sudo

The initial solution of nginx. is coexistence. Then, in doing so, it uses its own nginx. There is too little information on the internet, and the official documents are mainly for centos. So it takes time to do a ubuntu. The more comfortable one is to use the coexistence scheme, only need to change the configuration. But the coexistence is too rough. So it is still to use the method of nginx load balancing to do it. Come out. I hope I can give some help to those who need it.

1. Installation of gitlab

Reference resources: Official documents

sudo apt update
sudo apt upgrade
sudo apt-get install curl openssh-server ca-certificates postfix

Send Mail Select'Internet Site'

sudo gitlab-ctl reconfigure

Now you can use it directly.

2. Configuration of gitlab

2.1 View of Gitlab Version Number

cat /opt/gitlab/embedded/service/gitlab-rails/VERSION

2.2 gitlab ssh port modification

2.2.1 Open the configuration file

sudo vim /etc/gitlab/gitlab.rb

Then modify your port

gitlab_rails['gitlab_shell_ssh_port']=2000

Note: It needs to be consistent with port in the following SSH configuration file. If you do not modify the default port of ssh, port modification can be skipped.

sudo vim /etc/ssh/sshd_config

2.2.2 Use commands to rebuild configurations

sudo gitlab-ctl reconfigure

2.3 https

2.3.1 Upload certificates or use self-created ones (see my other article for details)

vim /etc/gitlab/gitlab.rb

Modify the following configuration

external_url 'https://mypzh.com'

3. Non-binding nginx

3.1 gitlab configuration modification

vim /etc/gitlab/gitlab.rb

Modify the following configuration

nginx['enable'] = false
web_server['external_users'] = ['www-data']

Not applicable before Version 8

upstream gitlab-workhorse {
  server unix:/var/opt/gitlab/gitlab-workhorse/socket fail_timeout=0;
}
server {
  listen 0.0.0.0:80;
  listen [::]:80 ipv6only=on default_server;
  server_name mypzh.com;  #Change to your address
  server_tokens off; 
  return 301 https://$http_host$request_uri;
  access_log  /var/log/nginx/gitlab_access.log;
  error_log   /var/log/nginx/gitlab_error.log;
}

server {
  listen 0.0.0.0:443 ssl;
  listen [::]:443 ipv6only=on ssl default_server;
  server_name mypzh.com; #Change to your address
  root /opt/gitlab/embedded/service/gitlab-rails/public;

  ssl on;
  ssl_certificate /etc/nginx/cert/mypzh.com.pem;#I put in Ali Yun.
  ssl_certificate_key /etc/nginx/cert/mypzh.com.key;#I put in Ali Yun.

  ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_session_cache shared:SSL:10m;
  ssl_session_timeout 5m;

  access_log  /var/log/nginx/gitlab_access.log;
  error_log   /var/log/nginx/gitlab_error.log;

  location / {
    client_max_body_size 0;
    gzip off;

    proxy_read_timeout      300;
    proxy_connect_timeout   300;
    proxy_redirect          off;

    proxy_http_version 1.1;

    proxy_set_header    Host                $http_host;
    proxy_set_header    X-Real-IP           $remote_addr;
    proxy_set_header    X-Forwarded-Ssl     on;
    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto   $scheme;
    proxy_pass http://gitlab-workhorse;
  }
}

4. Other issues

4.1 Configuration modification ssh port number:

gitlab_rails['gitlab_shell_ssh_port'] = 2000

Posted by GirishR on Sun, 19 May 2019 00:08:00 -0700

Hot Keywords

©2024 Programmer Group