I am currently struggling with routing a Gitlab installation through an SSL reverse proxy to have Gitlab respond at the path https://myserver/git.
I am using the sameersbn/gitlab Docker image and an nginx web server as the reverse proxy.
Without SSL, I use the following environment configuration for Gitlab:
- GITLAB_PORT: 80
- GITLAB_RELATIVE_URL_ROOT: /git
- GITLAB_HOST: myserver
My site-config for nginx looks like this:
server {
listen 80 default_server;
server_name myserver;
location /git {
proxy_pass http://gitlab/git;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
The reverse proxy is also a Docker container which links my Gitlab container as hostname gitlab.
This works – going to http://myserver/git redirects me to the login page.
However, when changing it to SSL:
- GITLAB_PORT: 443
- GITLAB_RELATIVE_URL_ROOT: /git
- GITLAB_HOST: myserver
- GITLAB_HTTPS: true
- SSL_SELF_SIGNED: true
and
server {
listen 443 ssl;
server_name myserver;
ssl_certificate /etc/ssl/certs/server.crt;
ssl_certificate_key /etc/ssl/certs/server.key;
location /git {
proxy_pass http://gitlab/git;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
}
does not work. When calling https://myserver/git, it tries to redirect to http://localhost.my.company.domain.com/git/users/sign_in which does not exist.
When I use curl -k -L -vvv https://myserver/git I see that nginx redirects me to http://localhost/git/users/sign_in.
What am I missing?
Best Answer
The following was missing in
site-config: