stackoom
  简体   繁体   中英

Using GitLab behind nginx enabled basic_auth?

 原文  2013-04-15 19:09:40       nginx/ basic-authentication/ gitlab

Question

I've successfully installed GitLab for management of private repositories (it's quite awesome!).

The problem I am having is by default, Gitlab login is presented when anyone hits my subdomain. I would like to protect the entire area with a basic_auth layer before the user gets the GitLab login screen. Unfortunately, this breaks my ability to push/pull from GitLab when it's enabled.

my nginx config to enable basic_auth: 

  auth_basic            "Restricted";
  auth_basic_user_file  htpasswd;

Any ideas on how I can enable basic_auth without breaking git / gitlab functionality?

3 answers

solution1
 7  2015-04-02 13:53:21

Add this to /etc/gitlab/gitlab.rb : 

nginx['custom_gitlab_server_config'] = "auth_basic 'Restricted';\n  auth_basic_user_file htpasswd;\n"

And run gitlab-ctl reconfigure

solution2
 2  2013-09-09 03:18:13

Kind of a hack at the moment but give this is a shot.

Edit your nginx site configuration to add / modify the following locations 

location ^~ /api/v3/internal/allowed {
    proxy_read_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
    proxy_connect_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
    proxy_redirect     off;

    proxy_set_header   X-Forwarded-Proto $scheme;
    proxy_set_header   Host              $http_host;
    proxy_set_header   X-Real-IP         $remote_addr;

    proxy_pass http://gitlab;}

location / {
    auth_basic "Gitlab Restricted Access";
    auth_basic_user_file  /home/git/gitlab/htpasswd.users;
    # serve static files from defined root folder;.
    # @gitlab is a named location for the upstream fallback, see below
    try_files $uri $uri/index.html $uri.html @gitlab;
}

Leaving your @gitlab location block as is.

The trick is you let /api/v3/internal/allowd bypass the authentication. If you look at the logs when you do an git pull / push a request is made to the server whether or not to allow it. And on the standard nginx config with htpasswd that request would be blocked because the server has no idea about the authentication required.

Anyway not sure if there's a better alternative (couldn't find any) but this seems to work for me.

solution3
 0  2015-02-03 12:27:48

Your issue is that you want set a password restriction for public access to GitLab, but let Gitlab-Shell access the local GitLab instance without restriction.

You can have 2 nginx configurations depending on the IP interface. Change the line listen 0.0.0.0:80 default_server to listen 127.0.0.1:80 default_server .

https://github.com/gitlabhq/gitlabhq/blob/v7.7.2/lib/support/nginx/gitlab#L37-38

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Nginx basic_auth nginx: restrict access to everything with basic_auth except for a specific page How to restrict access by NGINX basic_auth for every URL except one URL? How do you use basic_auth for all but one route using Laravel Forge Django Rest Framework with basic auth + bearer token behind Nginx Elasticsearch basic auth with nginx Nginx Basic Auth and subfolders nginx auth_basic nginx and auth_basic Nginx Basic Auth not Working
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM