Forwarding to GitLab Subdomain with Existing Nginx Installation

Question

I've been following the instructions from the GitLab wiki , however, it seems as if some key pieces of information are missing. In the section "Using a Non-Bundled Web Server" it never explains how I need to reconfigure my Nginx installation to reverse proxy over to GitLab.

Basically, I'd like to have GitLab installed under git.example.com, but I can't seem to find the configuration settings for my existing Nginx installation that'll do that. The wiki page goes on to talk about configuring an existing Passenger/Nginx installation, but I don't have Passenger, so I don't think that applies to my situation.

I suppose the easiest solution would be if there were a way to tell Gitlab to use it's built-in Nginx and just listen on an internal port, and then have my other Nginx forward to that port, but I can't seem to figure out how to configure Gitlab to handle that.

Any help would be greatly appreciated.

Answer 1

I got it working! So insanely excited!

So as I said, I was attempting to follow these instructions , but I wasn't getting anywhere, since it seemed to be lacking instructions on how to make your existing Nginx install link into Gitlab.

Well, further down on the page they have a more complete explanation for Using an Existing Passenger / Nginx Installation , and while at first that didn't seem like what I wanted, researching Passenger a bit made it clear that it wasn't a Ruby-only thing(their easily-found install instructions require you to install it as a ruby gem) and their instructions for Ubuntu installation allowed me to integrate it into my existing Nginx reasonably easily.

From there, it was just follow the steps in the wiki, although with a couple changes.

1. The Existing Passenger/Nginx Installation section fails to mention what the previous section on non-bundled Nginx install says, that you need to add www-data to the web_server['external_users'] line in the gitlab.rb file.
2. Since I reconfigured my Gitlab installation to remove the bundled Nginx before I ran it the first time, the nginx log file at /var/log/gitlab/nginx/gitlab_access.log was non-existent, and this caused an error when Nginx tried to start up, simply creating that blank file and giving it proper read/write access made it work like a charm.

I'm super psyched now, hope anyone who has as specific of a problem in the future comes across this, that Wiki should really be updated to simply remove/merge those two sections and explain/link to how to install Passenger into an existing Nginx installation. Would have saved me a lot of confusion and wasted time.

Answer 2

Run with existing Nginx server on Ubuntu

1. Install gitlab
2. Edit configuration file /etc/gitlab/gitlab.rb and uncomment or append following:
   • nginx['enable'] = false
   • unicorn['enable'] = false
   • gitlab_rails['internal_api_url'] = ' http://git.yourdomain.com '
   • web_server['external_users'] = ['www-data']
3. Start bundled postgres database server
   • sudo gitlab-ctl start postgresql
4. Reconfigure
   • sudo gitlab-ctl reconfigure
5. Add nginx configuration file for git lab to /etc/nginx/sites-available/gitlab-example.conf and enable it via sites-enabled
   • https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md#using-a-non-bundled-web-server
6. Enable passenger for nginx
   • https://www.phusionpassenger.com/library/install/nginx/install/oss/trusty
7. Restart nginx
   • sudo service nginx restart
8. Start redis
   • sudo gitlab-ctl start redis

Answer 3

Based on @cyberchis's answer i simplified the process, and I have got through the same setup twice. I hope that it also works for you.

1. Check the user of nginx

   1.1. Open nginx.conf with nano /etc/nginx/nginx.conf .

   1.2. Check the 1st. line user www-data; , and the user here is www-data .

2. Edit external_url of gitlab

   2.1. Open gitlab.rb with nano /etc/gitlab/gitlab.rb .

   2.2. Edit the line external_url 'GENERATED_EXTERNAL_URL' to external_url 'http://gitlab.yourdomain.com' .

   2.3. Uncomment and change the line nginx['enable'] = true to nginx['enable'] = false .

   2.4. Uncomment and change the line web_server['external_users'] = [] to web_server['external_users'] = ['www-data'] .

3. Add a configuration file for gitlab

   3.1. Download the gitlab-omnibus-nginx.conf from gitlab repository .

   3.2. Go to the directory where the file is, and copy this file to nginx with cp /directory-to-this-file/gitlab-omnibus-nginx.conf /etc/nginx/sites-enabled .

   3.3. Open this file with nano /etc/nginx/sites-enabled/gitlab-omnibus-nginx.conf .

   3.4. Change this line listen 0.0.0.0:80 default_server; to listen 0.0.0.0:7001; // gitlab runs on port 7001

   3.5. Change this line listen [::]:80 default_server; to listen [::]:7001; // gitlab runs on port 7001

   3.6. Change this line server_name YOURSERVER_FQDN to server_name www.yourdomain.com .

4. Configure nginx

   4.1. Open nginx.conf with nano /etc/nginx/nginx.conf .

   4.2. Add this configuration

http {

   ...
  
   server {
       listen 80;
       server_name gitlab.yourdomain.com;
       location / {
           proxy_pass http://127.0.0.1:7001;
       }
   }
}

5. Reconfigure gitlab and reload nginx

   5.1. sudo gitlab-ctl reconfigure

   5.2. sudo systemctl reload nginx

6. Configure firewall to export port 7001 ( Optional )

   Since the gitlab runs on my local server, therefore the port 7001 has to been allowed to reach from the outside. Easiest way to enable it is to run ufw allow 7001 .

Now the gitlab runs on your subdomain gitlab.yourdomain.com which you should access.

Answer 4

It took me a couple of days to get everything sorted out, so I wanted to share the steps it took to get it all working. This is how to install Nginx for a website and get it working with an existing gitlab repo (that uses a bundled version of Nginx). MY gitlab repo is on a subdomain of my website called 'repos'.

Open a terminal and install Nginx:

sudo apt-get update
sudo apt-get install nginx

Edit configuration file /etc/nginx/nginx.conf:

Find your user name, which you will need when configuring gitlab: In my case this was 'nginx':

user   nginx;

Add this line inside the http{ } block :

$include /etc/nginx/sites-enabled/*;

Example:

http{
    include  etc/nginx/mime.types;
    include  etc/nginx/sites-enabled/*;

    (more stuff...)
}

Edit configuration file /etc/gitlab/gitlab.rb:

Change this line:

external_url 'GENERATED_EXTERNAL_URL' 

To:

external_url 'http://www.example.com/repos'  // (whatever your server name is)  

Uncomment and change this line:

nginx['enable'] = true

To:

nginx['enable'] = false

Uncomment and change this line:

web_server['external_users'] = []    

To:

web_server['external_users'] = ['nginx']     // or whatever your nginx user is called, sometimes it's 'www-data'

Nginx needs a configuration file for gitlab:

On the GitLab recipes repository: https://gitlab.com/gitlab-org/gitlab-recipes/tree/master/web-server/nginx find 'gitlab-omnibus-nginx.conf'. Put that file in the folder /etc/nginx/sites-enabled (you may need to create the sites-enabled folder)

Edit configuration file /etc/nginx/sites-enabled/gitlab-omnibus-nginx.conf:

Change this line:

server_name YOUR_SERVER_FQDN

To:

server_name www.example.com/repos     // (or whatever your server name is)

You will need to change the port that gitlab is on so that the website and git server both work.

Change this line:

listen 0.0.0.0:80 default_server;

To:

listen 0.0.0.0:8081; 

Change this line:

listen [::]:80  default_server;

To:

listen [::]:8081;

Edit configuration file /etc/nginx/conf.d/default.conf:

Make this the default server:

listen    80 default_server;
server_name  localhost;

Add a second location for the gitlab repo and use proxy_pass to point to the port you put Gitlab on. I put my Gitlab in the sub-directory 'repos'. The number 127.0.0.1 means localhost (the same computer):

location / {
    root   /usr/share/nginx/html;
    index  index.html index.htm;
}
location /repos/ {
    proxy_pass http://127.0.0.1:8081;
}

Run these commands in the terminal:

sudo gitlab-ctl reconfigure
sudo service nginx restart

Your webserver and gitlab should now both be working and accessible online. Nginx will default to /usr/share/nginx/html when a user visits your webserver. There is a default .html file there. That is where you can put files for your website.

Answer 5

For those people for whom the listed answers did not work. My own answer was to edit nginx.conf and uncomment the include /etc/nginx/passenger.conf; line.

Its absense prevented nginx from doing anything with passenger.

Answer 6

The post of @fillky couldn't fully help me for my ubuntu 18.04 installation. These are my steps with which I've got Gitlab to work.

For Ubuntu 18.04 (http mode):

1. Install Gitlab (step 1 & 2 from https://about.gitlab.com/install/#ubuntu )

2. Edit configuration file /etc/gitlab/gitlab.rb and uncomment or append following (found here https://docs.gitlab.com/omnibus/settings/nginx.html#configuration ):

   nginx['enable'] = false

   unicorn['enable'] = false

   gitlab_rails['internal_api_url'] = ' http://gitlab.yourdomain.com '

   web_server['external_users'] = ['www-data']

3. Reconfigure Gitlab

   sudo gitlab-ctl reconfigure

4. Enable passenger for nginx (steps 1 to 3 from https://www.phusionpassenger.com/library/install/nginx/install/oss/bionic/ )

5. Reload nginx to check if everything still works. If not: google is your friend

   sudo nginx -s reload

6. Change your nginx configuration to support gitlab. Create a 'gitlab' file in /etc/nginx/sites-enabled with the contents from the Vhost step of the original documentation:

   https://docs.gitlab.com/omnibus/settings/nginx.html#vhost-server-block

7. Reload nginx, so the changes take effect

   sudo nginx -s reload

8. Install node.js (if not yet installed) as gitlab needs JavaScript execution

   sudo apt-get install node.js

9. Browse to your gitlab url. You should be prompted for a password for your root gitlab account. In the next step you'll be able to login with that account

That's all! If you want HTTPS enabled, do the following extra steps:

1. Change the 'external_url' in /etc/gitlab/gitlab.rb from http to https

2. Change the nginx config /etc/nginx/sites-enabled/gitlab to use ssl

   listen 0.0.0.0:443 ssl;
   listen [::]:443 ipv6only=on ssl; ssl on; ssl_certificate #link to your public ssl certificate ssl_certificate_key #link to your private ssl key ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 5m;

3. Reconfigure gitlab

   sudo gitlab-ctl reconfigure

4. Reload nginx

   sudo nginx -s reload