Show https url in gitlab behind load balancer

I am running gitlab behind a load balancer that handles my SSL. I have gitlab running as non SSL and load balancing manages https connections. my question is, how can I get the repository path under Activity to show https instead of http? Users might be confused when it shows http, but the correct url is https.

+3


source to share


2 answers


I could not find a "perfect" solution, but I did, I installed external_url

in the config file gitlab.rb

for HTTPS and added the following lines to the nginx ( /var/opt/gitlab/nginx/conf

) config manually

location / {
  ...

  proxy_set_header    Host                $http_host;
  proxy_set_header    X-Real-IP           $remote_addr;
  proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
  proxy_set_header    X-Forwarded-Proto   https;
  proxy_set_header    X-Forwarded-Ssl     on;
  proxy_set_header    X-Url-Scheme        https;

  ...
}

      



After restarting Gitlab with gitlab-ctl restart

everything worked for me. Keep in mind that the next time gitlab-ctl reconfigure

these changes will be lost.

I currently don't know how to add the desired nginx config directly to the config gitlab.rb

.

+1


source


Here's how to do it docs: ssl proxy support .

From the docs:

By default, NGINX will automatically detect whether to use SSL if the external_url contains https: //. If you are using GitLab behind a reverse proxy, you can stop using SSL on another proxy or load balancer. To do this, make sure external_url contains https: // and apply the following configuration to gitlab.rb:



nginx['listen_port'] = 80
nginx['listen_https'] = false
nginx['proxy_set_headers'] = {
  "X-Forwarded-Proto" => "https",
  "X-Forwarded-Ssl" => "on"
}

      

I also added proxy headers in my nginx server block:

location / {
  proxy_pass http://...;
  proxy_set_header Host $http_host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded_Proto $scheme;
  proxy_set_header X-Forwarded-Protocol $scheme;
  proxy_set_header X-Url-Scheme $scheme;
  proxy_set_header X-Forwarded-Ssl on;
}

      

+1


source







All Articles