A guide to configure GitLab using HTTPS under apache reverse proxy

Published by moxlotus on

It has been a while since my last blog entry, I have just spent a few hours migrating some web applications from my old server to the new server. While migrating the web applications, I realized that among all the applications, gitlab is the only one which is still using http. So I have decided to spend some time to upgrade the protocol from http to https. As the process is not really that smooth sailing, I have decided to document down the configurations that needs to be changed. This is a guide that follows my previously written article hosting gitlab using reverse proxy.

So first thing that you will need to edit is the gitlab.rb from /etc/gitlab
In the old guide, we were using

gitlab_git_http_server['listen_network'] = "tcp"
gitlab_git_http_server['listen_addr'] = "localhost:7000"

Since version 10, gitlab_git_http_server has been replaced by gitlab_workhorse. Official reference
You may want to change the above configure to the one below if you are using version 10 and above.

gitlab_workhorse['listen_network'] = "tcp"
gitlab_workhorse['listen_addr'] = "localhost:7000"

Next, update your external_url to use https at the front

 
external_url 'http://yourdomain.com'
external_url 'https://yourdomain.com'

Now we need to inform gitlab about by running


sudo gitlab-ctl reconfigure

If you ever run into the error user www-data is being used by process xxx(which is the process id of apache), you simply need stop your apache first. After running the above command, you may start up your apache.

Lastly we will need to set up vhost. Below is the configuration that I am using.


<IfModule mod_ssl.c>
<VirtualHost *:443>
    ProxyPreserveHost On
    ProxyPass "/" "http://127.0.0.1:8111/"
    ProxyPassReverse "/" "http://127.0.0.1:8111/"
    ServerName yourdomain.com
    SSLCertificateFile /path/to/your/ssl/cert
    SSLCertificateKeyFile /path/to/your/ssl/privatekey
    Include /etc/letsencrypt/options-ssl-apache.conf
    
    SSLProxyEngine on
    SSLProxyVerify none
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerName off 
    SSLProxyCheckPeerExpire off
    
    Header edit Location ^http://yourdomain.com/ https://yourdomain.com/
    RequestHeader set X-Forwarded-Proto "https"
</VirtualHost>
</IfModule>

As I am using Let's Encrypt(LE) for the SSL cert, that is why you will see Include /etc/letsencrypt/options-ssl-apache.conf which was inserted by LE.

Now restart your apache and enjoy your gitlab using https.

Share it with others
Categories: Tools
Tags:

0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

Related Posts

Tools

Integrating CUDA with Visual Studio 2017

Recently, I was tasked to speed up an algorithm using the CUDA framework. And I ran into issues getting the CUDA project to compile in the VS2017. After spending all the time searching all over Read more…

Network

Hosting your gitlab behind a reverse proxy server

Recently, I have decided to use a reverse proxy server to handle all the servers that I am hosting. This helps to mitigate the use of port number behind the url. e.g. http://mydomain:12345. Some of you, Read more…

Tools

A guide on setting up GitLab on Fedora 22

I believe that most developers should have heard of/used GitHub. One of the main issues with GitHub is the lack of private repository for free users(except for student account). In the event that one needs Read more…