{"id":152,"date":"2018-01-14T06:25:18","date_gmt":"2018-01-13T22:25:18","guid":{"rendered":"https:\/\/codestrian.com\/?p=152"},"modified":"2018-07-02T10:33:47","modified_gmt":"2018-07-02T02:33:47","slug":"a-guide-to-configure-gitlab-using-https-under-apache-reverse-proxy","status":"publish","type":"post","link":"https:\/\/codestrian.com\/index.php\/2018\/01\/14\/a-guide-to-configure-gitlab-using-https-under-apache-reverse-proxy\/","title":{"rendered":"A guide to configure GitLab using HTTPS under apache reverse proxy"},"content":{"rendered":"<p>It has been a while since my last blog entry, I have just spent a few hours migrating some web applications from my old server to the new server. While migrating the web applications, I realized that among all the applications, gitlab is the only one which is still using http. So I have decided to spend some time to upgrade the protocol from http to https. As the process is not really that smooth sailing, I have decided to document down the configurations that needs to be changed. This is a guide that follows my previously written article <a href=\"https:\/\/codestrian.com\/index.php\/2016\/10\/01\/hosting-your-gitlab-behind-a-reverse-proxy-server\/\">hosting gitlab using reverse proxy<\/a>.<\/p>\n<p>So first thing that you will need to edit is the <em>gitlab.rb<\/em> from <em>\/etc\/gitlab<\/em><br \/>\nIn the old guide, we were using<\/p>\n<pre><code>gitlab_git_http_server['listen_network'] = \"tcp\"\ngitlab_git_http_server['listen_addr'] = \"localhost:7000\"<\/code><\/pre>\n<p>Since version 10, gitlab_git_http_server has been replaced by gitlab_workhorse. <a href=\"https:\/\/about.gitlab.com\/2017\/09\/22\/gitlab-10-0-released\/#gitlab-git-http-server-configuration-support-removed\">Official reference<\/a><br \/>\nYou may want to change the above configure to the one below if you are using version 10 and above.<\/p>\n<pre><code>gitlab_workhorse['listen_network'] = \"tcp\"\ngitlab_workhorse['listen_addr'] = \"localhost:7000\"<\/code><\/pre>\n<p>Next, update your external_url to use https at the front<\/p>\n<pre><code> \n<del>external_url 'http:\/\/yourdomain.com'<\/del>\nexternal_url 'https:\/\/yourdomain.com'\n<\/code><\/pre>\n<p>Now we need to inform gitlab about by running<\/p>\n<pre><code>\nsudo gitlab-ctl reconfigure\n<\/code><\/pre>\n<p>If you ever run into the error user www-data is being used by process xxx(which is the process id of apache), you simply need stop your apache first. After running the above command, you may start up your apache.<\/p>\n<p>Lastly we will need to set up vhost. Below is the configuration that I am using.<\/p>\n<pre><code>\n&lt;IfModule mod_ssl.c&gt;\n&lt;VirtualHost *:443&gt;\n    ProxyPreserveHost On\n    ProxyPass \"\/\" \"http:\/\/127.0.0.1:8111\/\"\n    ProxyPassReverse \"\/\" \"http:\/\/127.0.0.1:8111\/\"\n    ServerName yourdomain.com\n    SSLCertificateFile \/path\/to\/your\/ssl\/cert\n    SSLCertificateKeyFile \/path\/to\/your\/ssl\/privatekey\n    Include \/etc\/letsencrypt\/options-ssl-apache.conf\n    \n    SSLProxyEngine on\n    SSLProxyVerify none\n    SSLProxyCheckPeerCN off\n    SSLProxyCheckPeerName off \n    SSLProxyCheckPeerExpire off\n    \n    Header edit Location ^http:\/\/yourdomain.com\/ https:\/\/yourdomain.com\/\n    RequestHeader set X-Forwarded-Proto \"https\"\n&lt;\/VirtualHost&gt;\n&lt;\/IfModule&gt;\n<\/code><\/pre>\n<p>As I am using Let's Encrypt(LE) for the SSL cert, that is why you will see <strong>Include \/etc\/letsencrypt\/options-ssl-apache.conf<\/strong> which was inserted by LE.<\/p>\n<p>Now restart your apache and enjoy your gitlab using https.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>It has been a while since my last blog entry, I have just spent a few hours migrating some web applications from my old server to the new server. While migrating the web applications, I realized that among all the applications, gitlab is the only one which is still using [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[13],"_links":{"self":[{"href":"https:\/\/codestrian.com\/index.php\/wp-json\/wp\/v2\/posts\/152"}],"collection":[{"href":"https:\/\/codestrian.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/codestrian.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/codestrian.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/codestrian.com\/index.php\/wp-json\/wp\/v2\/comments?post=152"}],"version-history":[{"count":7,"href":"https:\/\/codestrian.com\/index.php\/wp-json\/wp\/v2\/posts\/152\/revisions"}],"predecessor-version":[{"id":295,"href":"https:\/\/codestrian.com\/index.php\/wp-json\/wp\/v2\/posts\/152\/revisions\/295"}],"wp:attachment":[{"href":"https:\/\/codestrian.com\/index.php\/wp-json\/wp\/v2\/media?parent=152"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/codestrian.com\/index.php\/wp-json\/wp\/v2\/categories?post=152"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/codestrian.com\/index.php\/wp-json\/wp\/v2\/tags?post=152"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}