gitlab支持https最简单方法

gitlab支持https方法

使用gitlab内部nginx直接支持https

通过外部nginx代理(本次使用的方法)

  访问流程外部nginx--->gitlab的gitlab_workhorse tcp端口

启动脚本

nginx['enable'] = false 关闭gitlab内部nginx,也可以不关直接用下面脚本

[root@xuliang gitlab]# cat run.sh
#!/bin/bash
docker run -itd --rm
--hostname dev-gitlab.xx.cn
-p 8181:8181
--env GITLAB_OMNIBUS_CONFIG="external_url 'https://dev-gitlab.xx.cn/'; gitlab_rails['lfs_enabled'] = true; letsencrypt['enable'] = false; nginx['enable'] = true; nginx['listen_https'] = false; nginx['listen_port'] = 80;nginx['http2_enabled'] = false; nginx['redirect_http_to_https'] = true;"
--name gitlab
-v /opt/gitlab/config:/etc/gitlab
-v /opt/gitlab/logs:/var/log/gitlab
-v /opt/gitlab/data:/var/opt/gitlab
--privileged=true
gitlab/gitlab-ce:latest

修改gitlab.rb文件

##### 使用gitlab_workhorse模式 ，修改为tcp使用8181端口

```
[root@xuliang gitlab]# cat config/gitlab.rb |grep -v ^#|grep -v ^$
gitlab_rails['gitlab_default_can_create_group'] = false
gitlab_workhorse['enable'] = true
gitlab_workhorse['listen_network'] = "tcp"
gitlab_workhorse['listen_addr'] = "0.0.0.0:8181"
nginx['proxy_set_headers'] = {
"X-Forwarded-Proto" => "http"
}

配置nginx代理

#### #nginx代理使用gitlab_workhorse tcp地址即可

```

server {
listen 80;
server_name dev-gitlab.xx.cn;
return 301 https://$host$request_uri;
}

server {
listen 443 ssl;
ssl_certificate ssl/xx-cn.crt;
ssl_certificate_key ssl/xx-cn.key;
client_max_body_size 0;
server_name dev-gitlab.xx.cn;
location / {
proxy_pass http://192.168.100.173:8181;
proxy_set_header Host $http_host;

sendfile off;
proxy_redirect http://192.168.100.173:8181 https://dev-gitlab.xx.cn;
proxy_http_version 1.1;

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_max_temp_file_size 0;

#this is the maximum upload size
client_max_body_size 1000m;
client_body_buffer_size 128k;

proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffering off;
proxy_request_buffering off; # Required for HTTP CLI commands in Jenkins > 2.54
proxy_set_header Connection ""; # Clear for keepalive

}
}
```