typora/note/devops/gitlab/gitlab 使用外部 nginx.md

/etc/gitlab/gitlab.rb

gitlab_rails['trusted_proxies'] = ['192.168.110.0/24']
web_server['external_users'] = ['www-data']
nginx['enable'] = false

gitlab.conf

upstream gitlab {
  server unix:/var/opt/gitlab/gitlab-workhorse/sockets/socket;
}

server {
	listen *:8443;
	listen [::]:8443;
	server_name igit.heysq.com;
	server_tokens off;
	root /opt/gitlab/embedded/service/gitlab-rails/public;
	client_max_body_size 250m;
	access_log  /var/log/gitlab/gitlab_access.log;
  error_log    /var/log/gitlab/gitlab_error.log;
  
  location / {
    # serve static files from defined root folder;.
    # @gitlab is a named location for the upstream fallback, see below
    try_files $uri $uri/index.html $uri.html @gitlab;
  }
  
  location @gitlab {
    # If you use https make sure you disable gzip compression 
    # to be safe against BREACH attack
 
    proxy_read_timeout 300; # Some requests take more than 30 seconds.
    proxy_connect_timeout 300; # Some requests take more than 30 seconds.
    proxy_redirect     off;
 
    proxy_set_header   X-Forwarded-Proto $scheme;
    proxy_set_header   Host              $http_host;
    proxy_set_header   X-Real-IP         $remote_addr;
    proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
    proxy_set_header   X-Frame-Options   SAMEORIGIN;
 
    proxy_pass http://gitlab;
  }
  
  location ~ ^/(assets)/  {
    root /opt/gitlab/embedded/service/gitlab-rails/public;
    # gzip_static on; # to serve pre-gzipped version
    expires max;
    add_header Cache-Control public;
  }
 
  error_page 502 /502.html;
}