Reputation: 176
i want to use GitLab through apache with ssl. I followed this guide but i still get a 503 Service Unavailable message.
I have installed GitLab as described in the instruction from GitLab.
My gitlab.rb configuration looks like the file in the guide:
external_url 'https://domain:4443'
nginx['ssl_certificate'] = "/etc/gitlab/tls/SignedCertificateBundle.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/tls/SignedCertificate.key"
My virtual host:
<VirtualHost *:443>
ServerName domain
ServerAlias domain
Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
SSLEngine on
SSLCertificateFile /etc/gitlab/tls/SignedCertificate.crt
SSLCertificateKeyFile /etc/gitlab/tls/SignedCertificate.key
SSLCACertificateFile /etc/gitlab/tls/IntermediateCertificate.crt
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
SSLProxyEngine on
ProxyRequests Off
ProxyPass / https://domain:4443/
ProxyPassReverse / https://domain/
Header edit Location ^http://domain/ https://domain/
RequestHeader set X-Forwarded-Proto "https"
</VirtualHost>
Did i forget something?
Upvotes: 1
Views: 839
Reputation: 176
i found a solution for my problem (maybe others struggling with the same thing)
My gitlab.rb config file:
external_url 'https://domain'
nginx['listen_address'] = 'localhost'
nginx['listen_port'] = 8888
nginx['listen_https'] = false
And my virtual host:
<VirtualHost *:443>
ServerName domain
ServerAlias domain
ServerAdmin mail
RequestHeader set Host "domain"
RequestHeader add X-Forwarded-Ssl on
RequestHeader set X-Forwarded-Proto "https"
ProxyPreserveHost On
ProxyPass / http://localhost:8888/
ProxyPassReverse / http://localhost:8888/
SSLEngine on
SSLCertificateFile /etc/gitlab/tls/SignedCertificate.crt
SSLCertificateKeyFile /etc/gitlab/tls/SignedCertificate.key
SSLCACertificateFile /etc/gitlab/tls/IntermediateCertificate.crt
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384
</VirtualHost>
For me GitLab is now working with TLS over apache
Upvotes: 1