Carlo-Rodriguez
Carlo-Rodriguez

Reputation: 176

Configuring Gitlab through Apache with SSL

i want to use GitLab through apache with ssl. I followed this guide but i still get a 503 Service Unavailable message.

I have installed GitLab as described in the instruction from GitLab.

My gitlab.rb configuration looks like the file in the guide:

external_url 'https://domain:4443' nginx['ssl_certificate'] = "/etc/gitlab/tls/SignedCertificateBundle.crt" nginx['ssl_certificate_key'] = "/etc/gitlab/tls/SignedCertificate.key"

My virtual host:

<VirtualHost *:443>
    ServerName domain
    ServerAlias domain

    Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
    SSLEngine on
    SSLCertificateFile      /etc/gitlab/tls/SignedCertificate.crt
    SSLCertificateKeyFile   /etc/gitlab/tls/SignedCertificate.key
    SSLCACertificateFile    /etc/gitlab/tls/IntermediateCertificate.crt
    SSLCipherSuite          ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384

    <Proxy *>
            Order deny,allow
            Allow from all
    </Proxy>

    SSLProxyEngine on
    ProxyRequests Off
    ProxyPass / https://domain:4443/
    ProxyPassReverse / https://domain/

    Header edit Location ^http://domain/ https://domain/
    RequestHeader set X-Forwarded-Proto "https"

</VirtualHost>

Did i forget something?

Upvotes: 1

Views: 839

Answers (1)

Carlo-Rodriguez
Carlo-Rodriguez

Reputation: 176

i found a solution for my problem (maybe others struggling with the same thing)

My gitlab.rb config file:

external_url 'https://domain'
nginx['listen_address'] = 'localhost'
nginx['listen_port'] = 8888
nginx['listen_https'] = false

And my virtual host:

<VirtualHost *:443>
    ServerName domain
    ServerAlias domain
    ServerAdmin mail

    RequestHeader set Host "domain"
    RequestHeader add X-Forwarded-Ssl on
    RequestHeader set X-Forwarded-Proto "https"

    ProxyPreserveHost On
    ProxyPass / http://localhost:8888/
    ProxyPassReverse / http://localhost:8888/

    SSLEngine on
    SSLCertificateFile      /etc/gitlab/tls/SignedCertificate.crt
    SSLCertificateKeyFile   /etc/gitlab/tls/SignedCertificate.key
    SSLCACertificateFile    /etc/gitlab/tls/IntermediateCertificate.crt
    SSLCipherSuite          ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384
</VirtualHost>

For me GitLab is now working with TLS over apache

Upvotes: 1

Related Questions