I'm trying to install GitLab Omnibus on Debian 10. Nginx already serve website on this server so I need to disable the gitlab bundled Nginx instance.
I've followed the steps documented to disable Nginx and puma, but whenever I try to access it from its subdomain, I'm redirected to the main domain and it returns a 502 "Whoops, GitLab is taking too much time to respond."
I've spent two days on this issue, search for any related issue but didn't find relevant solution.
Here is my diff-config:
external_url 'https://git.domain.com'
puma['enable'] = false
web_server['external_users'] = ['www-data']
nginx['enable'] = false
nginx['redirect_http_to_https'] = true
nginx['redirect_http_to_https_port'] = 443
alertmanager['flags'] = {
'cluster.advertise-address' => "127.0.0.1:9093"
}
alertmanager conf has been modified because it couldn't run without this modification
When I run gitlab-ctl status, everything seems fine:
run: alertmanager: (pid 11318) 13175s; run: log: (pid 18017) 148461s
run: crond: (pid 9970) 13261s; run: log: (pid 16679) 96331s
run: gitaly: (pid 9979) 13260s; run: log: (pid 17341) 148669s
run: gitlab-exporter: (pid 10033) 13258s; run: log: (pid 17929) 148479s
run: gitlab-workhorse: (pid 10044) 13257s; run: log: (pid 17741) 148517s
run: grafana: (pid 10054) 13257s; run: log: (pid 19406) 148356s
run: logrotate: (pid 3922) 2456s; run: log: (pid 17815) 148500s
run: node-exporter: (pid 10092) 13256s; run: log: (pid 17910) 148485s
run: postgres-exporter: (pid 10099) 13256s; run: log: (pid 18134) 148453s
run: postgresql: (pid 10121) 13255s; run: log: (pid 17480) 148656s
run: prometheus: (pid 10134) 13255s; run: log: (pid 17988) 148467s
run: redis: (pid 10146) 13254s; run: log: (pid 17291) 148678s
run: redis-exporter: (pid 10159) 13254s; run: log: (pid 17960) 148473s
run: sidekiq: (pid 10555) 13215s; run: log: (pid 17701) 148524s
And here is my Nginx config, mostly copied from the official repository(path for log, certificates and domain modified):
upstream gitlab-workhorse {
server unix:/var/opt/gitlab/gitlab-workhorse/sockets/socket fail_timeout=0;
}
server {
listen 0.0.0.0:80;
listen [::]:80 ipv6only=on;# default_server;
server_name git.domain.com;
server_tokens off;
return 301 https://$http_host$request_uri;
access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;
}
server {
listen 0.0.0.0:443 ssl;
listen [::]:443 ipv6only=on ssl;
server_name git.domain.com;
server_tokens off;
return 301 https://$http_host$request_uri;
access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;
}
server {
listen 0.0.0.0:443 ssl;
listen [::]:443 ipv6only=on ssl;
server_name git.domain.com;
server_tokens off;
root /opt/gitlab/embedded/service/gitlab-rails/public;
ssl on;
ssl_certificate /etc/gitlab/ssl/git.domain.com.crt;
ssl_certificate_key /etc/gitlab/ssl/git.domain.com.key;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:$
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;
location / {
client_max_body_size 0;
gzip off;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://gitlab-workhorse;
}
}