I have Gitlab hosted in docker on my homelab linux virtual machine. As an entrypoint I have Opnsense with Haproxy plugin installed. So HAproxy answer to all external connections and pass traffic to internal resources. All of these resources work just find. The only exception is Gitlab. I have read almost all docs I could find and in the past finally made it work. I configured Gitlab's nginx to work in proxy mode (#nginx['proxy_protocol'] = true in gitlab.rb) and set Proxy Type 2 in HAproxy. Several days ago I moved my Gitlab instance to another server. All settings was the same but for some reason Gitlab doesn't work. Could you point me the direction?
Nginx log in proxy mode:
2023/12/14 14:41:50 [error] 1060#0: *255 broken header: "yue{.HAPROXYSSLCHK
HAPROXYSSLCHK while reading PROXY protocol, client: 192.168.1.100, server: 0.0.0.0:443
gitlab.rb:
external_url 'https://gitlab.<MY_DOMAIN>'
nginx['proxy_protocol'] = true
letsencrypt['enable'] = false
nginx['real_ip_trusted_addresses'] = [ '192.168.1.0/24', '127.0.0.0/8' ]
nginx['real_ip_header'] = 'X-Forwarded-For'
nginx['real_ip_recursive'] = 'on'
nginx['referrer_policy'] = 'same-origin'
gitlab_rails['trusted_proxies'] = ['192.168.1.1/24', '172.20.0.1/24']
Nginx access log without proxy mode:
192.168.1.100 - - [14/Dec/2023:15:21:55 +0000] "- -" 400 150 "" "-" -
192.168.1.100 - - [14/Dec/2023:15:21:57 +0000] "- -" 400 150 "" "-" -
I tried to configure Gitlab's nginx to work in non-proxy mode. Same result. I could open it locally but HAproxy can't connect to it. I suppose that reason could be in HTTP-headers.
I tried this in gitlab.rb:
nginx['proxy_set_headers'] = {
"X-Forwarded-Proto" => "http",
"Host" => "gitlab.<MY_DOMAIN>",
"X-Forwarded-Ssl" => "on",
"Host" => "gitlab.<MY_DOMAIN>",
"X-Real-IP" => "$remote_addr",
"X-Forwarded-For" => "$proxy_add_x_forwarded_for",
"Upgrade" => "$http_upgrade",
"Connection" => "$connection_upgrade"
}
It also didn't work.