GitLab works under built-in Nginx web server engine by default. Therefore, if you already have an existing web server, you may need some extra work to use both your existing websites and GitLab at the same time. The easiest way is to assign different ports on two different servers, but it may not be the good way because visitors have to remember the specified port every time they connect. The article presents the way to add GitLab on existing Apache server using reverse proxy approach.
Step 1: Install GitLab
To install GitLab, please type the following commands to install gitlab-ce:
sudo apt-get install curl openssh-server ca-certificates postfix
curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | sudo bash
sudo apt-get install gitlab-ce
sudo gitlab-ctl reconfigure
If this is the only and first website for your server, then you can just use it without any issues. However, if you already have an existing website, you will eventually find out that your existing website is replaced by GitLab you have just installed. If you have an existing Apache web server, please restart your Apache server by using the following command, and check your website again:
sudo service apache2 restart
The solution for the presented issue will be introduced in the following section.
Step 2: Modify GitLab configuration
The GitLab configuration file in Ubuntu is "/etc/gitlab/gitlab.rb". Type the following command to edit the configuration file:
sudo nano /etc/gitlab/gitlab.rb
Now, edit the following lines:
# Change GitLab port (any unused port is ok.)
external_url 'http://127.0.0.1:14500'
Save the file, and run the following command:
sudo gitlab-ctl reconfigure
Step 3: Configure Apache to use GitLab using reverse proxy
Before presenting the main entry, please make sure that you have a domain or subdomain url for applying on GitLab url. In this article, we assume that you have a url, "http://gitlabtest.yoursite.com/" for GitLab, as an example.
Now, please make sure proxy_http module is enabled on Apache engine. You can enable the module using the following command:
sudo a2enmod proxy_http
Please create an Apache site configuration for gitlab as follows:
cd /etc/apache2/sites-available/
sudo touch gitlab.conf
sudo nano gitlab.conf
Now, add the VirtualHost entry as follows:
<VirtualHost *:80>
ServerName gitlab.yoursite.com
ProxyRequests off
ProxyPass / http://127.0.0.1:14500/
ProxyPassReverse / http://127.0.0.1:14500/
</VirtualHost>
Now, enable the gitlab website configuration using the following command:
sudo a2ensite gitlab
sudo service apache2 restart
Step 4: Resolve an issue of displaying wrong repository url on GitLab
Because the actual GitLab is running under the bundled Nginx server, the repository url displayed on GitLab webpage may be wrong (i.e., http://127.0.0.1:14500/repo_url) and inaccessible from the actual client. You can resolve this issue by modifying the following configuration file:
sudo nano /opt/gitlab/embedded/service/gitlab-rails/config/gitlab.yml
Original configuration:
## Web server settings (note: host is the FQDN, do not include http://)
host: 127.0.0.1
port: 14500
https: false
Modify the configuration as follows:
## Web server settings (note: host is the FQDN, do not include http://)
host: gitlabtest.yoursite.com
port: 80
https: false
Now, restart gitlab using the following command:
sudo gitlab-ctl restart
You can now connect to GitLab using gitlabtest.yoursite.com through the Apache server. Please note that the configuration will reset to 127.0.0.1 if you use the command gitlab-ctl reconfigure. Therefore, you have to modify the setting again if you reconfigure GitLab.
Note 1: If you want to use https…
If you want to setup GitLab using https, you need some extra configurations. Assuming that you already have a valid certificate, key, and root ca, please follow the instruction below.
Modify GitLab settings
First, modify /etc/gitlab/gitlab.rb as follows:
# Change GitLab port (any unused port is ok.)
external_url 'https://127.0.0.1:14500'
...
################
# GitLab Nginx #
################
...
nginx['ssl_certificate'] = "/path/to/certificate.crt"
nginx['ssl_certificate_key'] = "/path/to/certificate_key.key"
Then, reconfigure GitLab by using the following command:
sudo gitlab-ctl reconfigure
Now, modify /opt/gitlab/embedded/service/gitlab-rails/config/gitlab.yml as follows:
## Web server settings (note: host is the FQDN, do not include http://)
host: gitlabtest.yoursite.com
port: 443
https: true
Finally, restart gitlab-ctl by typing the following command:
sudo gitlab-ctl restart
Modify Apache settings
To configure https reverse proxy on Apache, modify the /etc/apache2/sites-available/gitlab.conf on Apache as follows:
<VirtualHost *:80>
ServerName gitlabtest.yoursite.com
Redirect permanent / https://gitlabtest.yoursite.com/
</VirtualHost>
<VirtualHost *:443>
ServerName gitlabtest.yoursite.com
# Certificate
SSLEngine on
SSLCertificateFile /path/to/certificate.crt
SSLCertificateKeyFile /path/to/certificate_key.key
SSLCertificateChainFile /path/to/certificate_ca.crt
# Proxy
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
ProxyPass / https://127.0.0.1:14500/
ProxyPassReverse / https://127.0.0.1:14500/
</VirtualHost>
Now, type the following command to restart Apache, and you can not use GitLab through https.
sudo service apache2 restart
Note 2: if you want to limit access by IP…
If you want to limit GitLab access by IP, add the following statement on gitlab.conf:
<Proxy *>
Order Deny,Allow
Deny from all
Allow from your_ip_address
<Proxy>
Conclusion
As presented above, you can use GitLab with existing Apache server setting up reverse proxy on Apache and connect to bundled Nginx engine on GitLab. I think there may be other ways to configure Apache with GitLab, and the approach we presented is one of the way. Please let us know if there is a better way to configure it.
References
[1] forum.gitlab.com, "[SOLVED] Setting up Gitlab on Ubuntu 14.04 with Apache2 without owning a domain name," GitLab Forum, 27-Apr-2015. [Online]. Available: https://forum.gitlab.com/t/solved-setting-up-gitlab-on-ubuntu-14-04-with-apache2-without-owning-a-domain-name/679/2
[2] superuser.com, "js, and css not appearing after installing gitlab," Superuser, 19-Nov-2015. [Online]. Available: http://superuser.com/questions/1002827/js-and-css-not-appearing-after-installing-gitlab
[3] Goedecke, "Setup GitLab on Debian 7 with existing Apache WebServer," GitLab Forum, 17-Sep-2015. [Online]. Available: https://kevingoedecke.me/2015/09/17/setup-gitlab-on-debian-7-with-existing-apache-webserver/
[4] stackoverflow.com, "Gitlab in a subdirectory with apache and passenger," kevingoedecke.me, 29-Jul-2013. [Online]. Available: http://stackoverflow.com/questions/17924644/gitlab-in-a-subdirectory-with-apache-and-passenger
[5] Tully, "Running GitLab from a subdirectory on Apache," shanetully.com, 23-Aug-2012. [Online]. Available: https://shanetully.com/2012/08/running-gitlab-from-a-subdirectory-on-apache/
[6] redmine.org, "Redmine in a subdirectory," redmine.org, 03-Sep-2008. [Online]. Available: http://www.redmine.org/boards/2/topics/2244
12 Comments
have invite posts on my site?
I checked your website, but I was unable to understand the meaning of "invite posts". I would appreciate if you give me the details of it. Thanks.
really perfect and helpful. Many thanks.
One tiny note: There is a 'typo' in Step 3 (Now, add the VirtualHost entry as follows:). The closing 'VirtualHost' tag is missing a slash. Took me ~ 20mins ;)
Thanks again
Thank you for your comment. :)
so i had to modify /etc/gitlab/gitlab.rb
gitlab_pages['listen_proxy'] = "gitlabtest.yoursite.com"
sudo gitlab-ctl reconfigure
and modify /opt/gitlab/embedded/service/gitlab-rails/config/gitlab.yml as follows:
## Web server settings (note: host is the FQDN, do not include http://)
host: gitlabtest.yoursite.com
# port: 443
https: true
Finally, restart gitlab-ctl by typing the following command:
sudo gitlab-ctl restart
I had to comment out the port because else the port was included in my links as well
gitlabtest.yoursite.com:447/-/invites/sometoken
Also when I configured email (i use smtp) I had to keep in mind that after the reconfigure I always have to change the
/opt/gitlab/embedded/service/gitlab-rails/config/gitlab.yml as follows:
## Web server settings (note: host is the FQDN, do not include http://)
host: gitlabtest.yoursite.com
# port: 443
...
first of all excellent guide, this is pretty much exactly what i was looking for and how i thought that it should work, problem is it doesn't for me...
My setup is the following:
I have a raspberry pi running an owncloud server based on a apache 2.4 webserver.
The pi is running on dietpi 7.3 (based on raspbian 10) if that matters.
I also want the gitlab server to be reachable by a relative url (myurl.com/gitlab), but that should just be a matter of changing the '/' after ProxyPass and ProxyPassReverse to '/gitlab'
The problem is the reverse proxy isn't working properly, with netstat -tlpn i can see that the nginx server is running on port 8181 (which is the one i've set it up to) and apache2 is running on ports 80 and 443, but when i go to myurl.com/gitlab it just says 404 not found. Does anyone maybe have an idea on how to fix that? Would really appreciate it
Thanks
/CaptainJack
https://serverfault.com/questions/561892/how-to-handle-relative-urls-correctly-with-a-reverse-proxy
I think rewriting subdirectory requests on apache server is necessary to do this. I hope you find a good solution for your settings.