Installing GitLab on existing Apache Server for Ubuntu

Software · Posted on

GitLab works under built-in Nginx web server engine by default. Therefore, if you already have an existing web server, you may need some extra work to use both your existing websites and GitLab at the same time. The easiest way is to assign different ports on two different servers, but it may not be the good way because visitors have to remember the specified port every time they connect. The article presents the way to add GitLab on existing Apache server using reverse proxy approach.

Step 1: Install GitLab

To install GitLab, please type the following commands to install gitlab-ce:

sudo apt-get install curl openssh-server ca-certificates postfix
curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | sudo bash
sudo apt-get install gitlab-ce
sudo gitlab-ctl reconfigure

If this is the only and first website for your server, then you can just use it without any issues. However, if you already have an existing website, you will eventually find out that your existing website is replaced by GitLab you have just installed. If you have an existing Apache web server, please restart your Apache server by using the following command, and check your website again:

sudo service apache2 restart

The solution for the presented issue will be introduced in the following section.

Step 2: Modify GitLab configuration

The GitLab configuration file in Ubuntu is "/etc/gitlab/gitlab.rb". Type the following command to edit the configuration file:

sudo nano /etc/gitlab/gitlab.rb

Now, edit the following lines:

# Change GitLab port (any unused port is ok.)
external_url 'http://127.0.0.1:14500'

Save the file, and run the following command:

sudo gitlab-ctl reconfigure

Step 3: Configure Apache to use GitLab using reverse proxy

Before presenting the main entry, please make sure that you have a domain or subdomain url for applying on GitLab url. In this article, we assume that you have a url, "http://gitlabtest.yoursite.com/" for GitLab, as an example.

Now, please make sure proxy_http module is enabled on Apache engine. You can enable the module using the following command:

sudo a2enmod proxy_http

Please create an Apache site configuration for gitlab as follows:

cd /etc/apache2/sites-available/
sudo touch gitlab.conf
sudo nano gitlab.conf

Now, add the VirtualHost entry as follows:

<VirtualHost *:80>
  ServerName gitlab.yoursite.com

  ProxyRequests off
  ProxyPass / http://127.0.0.1:14500/
  ProxyPassReverse / http://127.0.0.1:14500/
</VirtualHost>

Now, enable the gitlab website configuration using the following command:

sudo a2ensite gitlab
sudo service apache2 restart

Step 4: Resolve an issue of displaying wrong repository url on GitLab

Because the actual GitLab is running under the bundled Nginx server, the repository url displayed on GitLab webpage may be wrong (i.e., http://127.0.0.1:14500/repo_url) and inaccessible from the actual client. You can resolve this issue by modifying the following configuration file:

sudo nano /opt/gitlab/embedded/service/gitlab-rails/config/gitlab.yml

Original configuration:

## Web server settings (note: host is the FQDN, do not include http://)
host: 127.0.0.1
port: 14500
https: false

Modify the configuration as follows:

## Web server settings (note: host is the FQDN, do not include http://)
host: gitlabtest.yoursite.com
port: 80
https: false

Now, restart gitlab using the following command:

sudo gitlab-ctl restart

You can now connect to GitLab using gitlabtest.yoursite.com through the Apache server. Please note that the configuration will reset to 127.0.0.1 if you use the command gitlab-ctl reconfigure. Therefore, you have to modify the setting again if you reconfigure GitLab.

Note 1: If you want to use https…

If you want to setup GitLab using https, you need some extra configurations. Assuming that you already have a valid certificate, key, and root ca, please follow the instruction below.

Modify GitLab settings

First, modify /etc/gitlab/gitlab.rb as follows:

# Change GitLab port (any unused port is ok.)
external_url 'https://127.0.0.1:14500'

...
################
# GitLab Nginx #
################
...
nginx['ssl_certificate'] = "/path/to/certificate.crt"
nginx['ssl_certificate_key'] = "/path/to/certificate_key.key"

Then, reconfigure GitLab by using the following command:

sudo gitlab-ctl reconfigure

Now, modify /opt/gitlab/embedded/service/gitlab-rails/config/gitlab.yml as follows:

## Web server settings (note: host is the FQDN, do not include http://)
host: gitlabtest.yoursite.com
port: 443
https: true

Finally, restart gitlab-ctl by typing the following command:

sudo gitlab-ctl restart

Modify Apache settings

To configure https reverse proxy on Apache, modify the /etc/apache2/sites-available/gitlab.conf on Apache as follows:

<VirtualHost *:80>
  ServerName gitlabtest.yoursite.com
  Redirect permanent / https://gitlabtest.yoursite.com/
</VirtualHost> 

<VirtualHost *:443>
  ServerName gitlabtest.yoursite.com

  # Certificate
  SSLEngine on
  SSLCertificateFile /path/to/certificate.crt
  SSLCertificateKeyFile /path/to/certificate_key.key
  SSLCertificateChainFile /path/to/certificate_ca.crt

  # Proxy
  SSLProxyEngine on
  SSLProxyVerify none
  SSLProxyCheckPeerCN off
  SSLProxyCheckPeerName off
  SSLProxyCheckPeerExpire off

  ProxyPass / https://127.0.0.1:14500/
  ProxyPassReverse / https://127.0.0.1:14500/
</VirtualHost>

Now, type the following command to restart Apache, and you can not use GitLab through https.

sudo service apache2 restart

Note 2: if you want to limit access by IP…

If you want to limit GitLab access by IP, add the following statement on gitlab.conf:

<Proxy *>
  Order Deny,Allow
  Deny from all
  Allow from your_ip_address
<Proxy>

Conclusion

As presented above, you can use GitLab with existing Apache server setting up reverse proxy on Apache and connect to bundled Nginx engine on GitLab. I think there may be other ways to configure Apache with GitLab, and the approach we presented is one of the way. Please let us know if there is a better way to configure it.

References

[1] forum.gitlab.com, "[SOLVED] Setting up Gitlab on Ubuntu 14.04 with Apache2 without owning a domain name," GitLab Forum, 27-Apr-2015. [Online]. Available: https://forum.gitlab.com/t/solved-setting-up-gitlab-on-ubuntu-14-04-with-apache2-without-owning-a-domain-name/679/2
[2] superuser.com, "js, and css not appearing after installing gitlab," Superuser, 19-Nov-2015. [Online]. Available: http://superuser.com/questions/1002827/js-and-css-not-appearing-after-installing-gitlab
[3] Goedecke, "Setup GitLab on Debian 7 with existing Apache WebServer," GitLab Forum, 17-Sep-2015. [Online]. Available: https://kevingoedecke.me/2015/09/17/setup-gitlab-on-debian-7-with-existing-apache-webserver/
[4] stackoverflow.com, "Gitlab in a subdirectory with apache and passenger," kevingoedecke.me, 29-Jul-2013. [Online]. Available: http://stackoverflow.com/questions/17924644/gitlab-in-a-subdirectory-with-apache-and-passenger
[5] Tully, "Running GitLab from a subdirectory on Apache," shanetully.com, 23-Aug-2012. [Online]. Available: https://shanetully.com/2012/08/running-gitlab-from-a-subdirectory-on-apache/
[6] redmine.org, "Redmine in a subdirectory," redmine.org, 03-Sep-2008. [Online]. Available: http://www.redmine.org/boards/2/topics/2244

Posted by chlee

12 Comments
  1. Brigida
    you have got a excellent weblog here! would you ljke to
    have invite posts on my site?
    • chlee
      Hello, Brigida.
      I checked your website, but I was unable to understand the meaning of "invite posts". I would appreciate if you give me the details of it. Thanks.
  2. da-chiller
    Hi,
    really perfect and helpful. Many thanks.

    One tiny note: There is a 'typo' in Step 3 (Now, add the VirtualHost entry as follows:). The closing 'VirtualHost' tag is missing a slash. Took me ~ 20mins ;)

    Thanks again
    • chlee
      I apologize for late reply. I updated my article as you and StewLG mentioned.
      Thank you for your comment. :)
  3. StewLG
    You neglected to close the first example using a <VirtualHost> tag. The final line should be "</VirtualHost>";
    • chlee
      Thank you for your feedback. I updated the article as you mentioned.
  4. Jochen Schultz
    I had to do some extra steps because the links in emails send by gitlab (e.g. for invitation) linked to 127.0.0.1:14500:

    so i had to modify /etc/gitlab/gitlab.rb

    gitlab_pages['listen_proxy'] = "gitlabtest.yoursite.com"

    sudo gitlab-ctl reconfigure

    and modify /opt/gitlab/embedded/service/gitlab-rails/config/gitlab.yml as follows:

    ## Web server settings (note: host is the FQDN, do not include http://)
    host: gitlabtest.yoursite.com
    # port: 443
    https: true

    Finally, restart gitlab-ctl by typing the following command:

    sudo gitlab-ctl restart

    I had to comment out the port because else the port was included in my links as well

    gitlabtest.yoursite.com:447/-/invites/sometoken

    Also when I configured email (i use smtp) I had to keep in mind that after the reconfigure I always have to change the

    /opt/gitlab/embedded/service/gitlab-rails/config/gitlab.yml as follows:

    ## Web server settings (note: host is the FQDN, do not include http://)
    host: gitlabtest.yoursite.com
    # port: 443
    ...
    • chlee
      Thank you for sharing your experience. :)
  5. Javi
    Thank you so much! If there is anyone having problems with the certificates (503) It can be solved setting letsencrypt['enable'] = false so Nginx wouldn't try to certificate 127.0.0.1. Again, thank you so much!
    • chlee
      Thank you for sharing a useful tip. :)
  6. captainjack42
    Hey,
    first of all excellent guide, this is pretty much exactly what i was looking for and how i thought that it should work, problem is it doesn't for me...
    My setup is the following:
    I have a raspberry pi running an owncloud server based on a apache 2.4 webserver.
    The pi is running on dietpi 7.3 (based on raspbian 10) if that matters.
    I also want the gitlab server to be reachable by a relative url (myurl.com/gitlab), but that should just be a matter of changing the '/' after ProxyPass and ProxyPassReverse to '/gitlab'
    The problem is the reverse proxy isn't working properly, with netstat -tlpn i can see that the nginx server is running on port 8181 (which is the one i've set it up to) and apache2 is running on ports 80 and 443, but when i go to myurl.com/gitlab it just says 404 not found. Does anyone maybe have an idea on how to fix that? Would really appreciate it
    Thanks
    /CaptainJack
    • chlee
      Usually a directory path of the backend server and reverse proxy server should be the same. I never tried this way, but I googled and found the following article:
      https://serverfault.com/questions/561892/how-to-handle-relative-urls-correctly-with-a-reverse-proxy
      I think rewriting subdirectory requests on apache server is necessary to do this. I hope you find a good solution for your settings.

Post a comment

Security Code