Installing GitLab on existing Apache Server for Ubuntu

GitLab works under built-in Nginx web server engine by default. Therefore, if you already have an existing web server, you may need some extra work to use both your existing websites and GitLab at the same time. The easiest way is to assign different ports on two different servers, but it may not be the good way because visitors have to remember the specified port every time they connect. The article presents the way to add GitLab on existing Apache server using reverse proxy approach.

Step 1: Install GitLab

To install GitLab, please type the following commands to install gitlab-ce:

sudo apt-get install curl openssh-server ca-certificates postfix
curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | sudo bash
sudo apt-get install gitlab-ce
sudo gitlab-ctl reconfigure

If this is the only and first website for your server, then you can just use it without any issues. However, if you already have an existing website, you will eventually find out that your existing website is replaced by GitLab you have just installed. If you have an existing Apache web server, please restart your Apache server by using the following command, and check your website again:

sudo service apache2 restart

The solution for the presented issue will be introduced in the following section.

Step 2: Modify GitLab configuration

The GitLab configuration file in Ubuntu is "/etc/gitlab/gitlab.rb". Type the following command to edit the configuration file:

sudo nano /etc/gitlab/gitlab.rb

Now, edit the following lines:

# Change GitLab port (any unused port is ok.)
external_url 'http://127.0.0.1:14500'

Save the file, and run the following command:

sudo gitlab-ctl reconfigure

Step 3: Configure Apache to use GitLab using reverse proxy

Before presenting the main entry, please make sure that you have a domain or subdomain url for applying on GitLab url. In this article, we assume that you have a url, "http://gitlabtest.yoursite.com/" for GitLab, as an example.

Now, please make sure proxy_http module is enabled on Apache engine. You can enable the module using the following command:

sudo a2enmod proxy_http

Please create an Apache site configuration for gitlab as follows:

cd /etc/apache2/sites-available/
sudo touch gitlab.conf
sudo nano gitlab.conf

Now, add the VirtualHost entry as follows:

<VirtualHost *:80>
  ServerName gitlab.yoursite.com

  ProxyRequests off
  ProxyPass / http://127.0.0.1:14500
  ProxyPassReverse / http://127.0.0.1:14500
</VirtualHost>

Now, enable the gitlab website configuration using the following command:

sudo a2ensite gitlab
sudo service apache2 restart

Step 4: Resolve an issue of displaying wrong repository url on GitLab

Because the actual GitLab is running under the bundled Nginx server, the repository url displayed on GitLab webpage may be wrong (i.e., http://127.0.0.1:14500/repo_url) and inaccessible from the actual client. You can resolve this issue by modifying the following configuration file:

sudo nano /opt/gitlab/embedded/service/gitlab-rails/config/gitlab.yml

Original configuration:

## Web server settings (note: host is the FQDN, do not include http://)
host: 127.0.0.1
port: 14500
https: false

Modify the configuration as follows:

## Web server settings (note: host is the FQDN, do not include http://)
host: gitlabtest.yoursite.com
port: 80
https: false

Now, restart gitlab using the following command:

sudo gitlab-ctl restart

You can now connect to GitLab using gitlabtest.yoursite.com through the Apache server. Please note that the configuration will reset to 127.0.0.1 if you use the command gitlab-ctl reconfigure. Therefore, you have to modify the setting again if you reconfigure GitLab.

Note 1: If you want to use https…

If you want to setup GitLab using https, you need some extra configurations. Assuming that you already have a valid certificate, key, and root ca, please follow the instruction below.

Modify GitLab settings

First, modify /etc/gitlab/gitlab.rb as follows:

# Change GitLab port (any unused port is ok.)
external_url 'https://127.0.0.1:14500'

...
################
# GitLab Nginx #
################
...
nginx['ssl_certificate'] = "/path/to/certificate.crt"
nginx['ssl_certificate_key'] = "/path/to/certificate_key.key"

Then, reconfigure GitLab by using the following command:

sudo gitlab-ctl reconfigure

Now, modify /opt/gitlab/embedded/service/gitlab-rails/config/gitlab.yml as follows:

## Web server settings (note: host is the FQDN, do not include http://)
host: gitlabtest.yoursite.com
port: 443
https: true

Finally, restart gitlab-ctl by typing the following command:

sudo gitlab-ctl restart

Modify Apache settings

To configure https reverse proxy on Apache, modify the /etc/apache2/sites-available/gitlab.conf on Apache as follows:

<VirtualHost *:80>
  ServerName gitlabtest.yoursite.com
  Redirect permanent / https://gitlabtest.yoursite.com/
</VirtualHost> 

<VirtualHost *:443>
  ServerName gitlabtest.yoursite.com

  # Certificate
  SSLEngine on
  SSLCertificateFile /path/to/certificate.crt
  SSLCertificateKeyFile /path/to/certificate_key.key
  SSLCertificateChainFile /path/to/certificate_ca.crt

  # Proxy
  SSLProxyEngine on
  SSLProxyVerify none
  SSLProxyCheckPeerCN off
  SSLProxyCheckPeerName off
  SSLProxyCheckPeerExpire off

  ProxyPass / https://127.0.0.1:14500/
  ProxyPassReverse / https://127.0.0.1:14500/
</VirtualHost>

Now, type the following command to restart Apache, and you can not use GitLab through https.

sudo service apache2 restart

Note 2: if you want to limit access by IP…

If you want to limit GitLab access by IP, add the following statement on gitlab.conf:

<Proxy *>
  Order Deny,Allow
  Deny from all
  Allow from your_ip_address
<Proxy>

Conclusion

As presented above, you can use GitLab with existing Apache server setting up reverse proxy on Apache and connect to bundled Nginx engine on GitLab. I think there may be other ways to configure Apache with GitLab, and the approach we presented is one of the way. Please let us know if there is a better way to configure it.

References

[1] forum.gitlab.com, "[SOLVED] Setting up Gitlab on Ubuntu 14.04 with Apache2 without owning a domain name," GitLab Forum, 27-Apr-2015. [Online]. Available: https://forum.gitlab.com/t/solved-setting-up-gitlab-on-ubuntu-14-04-with-apache2-without-owning-a-domain-name/679/2
[2] superuser.com, "js, and css not appearing after installing gitlab," Superuser, 19-Nov-2015. [Online]. Available: http://superuser.com/questions/1002827/js-and-css-not-appearing-after-installing-gitlab
[3] Goedecke, "Setup GitLab on Debian 7 with existing Apache WebServer," GitLab Forum, 17-Sep-2015. [Online]. Available: https://kevingoedecke.me/2015/09/17/setup-gitlab-on-debian-7-with-existing-apache-webserver/
[4] stackoverflow.com, "Gitlab in a subdirectory with apache and passenger," kevingoedecke.me, 29-Jul-2013. [Online]. Available: http://stackoverflow.com/questions/17924644/gitlab-in-a-subdirectory-with-apache-and-passenger
[5] Tully, "Running GitLab from a subdirectory on Apache," shanetully.com, 23-Aug-2012. [Online]. Available: https://shanetully.com/2012/08/running-gitlab-from-a-subdirectory-on-apache/
[6] redmine.org, "Redmine in a subdirectory," redmine.org, 03-Sep-2008. [Online]. Available: http://www.redmine.org/boards/2/topics/2244