by chlee
Software, Posted on 2017-01-15 11:28:03
GitLab works under built-in Nginx web server engine by default. Therefore, if you already have an existing web server, you may need some extra work to use both your existing websites and GitLab at the same time. The easiest way is to assign different ports on two different servers, but it may not be the good way because visitors have to remember the specified port every time they connect. The article presents the way to add GitLab on existing Apache server using reverse proxy approach.
To install GitLab, please type the following commands to install gitlab-ce:
sudo apt-get install curl openssh-server ca-certificates postfix
curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | sudo bash
sudo apt-get install gitlab-ce
sudo gitlab-ctl reconfigure
If this is the only and first website for your server, then you can just use it without any issues. However, if you already have an existing website, you will eventually find out that your existing website is replaced by GitLab you have just installed. If you have an existing Apache web server, please restart your Apache server by using the following command, and check your website again:
sudo service apache2 restart
The solution for the presented issue will be introduced in the following section.
The GitLab configuration file in Ubuntu is "/etc/gitlab/gitlab.rb". Type the following command to edit the configuration file:
sudo nano /etc/gitlab/gitlab.rb
Now, edit the following lines:
# Change GitLab port (any unused port is ok.)
external_url 'http://127.0.0.1:14500'
Save the file, and run the following command:
sudo gitlab-ctl reconfigure
Before presenting the main entry, please make sure that you have a domain or subdomain url for applying on GitLab url. In this article, we assume that you have a url, "http://gitlabtest.yoursite.com/" for GitLab, as an example.
Now, please make sure proxy_http module is enabled on Apache engine. You can enable the module using the following command:
sudo a2enmod proxy_http
Please create an Apache site configuration for gitlab as follows:
cd /etc/apache2/sites-available/
sudo touch gitlab.conf
sudo nano gitlab.conf
Now, add the VirtualHost entry as follows:
<VirtualHost *:80>
ServerName gitlab.yoursite.com
ProxyRequests off
ProxyPass / http://127.0.0.1:14500
ProxyPassReverse / http://127.0.0.1:14500
</VirtualHost>
Now, enable the gitlab website configuration using the following command:
sudo a2ensite gitlab
sudo service apache2 restart
Because the actual GitLab is running under the bundled Nginx server, the repository url displayed on GitLab webpage may be wrong (i.e., http://127.0.0.1:14500/repo_url) and inaccessible from the actual client. You can resolve this issue by modifying the following configuration file:
sudo nano /opt/gitlab/embedded/service/gitlab-rails/config/gitlab.yml
Original configuration:
## Web server settings (note: host is the FQDN, do not include http://)
host: 127.0.0.1
port: 14500
https: false
Modify the configuration as follows:
## Web server settings (note: host is the FQDN, do not include http://)
host: gitlabtest.yoursite.com
port: 80
https: false
Now, restart gitlab using the following command:
sudo gitlab-ctl restart
You can now connect to GitLab using gitlabtest.yoursite.com through the Apache server. Please note that the configuration will reset to 127.0.0.1 if you use the command gitlab-ctl reconfigure. Therefore, you have to modify the setting again if you reconfigure GitLab.
If you want to setup GitLab using https, you need some extra configurations. Assuming that you already have a valid certificate, key, and root ca, please follow the instruction below.
Modify GitLab settings
First, modify /etc/gitlab/gitlab.rb as follows:
# Change GitLab port (any unused port is ok.)
external_url 'https://127.0.0.1:14500'
...
################
# GitLab Nginx #
################
...
nginx['ssl_certificate'] = "/path/to/certificate.crt"
nginx['ssl_certificate_key'] = "/path/to/certificate_key.key"
Then, reconfigure GitLab by using the following command:
sudo gitlab-ctl reconfigure
Now, modify /opt/gitlab/embedded/service/gitlab-rails/config/gitlab.yml as follows:
## Web server settings (note: host is the FQDN, do not include http://)
host: gitlabtest.yoursite.com
port: 443
https: true
Finally, restart gitlab-ctl by typing the following command:
sudo gitlab-ctl restart
Modify Apache settings
To configure https reverse proxy on Apache, modify the /etc/apache2/sites-available/gitlab.conf on Apache as follows:
<VirtualHost *:80>
ServerName gitlabtest.yoursite.com
Redirect permanent / https://gitlabtest.yoursite.com/
</VirtualHost>
<VirtualHost *:443>
ServerName gitlabtest.yoursite.com
# Certificate
SSLEngine on
SSLCertificateFile /path/to/certificate.crt
SSLCertificateKeyFile /path/to/certificate_key.key
SSLCertificateChainFile /path/to/certificate_ca.crt
# Proxy
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
ProxyPass / https://127.0.0.1:14500/
ProxyPassReverse / https://127.0.0.1:14500/
</VirtualHost>
Now, type the following command to restart Apache, and you can not use GitLab through https.
sudo service apache2 restart
If you want to limit GitLab access by IP, add the following statement on gitlab.conf:
<Proxy *>
Order Deny,Allow
Deny from all
Allow from your_ip_address
<Proxy>
As presented above, you can use GitLab with existing Apache server setting up reverse proxy on Apache and connect to bundled Nginx engine on GitLab. I think there may be other ways to configure Apache with GitLab, and the approach we presented is one of the way. Please let us know if there is a better way to configure it.
[1] forum.gitlab.com, "[SOLVED] Setting up Gitlab on Ubuntu 14.04 with Apache2 without owning a domain name," GitLab Forum, 27-Apr-2015. [Online]. Available: https://forum.gitlab.com/t/solved-setting-up-gitlab-on-ubuntu-14-04-with-apache2-without-owning-a-domain-name/679/2
[2] superuser.com, "js, and css not appearing after installing gitlab," Superuser, 19-Nov-2015. [Online]. Available: http://superuser.com/questions/1002827/js-and-css-not-appearing-after-installing-gitlab
[3] Goedecke, "Setup GitLab on Debian 7 with existing Apache WebServer," GitLab Forum, 17-Sep-2015. [Online]. Available: https://kevingoedecke.me/2015/09/17/setup-gitlab-on-debian-7-with-existing-apache-webserver/
[4] stackoverflow.com, "Gitlab in a subdirectory with apache and passenger," kevingoedecke.me, 29-Jul-2013. [Online]. Available: http://stackoverflow.com/questions/17924644/gitlab-in-a-subdirectory-with-apache-and-passenger
[5] Tully, "Running GitLab from a subdirectory on Apache," shanetully.com, 23-Aug-2012. [Online]. Available: https://shanetully.com/2012/08/running-gitlab-from-a-subdirectory-on-apache/
[6] redmine.org, "Redmine in a subdirectory," redmine.org, 03-Sep-2008. [Online]. Available: http://www.redmine.org/boards/2/topics/2244
you have got a excellent weblog here! would you ljke to
have invite posts on my site?
Hello, Brigida.
I checked your website, but I was unable to understand the meaning of "invite posts". I would appreciate if you give me the details of it. Thanks.
Hi,
really perfect and helpful. Many thanks.
One tiny note: There is a 'typo' in Step 3 (Now, add the VirtualHost entry as follows:). The closing 'VirtualHost' tag is missing a slash. Took me ~ 20mins ;)
Thanks again
I apologize for late reply. I updated my article as you and StewLG mentioned.
Thank you for your comment. :)
You neglected to close the first example using a <VirtualHost> tag. The final line should be "</VirtualHost>";
Thank you for your feedback. I updated the article as you mentioned.
I had to do some extra steps because the links in emails send by gitlab (e.g. for invitation) linked to 127.0.0.1:14500:
so i had to modify /etc/gitlab/gitlab.rb
gitlab_pages['listen_proxy'] = "gitlabtest.yoursite.com"
sudo gitlab-ctl reconfigure
and modify /opt/gitlab/embedded/service/gitlab-rails/config/gitlab.yml as follows:
## Web server settings (note: host is the FQDN, do not include http://)
host: gitlabtest.yoursite.com
# port: 443
https: true
Finally, restart gitlab-ctl by typing the following command:
sudo gitlab-ctl restart
I had to comment out the port because else the port was included in my links as well
gitlabtest.yoursite.com:447/-/invites/sometoken
Also when I configured email (i use smtp) I had to keep in mind that after the reconfigure I always have to change the
/opt/gitlab/embedded/service/gitlab-rails/config/gitlab.yml as follows:
## Web server settings (note: host is the FQDN, do not include http://)
host: gitlabtest.yoursite.com
# port: 443
...
Thank you for sharing your experience. :)