使用SSL通过Apache配置Gitlab
我想通过apache和ssl使用GitLab。我遵循指南,但仍然收到一条503服务不可用的消息 我已经按照GitLab中的说明安装了GitLab 我的gitlab.rb配置与指南中的文件类似:使用SSL通过Apache配置Gitlab,apache,ssl,gitlab,Apache,Ssl,Gitlab,我想通过apache和ssl使用GitLab。我遵循指南,但仍然收到一条503服务不可用的消息 我已经按照GitLab中的说明安装了GitLab 我的gitlab.rb配置与指南中的文件类似: external\u url'https://domain:4443' nginx['ssl_certificate']=“/etc/gitlab/tls/SignedCertificateBundle.crt” nginx['ssl\u certificate\u key']=“/etc/gitlab/
external\u url'https://domain:4443'
nginx['ssl_certificate']=“/etc/gitlab/tls/SignedCertificateBundle.crt”
nginx['ssl\u certificate\u key']=“/etc/gitlab/tls/SignedCertificate.key”<VirtualHost *:443>
ServerName domain
ServerAlias domain
Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
SSLEngine on
SSLCertificateFile /etc/gitlab/tls/SignedCertificate.crt
SSLCertificateKeyFile /etc/gitlab/tls/SignedCertificate.key
SSLCACertificateFile /etc/gitlab/tls/IntermediateCertificate.crt
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
SSLProxyEngine on
ProxyRequests Off
ProxyPass / https://domain:4443/
ProxyPassReverse / https://domain/
Header edit Location ^http://domain/ https://domain/
RequestHeader set X-Forwarded-Proto "https"
</VirtualHost>
<VirtualHost *:443>
ServerName domain
ServerAlias domain
ServerAdmin mail
RequestHeader set Host "domain"
RequestHeader add X-Forwarded-Ssl on
RequestHeader set X-Forwarded-Proto "https"
ProxyPreserveHost On
ProxyPass / http://localhost:8888/
ProxyPassReverse / http://localhost:8888/
SSLEngine on
SSLCertificateFile /etc/gitlab/tls/SignedCertificate.crt
SSLCertificateKeyFile /etc/gitlab/tls/SignedCertificate.key
SSLCACertificateFile /etc/gitlab/tls/IntermediateCertificate.crt
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384
</VirtualHost>
服务器名域
服务器别名域
标头始终设置严格的传输安全性“最大年龄=31536000;包括子域
斯伦金安
SSLCertificateFile/etc/gitlab/tls/SignedCertificate.crt
SSLCertificateKeyFile/etc/gitlab/tls/SignedCertificate.key
SSLCACertificateFile/etc/gitlab/tls/IntermediateCertificate.crt
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384
命令拒绝,允许
通融
SSLProxyEngine打开
代理请求关闭
ProxyPass/https://domain:4443/
ProxyPassReverse/https://domain/
标题编辑位置^http://domain/ https://domain/
RequestHeader集合X-Forwarded-Proto“https”
我忘了什么吗?我找到了解决问题的办法(也许其他人也在为同样的事情而挣扎) 我的gitlab.rb配置文件:
external_url 'https://domain'
nginx['listen_address'] = 'localhost'
nginx['listen_port'] = 8888
nginx['listen_https'] = false
<VirtualHost *:443>
ServerName domain
ServerAlias domain
Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
SSLEngine on
SSLCertificateFile /etc/gitlab/tls/SignedCertificate.crt
SSLCertificateKeyFile /etc/gitlab/tls/SignedCertificate.key
SSLCACertificateFile /etc/gitlab/tls/IntermediateCertificate.crt
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
SSLProxyEngine on
ProxyRequests Off
ProxyPass / https://domain:4443/
ProxyPassReverse / https://domain/
Header edit Location ^http://domain/ https://domain/
RequestHeader set X-Forwarded-Proto "https"
</VirtualHost>
<VirtualHost *:443>
ServerName domain
ServerAlias domain
ServerAdmin mail
RequestHeader set Host "domain"
RequestHeader add X-Forwarded-Ssl on
RequestHeader set X-Forwarded-Proto "https"
ProxyPreserveHost On
ProxyPass / http://localhost:8888/
ProxyPassReverse / http://localhost:8888/
SSLEngine on
SSLCertificateFile /etc/gitlab/tls/SignedCertificate.crt
SSLCertificateKeyFile /etc/gitlab/tls/SignedCertificate.key
SSLCACertificateFile /etc/gitlab/tls/IntermediateCertificate.crt
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384
</VirtualHost>
服务器名域
服务器别名域
服务器管理邮件
RequestHeader设置主机“域”
RequestHeader在上添加X-Forwarded-Ssl
RequestHeader集合X-Forwarded-Proto“https”
代理主机
ProxyPass/http://localhost:8888/
ProxyPassReverse/http://localhost:8888/
斯伦金安
SSLCertificateFile/etc/gitlab/tls/SignedCertificate.crt
SSLCertificateKeyFile/etc/gitlab/tls/SignedCertificate.key
SSLCACertificateFile/etc/gitlab/tls/IntermediateCertificate.crt
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384