GitLab for Nginx

1. GitLab 설정

gitlab.rb 설정파일 수정

/etc/gitlab/gitlab.rb

nginx 비활성화

nginx['enable'] = false

사용자 설정

web_server['external_users'] = ['www-data']

설정 반영

sudo gitlab-ctl reconfigure
sudo gitlab-ctl restart

2. Nginx 설정

# gitlab.pjh87.co.kr
upstream gitlab-workhorse {
  server unix://var/opt/gitlab/gitlab-workhorse/sockets/socket fail_timeout=0;
}

## Redirects all HTTP traffic to the HTTPS host
server {
	listen 80;
	listen [::]:80;
	server_name gitlab.pjh87.co.kr; ## Replace this with something like gitlab.example.com
	server_tokens off; ## Don't show the nginx version number, a security best practice
	return 301 https://$http_host$request_uri;
	access_log  /var/log/nginx/gitlab_access.log;
	error_log   /var/log/nginx/gitlab_error.log;
}


server {
	listen [::]:443 ssl; # managed by Certbot
	listen 443 ssl; # managed by Certbot

	root /opt/gitlab/embedded/service/gitlab-rails/public;
	index index.html;
	server_name gitlab.pjh87.co.kr;
	server_tokens off;
	location / {
		client_max_body_size 0;
		gzip off;

		proxy_read_timeout      300;
		proxy_connect_timeout   300;
		proxy_redirect          off;

		proxy_http_version 1.1;

		proxy_set_header    Host                $http_host;
		proxy_set_header    X-Real-IP           $remote_addr;
		proxy_set_header    X-Forwarded-Ssl     on;
		proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
		proxy_set_header    X-Forwarded-Proto   $scheme;
		proxy_pass http://gitlab-workhorse;
	}


	ssl on;
	ssl_certificate /etc/letsencrypt/live/gitlab.pjh87.co.kr/fullchain.pem; # managed by Certbot
	ssl_certificate_key /etc/letsencrypt/live/gitlab.pjh87.co.kr/privkey.pem; # managed by Certbot

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_session_cache shared:SSL:10m;

	include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot		
}