4

I've set up Gitlab on Ubuntu 12.04 using the default package from https://about.gitlab.com/downloads/

{edit to clarify}

I've set up Apache to proxy and run the nginx server the package installed on port 8888 (or so I thought).

As I had Apache installed already I have to run nginx on localhost:8888. The problem is, all images (such as avatars) are now served from http://localhost:8888, and all the checkout urls Gitlab gives are also localhost - instead of using my domain name.

If I change /etc/gitlab/gitlab.rb to use that url, then Gitlab stops working and gives a 503.

Any ideas how I can tell Gitlab what URL to present to the world, even though it's really running on localhost?

/etc/gitlab/gitlab.rb looks like:

# Change the external_url to the address your users will type in their browser
external_url 'http://my.local.domain'
redis['port'] = 6379
postgresql['port'] = 2345
unicorn['port'] = 3456

and /opt/gitlab/embedded/conf/nginx.conf looks like:

server {
        listen       localhost:8888;
        server_name  my.local.domain;

[Update]

It looks like nginx is still listening on the wrong port if I don't specify localhost:8888 as the external_url. I found this in /var/log/gitlab/nginx/error.log

2014/08/19 14:29:58 [emerg] 2526#0: bind() to 0.0.0.0:80 failed (98: Address already in use)
2014/08/19 14:29:58 [emerg] 2526#0: bind() to 0.0.0.0:80 failed (98: Address already in use)
2014/08/19 14:29:58 [emerg] 2526#0: bind() to 0.0.0.0:80 failed (98: Address already in use)
2014/08/19 14:29:58 [emerg] 2526#0: bind() to 0.0.0.0:80 failed (98: Address already in use)
2014/08/19 14:29:58 [emerg] 2526#0: bind() to 0.0.0.0:80 failed (98: Address already in use)
2014/08/19 14:29:58 [emerg] 2526#0: still could not bind()

Apache setup looks like:

<VirtualHost *:80>
  ServerName my.local.domain

  ServerSignature Off
  ProxyPreserveHost On

  AllowEncodedSlashes NoDecode

  <Location />
    ProxyPass http://localhost:8888/ 
    ProxyPassReverse http://127.0.0.1:8888
    ProxyPassReverse http://my.local.domain
  </Location>
</VirtualHost>

Which seems to proxy everything back ok if Gitlab listens on localhost:8888 - I just need Gitlab to start displaying the right URL, instead of localhost:8888.

Hippyjim
  • 191
  • 2
  • 6
  • 19
  • this is confusing the top says apache but you say nginx.. so is apache on port 80? `fuser 80/tcp` – Mike Aug 19 '14 at 13:44
  • Why aren't you just proxying using Apache? – gparent Aug 19 '14 at 13:45
  • Also the setting is in gitlab.yml as per the documentation, when you set the host: field. Make sure you're also sending proper proxying headers. – gparent Aug 19 '14 at 13:46
  • @gparent - I am. I've repeated what I said in the question to clarify. – Hippyjim Aug 19 '14 at 13:50
  • @mike - the question has now been updated to clarify - the server is a dev server with an existing apache setup. I wanted gitlab and it installed nginx so I'm having to proxy – Hippyjim Aug 19 '14 at 13:50
  • @gparent - I don't know what you mean by "in the documentation" - I've tried variations of using localhost:8888 and the real domain name...at the moment nothing works and nginx insists on trying to use port 80 – Hippyjim Aug 19 '14 at 13:51
  • thanks all for comments so far - I've posted my apache config to make things a bit clearer about what's going on – Hippyjim Aug 19 '14 at 14:03
  • thanks @gparent - making me look for gitlab.yml fixed the issue although at the top it tells me not to edit that file manually. making the changes directly in there did there trick though. Add an answer to that effect and I'll credit you for it. – Hippyjim Aug 19 '14 at 14:35
  • By "documentation" I mean various documents telling you how to configure gitlab. For instance, in the installation docs (https://github.com/gitlabhq/gitlabhq/blob/master/doc/install/installation.md), one can read that you're supposed to copy gitlab.yml.example and then edit it to replace "localhost" by the fully qualified domain name of your server. – gparent Aug 19 '14 at 14:52

7 Answers7

15

I'm quite sad no one has a clear answer for this it's cobbled between numerous other posts and some crafty conf editing. I've put it all in one place here for you folks, to save you the two hours I just wasted.

My setup is I have apache which hosts numerous sites and hosts HTTPS, which I configured as a reverse proxy pointing to gitlab. So I want my URL's that gitlab generates in the emails to point to apache's secure url. So to do this...

1: Edit your gitlab.rb file...

On CentOS 7 it's at /opt/gitlab/embedded/cookbooks/gitlab/libraries/gitlab.rb

and change the line...

external_url nil

to

external_url "http://<yoururl>:81"

2: Run gitlab-ctl reconfigure

Your nginx will now host on port 81, BUT your URLs that are emailed will look like "http://:81" and not your secure apache proxy. So to do this...

3: Edit the generated rails config file for gitlab

On CentOS 7 this is located at /var/opt/gitlab/gitlab-rails/etc/gitlab.yml

and change the line...

## Web server settings (note: host is the FQDN, do not include http://)
host: <yoururl>
port: 81
https: false

to

## Web server settings (note: host is the FQDN, do not include http://)
host: <yoururl>
port: 443
https: true

4: Restart gitlab with gitlab-ctl restart

Then just make sure nginx starts properly, if you need to, gitlab-ctl tail nginx and see what errors it spits out.

WARNING: If you run gitlab-ctl reconfigure again, you will need to make this edit again. I have searched high and low, and found no way to do this in a way that reconfigure deals with it nicely. It's a feature request someone can ask gitlab to add, should be pretty minor. An optional variable "actual_url" that when set is used for any generated URLs.

5: Profit! :)

Farley
  • 250
  • 1
  • 5
  • Great answer. Considering reconfigure uses the external_url value set in `/etc/gitlab/gitlab.rb` it really should use that to populate the yml config – Rob Dec 06 '14 at 01:11
  • @Rob: In my experience with the above example I did not set external_url in the gitlab.rb file because then it populates that value in other places and force-redirects you to that URL which is not externally valid. So yeah, no... – Farley Dec 07 '14 at 01:34
  • Is this already filed as an issue/change request/something like that with GitLab? – stuXnet Jan 13 '17 at 10:40
  • @stuXnet That's probably a good point, I never filed a bug, and there might be a way to fix this better (especially by now). The site I used to host described above we moved to a dedicated Gitlab server so is no longer needed for us – Farley Jan 15 '17 at 11:01
5

As per the documentation at Gitlab's github:

# Copy the example GitLab config
sudo -u git -H cp config/gitlab.yml.example config/gitlab.yml

# Make sure to change "localhost" to the fully-qualified domain name of your
# host serving GitLab where necessary

Make sure also that Apache is sending the appropriate proxy headers.

In this case the nginx configuration is irrelevant since you're using Apache to proxy. Simply remove it or turn it off.

gparent
  • 3,561
  • 2
  • 23
  • 28
  • Unfortunately as I installed the package from the URL in the question, I was discouraged from directly editing the config (and indeed at the next update I understand I'll need to tweak the settings again as they'll be overwritten by the ruby script that does the config) - but this answer sent me in the right direction so it gets +1. – Hippyjim Aug 19 '14 at 15:03
  • You cannot remove nginx, or you'll have to create a more elaborate config for apache also serving the static files from the /public directory of gitlab. – knutsel Aug 19 '14 at 15:04
  • Of course @ahmeij you need to configure whichever web server you choose. My point is that there's no hard requirement to have two, especially if one of your complaints is being unable to start it due to port conflict. – gparent Aug 19 '14 at 15:11
  • Also the real problem seems to be that you need to regenerate the gitlab config after changing `gitlab.rb` – gparent Aug 19 '14 at 15:16
  • Worked for me - just don't use reconfigure after making the change and remember to reset the setting if you need to in the future. – DilbertDave May 15 '15 at 08:37
  • @DilbertDave Hey, I wrote this answer a while ago - did you have to modify anything for it to work? I can revisit it if needed. – gparent May 15 '15 at 17:53
  • @gparent - I think just knowing that I was not going mad and that I could make that change and not run reconfigure was a big help. – DilbertDave May 16 '15 at 16:23
4

I finally followed this documentation which consists of disabling nginx and let your apache installation proxy gitlab, which makes more sense to me and anyways I had issues with some assets still loading from :8081 when trying to proxy through nginx proxy

http://ryansechrest.com/2015/08/use-apache-instead-of-built-in-nginx-in-gitlab-ce/

vi /etc/gitlab/gitlab.rb

Set your external URL

external_url 'http://mygitlab.web.site/'

Change www user and group

web_server['username'] = 'www-data'
web_server['group'] = 'www-data'

Disable nginx

nginx['enable'] = false

Set port for git server (at the end of file)

gitlab_git_http_server['listen_network'] = "tcp"
gitlab_git_http_server['listen_addr'] = "localhost:8282"

Reconfigure gitlab

gitlab-ctl reconfigure

Change your virtualhost configuration

<VirtualHost *:80>
  ServerName git.domain.com
  DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public

  ProxyPreserveHost On
  AllowEncodedSlashes Off

  <Location />
    Order deny,allow
    Allow from all
    ProxyPassReverse http://127.0.0.1:8080
    ProxyPassReverse http://git.domain.com/
  </Location>

  RewriteEngine on
  #Don't escape encoded characters in api requests
  RewriteCond %{REQUEST_URI} ^/api/v3/.*
  RewriteRule .* http://127.0.0.1:8080%{REQUEST_URI} [P,QSA,NE]

  #Forward all requests to gitlab-workhorse except existing files like error documents
  RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
  RewriteCond %{REQUEST_URI} ^/uploads/.*
  RewriteRule .* http://127.0.0.1:8282%{REQUEST_URI} [P,QSA]
</VirtualHost>

Restarts gitlab

gitlab-ctl restart
Yann Bizeul
  • 166
  • 3
2

I ran into this issue as well, though not due to an Apache proxy. My installation was a plain port forward from a host computer to a virtual machine. This solution should work for all methods of port forwarding and proxying. The only things that might change between OSes is the location of the Gitlab configuration files. I am using Debian 7.8 with Gitlab 7.8.4

Short Answer:

Make the following changes in /etc/gitlab/gitlab.rb:

  • Change external_url from 'http://gitlab.example.com/' to 'http://gitlab.example.com:8080'
  • Add nginx['custom_gitlab_server_config'] = "listen *:80;"

Final notes: - Gitlab's Nginx cannot run on :8080 on the "inside" machine (what the proxy/port forward points to)

Long Answer:

This includes more background info about my setup and the process of finding the solution

My setup:

  • computer.local: The host computer

    • Forwards port 8080 to computer-vm.local:80
    • Forwards port 2222 to computer-vm.local:22

  • computer-vm.local: A Debian virtual machine, where Gitlab and other software is installed. This VM does not use bridged networking, so any port accessible from the outside has to be forwarded from the host computer.

NOTE: I ran sudo gitlab-ctl reconfigure after each iteration of changing /etc/gitlab/gitlab.rb

Using the standard installation instructions found at their download page, the Gitlab instance was accessible at computer.local:8080. I proceeded to create accounts, but the email link that was sent used the URL http://computer-vm.local/users/confirmation?confirmation_token=..., which was inaccessible from any computer but the host machine. Changing external_url in /etc/gitlab/gitlab.rb from http://computer-vm.local to http://computer.local:8080 rendered Gitlab completely inaccessible. Navigating to http://computer-vm.local:8080 from the host yielded a "502: Gitlab is not responding error". After investigation, it seems that Unicorn was trying to listen on localhost:8080, so Nginx and Unicorn were fighting for the same port, with Nginx winning the battle but leaving Gitlab useless. Changing external_url to http://computer.local:8081 resolved the 502 error with Gitlab accessible at http://computer-vm.local:8081. But that's only one problem...

I needed Gitlab to advertise its URL as 'http://computer.local:8080' because of the port forward, which I didn't want to change. So, external_url got changed back to http://computer.local:8080. Looking in the Gitlab documentation about Nginx options here, there is no mention about how to change the Nginx port without changing the full Gitlab external URL (which was an option in previous versions). However, Gitlab lets the user pass arbitrary option to Nginx via the nginx['custom_gitlab_server_config'] option. I added the following to my /etc/gitlab/gitlab.rb file:

nginx['custom_gitlab_server_config'] = "listen *:80;"

After reconfiguring Gitlab, voila! Accessible from http://computer.local:8080, and includes the correct domain when sending password reset links and when showing git clone links.

I also had to change gitlab_rails['gitlab_shell_ssh_port'] from 22 to 2222 because of the port forwarding situation, but you may not have to.

My final /etc/gitlab/gitlab.rb:

external_url "computer.local:8080"
gitlab_rails['gitlab_shell_ssh_port'] = 2222
nginx['custom_gitlab_server_config'] = "listen *:80;"
gparent
  • 3,561
  • 2
  • 23
  • 28
computergeek125
  • 121
  • 5
1

I had the same issue, change

external_url 'http://my.local.domain'

to 

external_url 'http://my.local.domain:8888'

and regenerate the gitlab config, this will fix the nginx configuration. Apache proxy should fix the links so that the 8888 is stripped of again.

hope this helps, I ended up removing gitlab from the existing environment, going to spin up a clean vm for gitlab as it (in my opinion) does not play nice with existing setups.

knutsel
  • 136
  • 3
  • Agreed - it wants to sit on its own server. In the end my answer wasn't quite as simple. Editing the config file directly - despite dire warnings that the config ill be removed on updates - was the only solution. the install script couldn't cope with how I needed to set things up. – Hippyjim Aug 19 '14 at 15:05
0

Very Simple way to change defaults port number

run- gitlab-ctl stop

edit the file in centos or linux:- /var/opt/gitlab/nginx/conf/gitlab-http.conf

change listen *:80; to what you want Ex:- 90

then

Don't run the command- gitlab-ctl reconfigure

If gitlab-ctl reconfigure it configured gitlab by defaults and remove changes.

so only run- gitlab-ctl start

Rahul Jain
  • 71
  • 1
  • 1
0

For anyone else finding this, to support:

  • Running Nginx on a different port
  • Using a relative URL in GitLab

Given this sample ProxyPass configuration:

ProxyPass /gitlab http://localhost:81/gitlab
ProxyPassReverse /gitlab http://localhost:81/gitlab


Edit two parameters in gitlab.rb and reconfigure. Steps:

  1. Edit /etc/gitlab/gitlab.rb.
    Change: external_url 'http://my.local.domain/gitlab'
    To: external_url 'http://my.local.domain/'

  2. Edit /etc/gitlab/gitlab.rb
    Change: # nginx['listen_port'] = nil
    To: nginx['listen_port'] = 81

  3. Run command: gitlab-ctl reconfigure

Done.

Ronny Pettersen
  • 1