external_url "https://gitlab.example.com"
# set listen port explicitly, required when using non-default port
# and port is not specified in external_url
nginx['listen_port'] = 8090
# disable https listener, since Apache is setup for SSL/TLS termination
nginx['listen_https'] = false
# technically optional, set proxy headers
nginx['proxy_set_headers'] = {
"X-Forwarded-Proto" => "http",
"X-Forwarded-Port" => "80"
}It is crucial that there is NO trailing slash after the IP/URI in proxy_pass http://172.16.44.8;! A trailing slash will break portions of GitLab.
server {
server_name git.example.com;
listen 443 http2 ssl;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://172.16.44.8;
}
}<VirtualHost *:80>
ServerName gitlab.example.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine On
RewriteCond %{SERVER_NAME} =gitlab.example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName gitlab.example.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ErrorDocument 503 /error/503.html
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://gitlab.int.example.com/ connectiontimeout=5 timeout=30 keepalive=on
ProxyPassReverse / http://gitlab.int.example.com/
RemoteIPHeader X-Forwarded-For
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>