GitLab 启用HTTPS

其实由于GitLab只负责监听本地socket文件,而web服务器采用了Nginx等。只需要在web server上做适当的配置即可。

下面是一个采用Nginx的例子,对GitLab安装指南下载的gitlab脚本文件做了适当的修改。

# GITLAB
# Maintainer: @randx
# App Version: 4.0

upstream gitlab {
  server unix:/home/gitlab/gitlab/tmp/sockets/gitlab.socket;
}

server {
  listen 443;
  ssl                  on;
  ssl_certificate      /etc/nginx/sites-available/server.crt;
  ssl_certificate_key  /etc/nginx/sites-available/server.key;

  server_name localhost;
  #Ubuntu1204-dell source.cml.com;    # e.g., server_name source.example.com;
  root /home/gitlab/gitlab/public;

 

  # individual nginx logs for this gitlab vhost
  access_log  /var/log/nginx/gitlab_access.log;
  error_log  /var/log/nginx/gitlab_error.log;

  location / {
    # serve static files from defined root folder;.
    # @gitlab is a named location for the upstream fallback, see below
    try_files $uri $uri/index.html $uri.html @gitlab;
  }

  # if a file, which is not found in the root folder is requested,
  # then the proxy pass the request to the upsteam (gitlab unicorn)
  location @gitlab {
    proxy_read_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
    proxy_connect_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
    proxy_redirect    off;

    proxy_set_header  X-Forwarded-Proto $scheme;
    proxy_set_header  Host              $http_host;
    proxy_set_header  X-Real-IP        $remote_addr;

    proxy_pass http://gitlab;
  }
}

注意 server { 下面的四行。

监听443端口,启用ssl,server.crt和server.key文件是参考Nginx的文档生成的。

最后proxy_pass http://gitlab 不能修改,不要改成https,否则不能工作。

现在试一下用https的方式check out 代码:

git clone https://....

报错,说证书校验有问题:

error: server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none

最简单的解决方法是加一个环境变量:

export GIT_SSL_NO_VERIFY=1

GitLab 的详细介绍:请点这里
GitLab 的下载地址:请点这里

相关推荐