几天来我一直在忙于我所有未分配(!)https子域都转发到自托管gitlab的问题。我使用自己的Nginx Web服务器,在其中为gitlab设置了一条额外的路由。 http(!)子域控制和转发工作正常。
例如,如果我访问未分配的https(!)域:https://test.mydomain.ltd,将出现证书错误,该错误指向gitlab.mydomain.ltd。 (“证书名称gitlab.mydomain.ltd与输入不匹配”)
当我尝试使用它的http(http://test.mydomain.ltd)版本时,会出现应有的“ 403 Forbidden”错误消息。
启用网站的配置文件如下:
upstream gitlab-workhorse {
server unix:/var/opt/gitlab/gitlab-workhorse/socket fail_timeout=0;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name gitlab.mydomain.tld;
server_tokens off;
root /opt/gitlab/embedded/service/gitlab-rails/public;
ssl on;
ssl_certificate /etc/gitlab/ssl/gitlab.mydomain.tld.crt;
ssl_certificate_key /etc/gitlab/ssl/gitlab.mydomain.tld.key;
# GitLab needs backwards compatible ciphers to retain compatibility with Java IDEs
ssl_ciphers "xxx";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;
location / {
client_max_body_size 0;
gzip off;
## https://github.com/gitlabhq/gitlabhq/issues/694
## Some requests take more than 30 seconds.
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://gitlab-workhorse;
}
}
server {
listen 80;
listen [::]:80 ipv6only=on;
server_name gitlab.mydomain.tld;
server_tokens off;
return 301 https://$http_host$request_uri;
access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;
}
我还禁用了gitlab.rb文件中的nginx。
nginx[‘enable’] = false
感谢您的帮助。