以下是我的域名的nginx配置文件:
# This file is managed by gitlab-ctl. Manual changes will be
# erased! To change the contents below, edit /etc/gitlab/gitlab.rb
# and run `sudo gitlab-ctl reconfigure`.
## GitLab
## Modified from https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/support/nginx/gitlab-ssl & https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/support/nginx/gitlab
##
## Lines starting with two hashes (##) are comments with information.
## Lines starting with one hash (#) are configuration parameters that can be uncommented.
##
##################################
## CHUNKED TRANSFER ##
##################################
##
## It is a known issue that Git-over-HTTP requires chunked transfer encoding [0]
## which is not supported by Nginx < 1.3.9 [1]. As a result, pushing a large object
## with Git (i.e. a single large file) can lead to a 411 error. In theory you can get
## around this by tweaking this configuration file and either:
## - installing an old version of Nginx with the chunkin module [2] compiled in, or
## - using a newer version of Nginx.
##
## At the time of writing we do not know if either of these theoretical solutions works.
## As a workaround users can use Git over SSH to push large files.
##
## [0] https://git.kernel.org/cgit/git/git.git/tree/Documentation/technical/http-protocol.txt#n99
## [1] https://github.com/agentzh/chunkin-nginx-module#status
## [2] https://github.com/agentzh/chunkin-nginx-module
##
###################################
## configuration ##
###################################
upstream gitlab-workhorse {
server unix:/var/opt/gitlab/gitlab-workhorse/socket;
}
## Redirects all HTTP traffic to the HTTPS host
server {
listen 0.0.0.0:80;
server_name example.com;
server_tokens off; ## Don't show the nginx version number, a security best practice
location / {
return 301 https://domain:443$request_uri;
}
access_log /var/log/gitlab/nginx/gitlab_access.log;
error_log /var/log/gitlab/nginx/gitlab_error.log;
}
server {
listen 0.0.0.0:443 ssl http2;
server_name example.com;
server_tokens off; ## Don't show the nginx version number, a security best practice
## Increase this if you want to upload large attachments
## Or if you want to accept large git objects over http
client_max_body_size 0;
## Strong SSL Security
## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/
ssl on;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
# GitLab needs backwards compatible ciphers to retain compatibility with Java IDEs
ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4';
ssl_protocols TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_session_timeout 5m;
## Real IP Module Config
## http://nginx.org/en/docs/http/ngx_http_realip_module.html
## HSTS Config
## https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/
add_header Strict-Transport-Security "max-age=31536000";
## Individual nginx logs for this GitLab vhost
access_log /var/log/gitlab/nginx/gitlab_access.log;
error_log /var/log/gitlab/nginx/gitlab_error.log;
if ($http_host = "") {
set $http_host_with_default "example.com";
}
if ($http_host != "") {
set $http_host_with_default $http_host;
}
## If you use HTTPS make sure you disable gzip compression
## to be safe against BREACH attack.
gzip off;
## https://github.com/gitlabhq/gitlabhq/issues/694
## Some requests take more than 30 seconds.
proxy_read_timeout 3600;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Host $http_host_with_default;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Ssl on;
location ~ /gitlab/(\.git/gitlab-lfs/objects|\.git/info/lfs/objects/batch$) {
proxy_cache off;
proxy_pass http://gitlab-workhorse;
proxy_request_buffering off;
}
location /gitlab/ {
proxy_cache off;
proxy_pass http://gitlab-workhorse;
}
location /gitlab/assets/ {
proxy_cache off;
proxy_pass http://gitlab-workhorse;
}
error_page 404 /gitlab/404.html;
error_page 422 /gitlab/422.html;
error_page 500 /gitlab/500.html;
error_page 502 /gitlab/502.html;
location ~ ^/gitlab/(404|422|500|502)(-custom)?\.html$ {
root /opt/gitlab/embedded/service/gitlab-rails/public;
internal;
}
## PERSONAL CHANGE ######################################################################################################################
location / {
# return 301 https://example.com:443/gitlab;
proxy_pass https://example.com/gitlab/;
proxy_set_header X-Real-IP $remote_addr;
}
location /beta {
proxy_pass http://example.com:8080;
resolver 8.8.8.8 ipv6=off;
}
}
正如您所看到的,我使用了原始gitlab的nginx文件并且效果很好。我只有一台服务器,因为我没有子域名。所以要分开我使用的网站&#34; example.com/website"这里是example.com/gitlab和example.com/beta 然而,该网站&#34; beta&#34;实际上是在同一台服务器上的VM内部,我们曾经通过端口访问它:8080。但由于它没有SSL,浏览器不喜欢它 所以我弄清楚为什么不在我的主服务器上使用proxy_pass这个网站,但是当我尝试访问https://example.com/beta时,我收到502错误Bad Gateway(请注意,网站&#39; beta&#39;仅限HTTP)。这个网站是一个Django网站,我不知道它是否有任何影响 我真的不知道它为什么不能使用这种配置。
目前: