我将自己的GitLab迁移到了新服务器。作为迁移的一部分,对一些存储库进行了重组。我们有一个网站直接链接到GitLab上的 raw 和 blob 文件。对于这些 raw 和 blob 文件,我想将所有HTTPS请求从旧URL重定向到新URL。
我将Gitlab Omnibus软件包与捆绑的nginx安装一起使用。我以对此问题的公认答案为基础:Gitlab Omnibus: how to redirect all requests to another domain,而后者又是指GitLab官方文档:https://docs.gitlab.com/omnibus/settings/nginx.html#inserting-custom-settings-into-the-nginx-config。
创建nginx配置目录,因为它尚不存在:
sudo mkdir -p /etc/nginx/conf.d/
创建/etc/nginx/conf.d/redirect.conf:
。
server {
server_name gitlab.itextsupport.com;
rewrite ^\/itext7\/samples\/(blob|raw)\/master\/(?!samples\/)(.*)$ https://$server_name/itext7/samples/$1/master/samples/$2 permanent;
}
在/etc/gitlab/gitlab.rb上编辑配置文件以添加以下行:
nginx['custom_nginx_config'] = "include /etc/nginx/conf.d/redirect.conf;"
重写nginx配置:
sudo gitlab-ctl reconfigure
重新启动捆绑的nginx:
sudo gitlab-ctl restart nginx
验证捆绑的nginx是否包含重定向文件:
sudo grep 'redirect.conf' /var/opt/gitlab/nginx/conf/nginx.conf
curl -I https://gitlab.itextsupport.com/itext/tutorial/blob/master/signatures/src/main/java/signatures/chapter4/C4_05_SignWithBEID.java
/samples被插入到/blob/master之后。我希望看到301重写为https://gitlab.itextsupport.com/itext/tutorial/blob/master/samples/signatures/src/main/java/signatures/chapter4/C4_05_SignWithBEID.java
在未修改的URL上确定200。
将此行添加到/var/opt/gitlab/nginx/conf/gitlab-http.conf并重新启动捆绑的nginx:
rewrite ^\/itext7\/samples\/(blob|raw)\/master\/(?!samples\/)(.*)$ https://$server_name/itext7/samples/$1/master/samples/$2 permanent;
通过这种方式,我已验证我的实际重写规则本身是正确的。
缺点:每次运行gitlab-ctl reconfigure时,该行将丢失。
要使URL重写按预期工作,我需要更改什么?没有丑陋的黑客?
运行sudo /opt/gitlab/embedded/sbin/nginx -p /var/opt/gitlab/nginx -T时,我看到两个server { }块。到目前为止,我的工作理论是nginx仅选择第一个服务器块,而忽略第二个服务器块。如果我能找到一种与配置文件/etc/gitlab/gitlab.rb兼容的方式来合并两个服务器块,那么我的问题很可能得到解决。
答案 0 :(得分:2)
好吧,答案似乎在gitlab.rb中盯着我。 nginx['custom_nginx_config']上方一行,nginx['custom_gitlab_server_config']。我将include语句放在此处,并删除了重写规则周围的server {}括号。在https://docs.gitlab.com/omnibus/settings/nginx.html#inserting-custom-nginx-settings-into-the-gitlab-server-block的GitLab文档中也对此进行了描述:
这会将定义的字符串插入
/var/opt/gitlab/nginx/conf/gitlab-http.conf服务器块的末尾。
这就是我所做的:
在/etc/gitlab/gitlab.rb中,注释掉nginx['custom_nginx_config']行并添加:
nginx['custom_gitlab_server_config'] = "include /etc/nginx/conf.d/redirect.conf;"
在/etc/nginx/conf.d/redirect.conf中,仅保留重写行:
rewrite ^\/itext7\/samples\/(blob|raw)\/master\/(?!samples\/)(.*)$ https://$server_name/itext7/samples/$1/master/samples/$2 permanent;
重新配置GitLab:
sudo gitlab-ctl reconfigure
重新启动nginx:
sudo gitlab-ctl restart nginx
验证nginx配置:
sudo /opt/gitlab/embedded/sbin/nginx -p /var/opt/gitlab/nginx -T | tail -n 20
。
nginx: the configuration file /var/opt/gitlab/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /var/opt/gitlab/nginx/conf/nginx.conf test is successful
include /etc/nginx/conf.d/redirect.conf;
}
# configuration file /etc/nginx/conf.d/redirect.conf:
rewrite ^\/itext7\/samples\/(blob|raw)\/master\/(?!samples\/)(.*)$ https://$server_name/itext7/samples/$1/master/samples/$2 permanent;
# configuration file /var/opt/gitlab/nginx/conf/nginx-status.conf:
server {
listen 127.0.0.1:8060;
server_name localhost;
location /nginx_status {
stub_status on;
server_tokens off;
access_log off;
allow 127.0.0.1;
deny all;
}
}
验证URL重写:
curl -I https://gitlab.itextsupport.com/itext/tutorial/blob/master/signatures/src/main/java/signatures/chapter4/C4_05_SignWithBEID.java
。
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 27 Sep 2018 11:32:23 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://gitlab.itextsupport.com/itext/tutorial/blob/master/samples/signatures/src/main/java/signatures/chapter4/C4_05_SignWithBEID.java
Strict-Transport-Security: max-age=31536000
我仍然好奇的一件事:
rewrite行在server{}块的外部处结束。rewrite行使用$server_name变量。$server_name变量在server{}块内 中定义。是由于nginx -T显示奇怪的包含语句而造成的视觉混乱吗? rewrite行是否确实在server{}块的内部 ,即使它似乎是外部?为什么事情经常不像看起来那样,为什么GitLab文档是用密封语言编写的? pond,这些思考可能永远没有答案。