To use Gitlab behind Apache2 as reverse proxy, just follow this little how-to. In our example we used Debian Jessie, but it should also work with other distributions like Ubuntu. Don’t forget to replace the placeholders with your own values!
Installing Gitlab
First you need to install Gitlab. Just follow the introductions on official page.
Reconfigure Gitlab
We need to run Gitlab as local webserver on a free port (e.g. 8888). Just add following lines to /etc/gitlab/gitlab.rb:
external_url 'https://{example.tld}' nginx['listen_address'] = 'localhost' nginx['listen_port'] = 8888 nginx['listen_https'] = false
Then rerun the reconfigure script:
gitlab-ctl reconfigure
Configuring Apache2
We need a pre-configured Apache2 installation, which supports ssl and listens to port 443 (default https-port). If you don’t have any clue, just search on web.
Creating site-configuration files
Configuration file for http
First we need to redirect all http requests to https. Just create a configuration file in following directory: /etc/apache2/sites-availabe/{example.tld}.conf
<VirtualHost {yourip}:80> ServerName {example.tld} ServerAdmin {mail@example.tld} ErrorLog /var/log/apache2/{example.tld}/error.log Redirect 301 / https://{example.tld}/ </VirtualHost>
Now just enable the new created site:
a2ensite {example.tld}
Configuration file for https
Now the main file which set a reverse proxy to the local Gitlab instance. Create a file in following directory: /etc/apache2/sites-availabe/{example.tld}_ssl.conf
<VirtualHost {yourip}:443> ServerName {example.tld} ServerAdmin {mail@example.tld} ErrorLog /var/log/apache2/{example.tld}/error.log RequestHeader set Host "{example.tld}" RequestHeader add X-Forwarded-Ssl on RequestHeader set X-Forwarded-For %<span class="pl-s1"><span class="pl-pse">{</span>REMOTE_ADDR<span class="pl-pse">}</span></span>e RequestHeader set X-Forwarded-Proto "https" ProxyPreserveHost On ProxyPass / http://localhost:8888/ ProxyPassReverse / http://localhost:8888/ SSLEngine On SSLCertificateFile /etc/gitlab/ssl/{example.tld}.pem SSLCertificateChainFile /etc/gitlab/ssl/{example.tld}.pem </VirtualHost>
Now just enable the new created site:
a2ensite {example.tld}_ssl
And also the needed headers module:
a2enmod headers
Adding Certificate
Don’t forget to add your certificate to the defined directory. In this example add your cert to: /etc/gitlab/ssl/{example.tld}.pem. The certificate should have the decrypted private key, public key and the intermediate certificate. If you don’t know how to create a .pem file or to get a certificate, just search in web.
Finally we just reload our Apache2 service (service restart is also possible):
service apache2 reload
You can also run Gitlab without ssl support. Because it’s not recommend, I’ll not show. If you know what you’re doing, it should be very easy for you to configure a reverse proxy without ssl (https).