Hello I have installed Gitlab using this
https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/README.md#installation
Now I want to use nginx to serve another content other than gitlab application
how can I do this
Where are the config files that I need to modify
How can I point a directory like /var/www so that nginx knows that is the root for another app.
Update(forgot to mention I'm running this under Red Hat 6.5, Debian/Ubuntu solution welcome)
Here I am using
- gitlab.example.com to serve gitlab.example.com over https.
- example.com over http to serve another content other than gitlab application.
Gitlab installed from deb package is using chef to provision ngnix, so you have to modify chef recipies and add new vhost template into chef cookbooks directory
You can find all chef cookbooks here:
/opt/gitlab/embedded/cookbooks/gitlab/
open
/opt/gitlab/embedded/cookbooks/gitlab/recipes/nginx.rb
change:
nginx_vars = node['gitlab']['nginx'].to_hash.merge({
:gitlab_http_config => File.join(nginx_etc_dir, "gitlab-http.conf"),
})
to:
nginx_vars = node['gitlab']['nginx'].to_hash.merge({
:gitlab_http_config => File.join(nginx_etc_dir, "gitlab-http.conf"),
:examplecom_http_config => File.join(nginx_etc_dir, "examplecom-http.conf"),
})
add this to the same file:
template nginx_vars[:examplecom_http_config] do
source "nginx-examplecom-http.conf.erb"
owner "root"
group "root"
mode "0644"
variables(nginx_vars.merge(
{
:fqdn => "example.com",
:port => 80,
}
))
notifies :restart, 'service[nginx]' if OmnibusHelper.should_notify?("nginx")
end
then in template directory(/opt/gitlab/embedded/cookbooks/gitlab/templates/default), create nginx vhost template file( nginx-examplecom-http.conf.erb) and add this there:
server {
listen <%= #listen_address %>:<%= #port %>;
server_name <%= #fqdn %>;
root /var/www/example.com;
access_log <%= #log_directory %>/examplecom_access.log;
error_log <%= #log_directory %>/examplecom_error.log;
location /var/www/example.com {
# serve static files from defined root folder;.
# #gitlab is a named location for the upstream fallback, see below
try_files $uri $uri/index.html $uri.html;
}
error_page 502 /502.html;
}
you have to set nginx['redirect_http_to_https'] = false in(/etc/gitlab/gitlab.rb):
external_url "https://gitlab.example.com"
gitlab_rails['gitlab_email_from'] = "info#example.com"
gitlab_rails['gitlab_support_email'] = "support#example.com"
nginx['redirect_http_to_https'] = false
nginx['ssl_certificate'] = "/etc/gitlab/ssl/ssl-unified.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/ssl.key"
gitlab_rails['gitlab_default_projects_limit'] = 10
add include <%= #examplecom_http_config %>; into /opt/gitlab/embedded/cookbooks/gitlab/templates/default/nginx.conf.erb :
http {
sendfile <%= #sendfile %>;
tcp_nopush <%= #tcp_nopush %>;
tcp_nodelay <%= #tcp_nodelay %>;
keepalive_timeout <%= #keepalive_timeout %>;
gzip <%= #gzip %>;
gzip_http_version <%= #gzip_http_version %>;
gzip_comp_level <%= #gzip_comp_level %>;
gzip_proxied <%= #gzip_proxied %>;
gzip_types <%= #gzip_types.join(' ') %>;
include /opt/gitlab/embedded/conf/mime.types;
include <%= #gitlab_http_config %>;
include <%= #examplecom_http_config %>;
}
after all those changes run:
gitlab-ctl reconfigure
gitlab-ctl restart
vndr's above solution would work but on the https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md, it said:
Inserting custom settings into the NGINX config
If you need to add custom settings into the NGINX config, for example
to include existing server blocks, you can use the following setting.
Example: include a directory to scan for additional config files nginx['custom_nginx_config'] = "include /etc/nginx/conf.d/*.conf;"
So let's check your /opt/gitlab/embedded/cookbooks/gitlab/templates/default/nginx.conf.erb to see if it contains: <%= #custom_nginx_config %>
(it looks like the current gitlab-7.5.3_omnibus.5.2.1.ci-1.el6.x86_64.rpm doesn't include it)
If not, then just add it above the line include <%= #gitlab_http_config %>; like:
<%= #custom_nginx_config %>
include <%= #gitlab_http_config %>;
Then open the /etc/gitlab/gitlab.rb to add:
nginx['custom_nginx_config'] = "include /etc/nginx/conf.d/*.conf;"
We can make it simply by just add: include /etc/nginx/conf.d/*.conf; instead <%= #custom_nginx_config %>
Then create normal nginx .conf files in /etc/nginx/conf.d/ and gitlab-ctl reconfigure
As I did not wanted to change the config for gitlab Nginx server nor installing/configuring another Nginx and to make sure gitlab would survive an major update, I came to below solution for the Gitlab Omnibus package.
also as per
Gitlab:Ningx =>Inserting custom settings into the NGINX config
edit the /etc/gitlab/gitlab.rb of your gitlab:
nano /etc/gitlab/gitlab.rb
and sroll to nginx['custom_nginx_config'] and modify as below make sure to uncomment
# Example: include a directory to scan for additional config files
nginx['custom_nginx_config'] = "include /etc/nginx/conf.d/*.conf;"
create the new config dir:
mkdir -p /etc/nginx/conf.d/
nano /etc/nginx/conf.d/new_app.conf
and add content to your new config: /etc/nginx/conf.d/new_app.conf
server {
listen *:80;
server_name new_app.mycompany.com;
server_tokens off;
access_log /var/log/new_app_access.log;
error_log /var/log/new_app_error.log;
root /var/www/html/new_app/;
index index.html index.htm;
}
and reconfigure gitlab to get the new settings inserted
gitlab-ctl reconfigure
to restart nginx after changing your config's or adding more config's in /etc/nginx/conf.d:
gitlab-ctl restart nginx
to check nginx error log:
tail -f /var/log/gitlab/nginx/error.log
and see https://stackoverflow.com/a/39695791/6821811 for redirecting to another application server.
Even through you really can do it, a better practise would be to use upper level separate nginx server to serve both gitlab's nginx and your other custom content. Gitlab's nginx may change it's configuration at any time and it can break your custom content. Also, separate nginx is completely yours for configuring.
Just install those two instances to different ports and proxy gitlab's nginx with upper one. Of cause, it will be an overhead, but completely insignificant one.
I have tried both approaches, and the one that worked for me was to put a clean NGINX on top of gitlab's built in one. its more easy/convenient in the long run.
Depending on your needs here are some crucial things that have to be in place first:
DNS settings of your network/router/etc. (else this will not work, since the configurations here are based on server names,)
My setup is trivial one server, multiple sites hosted in the same server IP, and I filter by naming the apps thru NGINX name filter.
Here are the main steps to follow, keep in mind that depending on your needs this could imply more tweaking around, also this is a Ubuntu Server 14.04 .
First deactivate the main Nginx (the one bundled with omnibus) edit /etc/gitlab/gitlab.rb
nginx['enable'] = false
ci_nginx['enable'] = false
Now your free to install a clean instance of NGINX.
Regarding the previous step: sometimes the installer doesn't create the sites-enabled/ and sites-available/ folders, create them, and make sure to include them in the /etc/nginx/nginx.conf file
include /etc/nginx/sites-enabled/*.conf;
In a general nginx workflow you include your site configurations under sites-available/ and then when your ready/happy you make a link to sites-enabled/ folder and restart nginx so the changes are effective
Add your Gitlab configuration to Nginx site-available/ folder
here is my conf:
`upstream gitlab-workhorse {
server unix:/var/opt/gitlab/gitlab-workhorse/socket;
}
## Normal HTTP host
server {
## Either remove "default_server" from the listen line below,
## or delete the /etc/nginx/sites-enabled/default file. This will cause gitlab
## to be served if you visit any address that your server responds to, eg.
## the ip address of the server (http://x.x.x.x/)n 0.0.0.0:80 default_server;
#listen 0.0.0.0:80 default_server;
listen 0.0.0.0:80 ;
# listen [::]:80 default_server;
server_name gitlab.mycompany.com; ## Replace this with something like gitlab.example.com
server_tokens off; ## Don't show the nginx version number, a security best practice
root /opt/gitlab/embedded/service/gitlab-rails/public;
## See app/controllers/application_controller.rb for headers set
## Individual nginx logs for this GitLab vhost
access_log /var/log/nginx/gitlab.access.log;
error_log /var/log/nginx/gitlab.error.log;
location / {
client_max_body_size 0;
gzip off;
## https://github.com/gitlabhq/gitlabhq/issues/694
## Some requests take more than 30 seconds.
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://gitlab-workhorse;
}
}
you can find more detail of the configuration in here more options
restart/reload nginx
sudo service nginx restart
restart gitlab omnibus and check your Gitlab configuration
sudo gitlab-ctl reconfigure
sudo gitlab-ctl tail
(just to check if something is wrong in your gitlab configuration)
Add extra (as many as you like) server configurations that you need in /etc/nginx/sites-available/ and eventually when happy/ready add the link to /etc/nginx/sites-enabled/
here is another example of another app
upstream app_server {
server 127.0.0.1:9080 fail_timeout=0;
}
server {
listen 80;
server_name jenkins.mycompany.com;
access_log /var/log/nginx/jenkins.access.log;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
if (!-f $request_filename) {
proxy_pass http://app_server;
break;
}
}
}
remember to always restart/reload nginx so that you see your changes.
sudo service nginx restart
check the logs in case something is wrong /var/log/nginx/anysites*.log
Please note that here we are using upstream with different ports and the names(They exist/are real/are registered in the domain of your company) are all pointing to the same IP address, meaning NIGNX will come and find the same IP address but it will not break because of the different ports in the upstreams this is really important
That's how my configuration is working right now I have not had any issues with Gitlab or any other apps.
So hopefully this will help anyone out there.
Those "other content" are declared in NGiNX with "Server Blocks".
The GitLab one is in /etc/nginx/sites-available/gitlab (according to the documentation, and symlined in [/etc/nginx/sites-enabled][3]).
You can add other server blocks in it, similar to this one (you may have to choose a different port number), as illustrated in this process (updated here for Ubuntu 14.04)
server {
listen 80; ## listen for ipv4; this line is default and implied
#listen [::]:80 default ipv6only=on; ## listen for ipv6
root /var/www/example.com/public_html;
index index.html index.htm;
# Make site accessible from http://localhost/
server_name example.com;
}
The root directive should reference the root folder of your webapp (/var/www or more likely a subfolder of /var/www).
That server block is quite separate from any GitLab config.
Related
I have this .conf file for nginx
server {
listen 8080;
server_name _;
location /status {
stub_status;
}
}
After I used it, I have reloaded NGINX and found out that on my_ip:8080/status there is no page. I checked nginx.conf and it has include /etc/nginx/conf.d/*.conf; where my .conf is located originally.
What could be the problem?
The config looks OK.
What version of nginx you are running? Prior to version 1.7.5 directive stub_status required an argument: stub_status on;
Is your nginx built with corresponding module? To be sure, you can run nginx -V command and check if there in --with-http_stub_status_module in listed config parameters. If not, you need to rebuild nginx with this module enabled.
Is your .conf really loaded by nginx? Try to dump whole congfiguration with nginx -T command and check, if your config is present there.
This might be a dumb question but I'm kind of new to NGINX, what I'm trying to do is this:
I want a virtual host to reverse proxy another service running in the same machine in port 1000, so I have a file called jg1 inside /sites-available folder and it looks like this
server {
server_name jg1.example;
listen 80;
access_log /var/log/nginx/jg1.log;
error_log /var/log/nginx/jg1error.log;
location / {
proxy_pass http://127.0.0.1:10000/;
proxy_set_header Host $host;
}
}
As you see all I need is any browser in my computer respond when I hit http://jg1.example/ and show whatever I'm serving in http://localhost:10000 but it's not doing anything at all, btw the files jg1.log and jg1error.log do get created, I put that there just to see if nginx was actually reading the config file.
Ugh , Never Mind
I needed to add jg1.example to my /etc/hosts file as well duh! that made it work
I have configured nginx with fastcgi_mono_server4.
In my nginx config I have 2 hostnames :
server {
listen 80;
server_name dev.example.org
location / {
root /var/www/dev.example.org/;
fastcgi_index Default.aspx;
fastcgi_pass 127.0.0.1:9001;
include /etc/nginx/fastcgi_params;
}
}
server {
listen 80;
server_name *.example.org
location / {
root /var/www/example.org/;
fastcgi_index Default.aspx;
fastcgi_pass 127.0.0.1:9000;
include /etc/nginx/fastcgi_params;
}
}
nginx is OK with this configuration. dev goes to one and all other to another one .
I've already tried this :
fastcgi-mono-server4 /applications=*.example.org:/:/var/www/example.org/ /socket=tcp:127.0.0.1:9000
but it throws an error (Uri parse exception)
Update :
I need to get the full host name in my application, for example if the request was abc.example.org, I need to get "abc".
Unfortunately, HttpContext.Current.Request.Url does not contains "abc" but "*" which causes the parse error
If nginx is going to take care of routing the appropriate sub-domains to each fastcgi port (9000 or 9001) then can you get away with a wildcard domain when you start the mono server process e.g. just use a * instead of '*.example.org'
fastcgi-mono-server4 /applications=*:/:/var/www/example.org/ /socket=tcp:127.0.0.1:9000
Update: The above works to get two Mono server apps listening via nginx, but, using the nginx config from the original question will lead to an exception if you call HttpContext.Request.Url on the catch-all server. This is due to it not liking the * in *.example.org.
There are two possible solutions, depending what you'd like to see returned from HttpContext.Request.Url when a client browses foo.example.org, bar.example.org etc.
Option 1: If you don't care about the sub-domain and want to see example.org
Configure the second (*.example.org) nginx server to be the 'default_server' and have it assign a server-name without the wildcard e.g.
server {
listen 80 default_server;
server_name example.org;
access_log ... }
With these settings, browsing to foo.example.org/Default.aspx loads the page and HttpContext.Request.Url returns example.org/Default.aspx
Option 2: If you want to see the actual sub-domain e.g. foo.example.org
Removing the server_name from the second server definition works.
server {
listen 80 default_server;
access_log ... }
With these settings, browsing to foo.example.org/Default.aspx loads the page and HttpContext.Request.Url returns foo.example.org/Default.aspx
#stephen's answer is more simple and does not need fastcgi config modification.
I tried previous answer (before update), but it did not work.
Nginx take care of routing, as #stephen said, and the routing part worked.
to start fastcgi I used this command to match all routes (and server names)
fastcgi-mono-server4 /applications=/:/var/www/example.org/ /socket=tcp:127.0.0.1:9000
The problem was that HttpContext.Request.Url contains the $server_name value in my case it was "*.example.org" and when I try to parse URI there was an error.
To handle this I changed nginx fastcgi_params and replaced thi line
fastcgi_param SERVER_NAME $server_name;
by
fastcgi_param SERVER_NAME $http_host;
and add in site-available conf
proxy_set_header Host $host;
I think it is set by default.
reload nginx
nginx -t && service nginx reload
reload fastcgi-mono-server to test
fastcgi-mono-server4 /applications=/://var/www/example.org/ /socket=tcp:127.0.0.1:9000 /printlog=True /loglevels=Debug
in the log SERVER_NAME contains the real (not *) subomain.
I think all 3 problems are related to the same issue, so I'm going to put all of them here.
Gitlab itself is working, I even managed to update it from 8.2.2 to 8.2.3.
I can create projects, push my code, pull it, reclone it when I have the proper ssh key, etc.
BUT:
I can't download the code as zip file, got a JSON instead:
{"RepoPath":"/var/opt/gitlab/git-data/repositories/me/myrepo.git",
"ArchivePrefix": "...
People can't clone my public repo (empty repository error).
CI can't build my tests:
warning: You have cloned an empty repository. Checking out 12345 as
develop... fatal: reference is not a tree :
123456789mycommithash987654321
ERROR: Build failed with: exit status 1
NB: I Translated error messages from French ones.
I suppose the problem is in my Nginx configuration, but there is so much documentation I'm not sure which one is the good one: the ones with the workhorse, the ones when I have to change gitlab.rb's gitlab_git_http_server, etc.
My configuration is following:
Gitlab 8.2.3
Ubuntu Trusty (14.04)
Nginx 1.8
My gitlab is hosted on a subdomain using SLL so I added a Nginx proxy
/etc/gitlab/gitlab.rb:
external_url 'https://gitlab.mydomain.com'
nginx['listen_addresses'] = ['127.0.0.1', "[::1]"]
nginx['listen_port'] = 8080
nginx['listen_https'] = false
/etc/nginx/site_enabled/gitlab:
server {
listen *:80 default_server;
listen [::]:80 ipv6only=on default_server;
server_name gitlab.mydomain.com;
return 301 https://$server_name$request_uri;
access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;
}
server{
# listen 443 ssl;
listen 0.0.0.0:443 ssl default_server;
listen [::]:443 ipv6only=on ssl default_server;
server_name gitlab.mydomain.com;
server_tokens off;
location /{
proxy_pass http://localhost:8080;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location ~ ^/(assets)/ {
root /opt/gitlab/embedded/service/gitlab-rails/public;
gzip_static on; # to serve pre-gzipped version
expires max;
add_header Cache-Control public;
}
client_max_body_size 250m;
# ...
# A lot a of SSL stuff (HSTS, OCSP, dhparam, etc)
# ...
access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;
error_page 502 /502.html;
UPDATE :
Just upgraded Gilab to 8.3.0.
Git a 502 now.
Applying : https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/update/8.2-to-8.3.md.
We'll see.
UPDATE 2:
Did not finish instructions after all, stop everything and restarting everything twice (Gitlab and Nginx) Finally managed to get the thing working.
Still same problems with CI/Zip/PublicCloning tough.
UPDATE 3:
Just update to 8.2.3
apt-get update
apt-get install gitlab-ce
502.
restart nginx
gitlab-ctl restart
gitlab-rake gitlab:app:check
Checking GitLab ...
Git configured with autocrlf=input? ... yes
Database config exists? ... yes
Database is SQLite ... no
All migrations up? ... yes
Database contains orphaned GroupMembers? ... no
GitLab config exists? ... yes
GitLab config outdated? ... no
Log directory writable? ... yes
Tmp directory writable? ... yes
Uploads directory setup correctly? ... yes
Init script exists? ... skipped (omnibus-gitlab has no init script)
Init script up-to-date? ... skipped (omnibus-gitlab has no init script)
projects have namespace: ...
Redis version >= 2.8.0? ... yes
Ruby version >= 2.1.0 ? ... yes (2.1.7)
Your git bin path is "/opt/gitlab/embedded/bin/git"
Git version >= 1.7.10 ? ... yes (2.6.1)
Active users: 2
Checking GitLab ... Finished
If someone can lead me to the proper documentation or changes to be made that would be awesome.
It looks as though downloading of ZIP-Files is now handled by the gitlab-workhorse.
For that there's some extra stuff in the nginx-configfile. You might want to have a look at https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/support/nginx/gitlab where there is a section
upstream gitlab-workhorse {
server unix:/home/git/gitlab/tmp/sockets/gitlab-workhorse.socket fail_timeout=0;
}
and a
proxy_pass http://gitlab-workhorse;
at the end of the configuration.
I'm currently digging into the same issue and will report back, when I've solved it.
take a look at https://gist.github.com/sameersbn/becd1c976c3dc4866ef8 it seems that there is a option 'gzip' that can been turn off.
gzip off;
at line 53.
The update documentation is missing an item: it renames gitlab-git-http-server to gitlab-workhorse in nginx configuration, but it partially misses /etc/default/gitlab. Replace all occurrences of gitlab-git-http-server with gitlab-workhorse there as well, especially the socket in gitlab_workhorse_options.
Something like
sed -i -e 's/gitlab-git-http-server/gitlab-workhorse/g' /etc/default/gitlab
A beggining but not all of it:
I mistakenly made Gitlab's nginx listen to 8080 port. When it's already the port used by Gitlab's Unicorn.
Changing it to 8081 made the CI better responding. Still have to solve git user right (or better, use docker) but that's not a direct issue of what matters here...
UPDATE: Complete Solution - ACLs
Seems git and gitlab-runner users that are created during install process do have enough rights.
First: Create a real home for each : /home/gitlab-runner, /home/git with proper ssh authorized_keys, and rbenv + ruby installs.
Then: vim /etc/passwd and change there home directory for the new home, where they have full rights.
Now my builds are green !
Let's say this is the ip of a server running nginx:
1.2.3.4
Let's also say I've purchased this url:
www.abcd.com
I've edited the DNS records for www.abcd.com like so:
(Using Godaddy as a registrar)
A (host)
Host | Points To | TTL
# | 1.2.3.4 | Live!
Entering 1.2.3.4 into my browser's url bar will take me to my server's nginx welcome page. Because I pointed my url at the same address www.abcd.com also takes me to the same page, though it resolves to 1.2.3.4.
Here is my nginx config file:
sudo nano /opt/nginx/conf/nginx.conf #=>
http {
include /usr/local/nginx/conf/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
tcp_nodelay on;
gzip on;
server_names_hash_bucket_size 128;
client_max_body_size 4M;
client_body_buffer_size 128k;
include /usr/local/nginx/conf/conf.d/*.conf;
include /usr/local/nginx/conf/sites-enabled/*;
upstream appname {
server unix:///data/apps/appname/shared/tmp/puma/appname-puma.sock;
}
server {
listen 80;
server_name www.abcd.com;
root /public/rails/test;
# keepalive_timeout 5;
}
}
On my server, I have the following structure:
~/public/rails/test/index.html
Here's what index.html contains:
sudo nano /opt/nginx/conf/nginx.conf #=>
<h1> It works! Routing from <i>www.abcd.com</i> has been successful! </h1>
What I expect to happen:
Visiting www.abcd.com would be forwarded to 1.2.3.4 by the nameserver. When the request arrives at 1.2.3.4, nginx would see that it's come from www.abcd and serve this file to the user:
~/public/rails/test/index.html
In short:
www.abcd.com => It works! Routing from www.abcd.com has been successful!
What actually happens:
Visiting www.abcd.com is forwarded to 1.2.3.4 by the nameserver. However, it's although my config file isn't working. It just displays nginx' "welcome" message to the user, as if I haven't touched my config file.
I've tried
sudo service nginx stop
sudo service nginx start
and
sudo service nginx restart
and after editing the config, but different nothing happens.
What am I doing wrong? Where can I find logs to see exactly what's happening? What does nginx' welcome screen signify? That my paths are wrong? What? Flying blind here.
Your server blocks root directive is set to /public/rails/test (absolute path), while you say you expect it to serve ~/public/rails/test/index.html to the user. The character ~ indicates the current users home directory, and is a relative path.
Therefore: Try setting the absolute path (for example /home/myuser/public/rails/test) in the server block.
Add server_name with and without www
Add this line index index.html;
add ~ sign before /public/rails/test. Like: root ~/public/rails/test;
Try with this:
server {
listen 80;
server_name abcd.com www.abcd.com;
index index.html; # add this line
root ~/public/rails/test; # add "~" sign '/public/rails/test'
server_name www.abcd.com;
}