服務器 nginx配置
server {
listen 80;
server_name domain.com;
rewrite ^(.*)$ https://$host$1 permanent;
}
server {
listen 443;
server_name domain.com;
ssl on;
ssl_certificate /etc/ssl/3336508_domain.com.pem;
ssl_certificate_key /etc/ssl/3336508_domain.com.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AESGCM:ALL:!DH:!EXPORT:!RC4:+HIGH:!MEDIUM:!LOW:!aNULL:!eNULL;
ssl_prefer_server_ciphers on;
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_buffering on;
proxy_pass http://localhost:8181;
}
}
gitlab.rb需修改
nginx['listen_port'] = 80
nginx['listen_https'] = false
nginx['proxy_set_headers'] = {
"X-Forwarded-Proto" => "https",
"X-Forwarded-Ssl" => "on"
}