如何在子域的 Plesk 下使用 Let's Encrypt with GitLab?
How do I use Let’s Encrypt with GitLab under Plesk on Subdomain?
我启动了 GitLab 并 运行,但目前它不使用 SSL。我通常使用 Let's Encrypt Plesk Extension 来获取免费的 SSL 证书。
这就是我的设置:
- Plesk v12.5.30_build1205150826.19 os_Ubuntu 14.04
- 亚搏体育app 8.8.5
- 让我们加密 Plesk 扩展 v1.6 第 1 版
- Plesk 子域:git.my-domain.com
git.my-domain.com 的 Plesk Apache 和 nginx 设置:
Additional directives for HTTP :
<Location />
ProxyPass http://IP-of-my-domain:9999/
ProxyPassReverse http://IP-of-my-domain:9999/
</Location>
Additional directives for HTTPS :
<Location />
ProxyPass https://IP-of-my-domain:9998/
ProxyPassReverse https://IP-of-my-domain:9998/
</Location>
在我的 gitlab.rb 文件中:
external_url "http://IP-of-my-domain:9999/"
我还找到了 并尝试调整答案,但不知道要放入什么:
nginx['custom_gitlab_server_config']="?"
nginx['custom_gitlab_mattermost_server_config']="?"
HTTP 连接正常工作(子域或 IP:Port,两者都有效)。一旦我更改为 Https,它就不会,我得到以下信息(如果我将 external_url 更改为端口 9998):
Service Unavailable
The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.
Additionally, a 503 Service Unavailable error was encountered while trying to use an ErrorDocument to handle the request.
证书是在 ProxyPass 之前安装的,并且 https 在没有 ProxyPass 条目的情况下工作没有任何问题(即证书存在并且有效)。
如果有人使用 Let's Encrypt up 和 运行 安装了 Plesk 和 GitLab,如果您能分享您的配置,我将不胜感激。
我在 /etc/gitlab/ssl 中创建了指向我的证书的符号链接
subdomain.domain.tld.crt => /opt/psa/var/modules/letsencrypt/etc/archive/subdomain.domain.tld/cert1.pem
subdomain.domain.tld.key => /opt/psa/var/modules/letsencrypt/etc/archive/subdomain.domain.tld/privkey1.pem
在文件中 gitlab.rb
external_url 'https://gitlab.domain.tld'
gitlab_rails['gitlab_shell_ssh_port'] = 22
gitlab_rails['initial_shared_runners_registration_token'] = "token"
web_server['external_users'] = ['webUser']
nginx['enable'] = false # Tutorial
nginx['redirect_http_to_https'] = true
nginx['listen_https'] = false
在 Plesk 中:域 => Apache 和 nginx 设置 => 其他 nginx 指令
location ~ / {
# for omnibus installation
root /opt/gitlab/embedded/service/gitlab-rails/public;
try_files $uri $uri/index.html $uri.html @gitlab;
}
# if a file, which is not found in the root folder is requested,
# then the proxy pass the request to the upsteam (gitlab unicorn)
location @gitlab {
proxy_read_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
proxy_connect_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
proxy_redirect off;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://gitlab;
}
在文件中 gitlab.conf
upstream gitlab {
# for omnibus installation
server unix:/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket;
}
我启动了 GitLab 并 运行,但目前它不使用 SSL。我通常使用 Let's Encrypt Plesk Extension 来获取免费的 SSL 证书。 这就是我的设置:
- Plesk v12.5.30_build1205150826.19 os_Ubuntu 14.04
- 亚搏体育app 8.8.5
- 让我们加密 Plesk 扩展 v1.6 第 1 版
- Plesk 子域:git.my-domain.com
git.my-domain.com 的 Plesk Apache 和 nginx 设置:
Additional directives for HTTP :
<Location />
ProxyPass http://IP-of-my-domain:9999/
ProxyPassReverse http://IP-of-my-domain:9999/
</Location>
Additional directives for HTTPS :
<Location />
ProxyPass https://IP-of-my-domain:9998/
ProxyPassReverse https://IP-of-my-domain:9998/
</Location>
在我的 gitlab.rb 文件中:
external_url "http://IP-of-my-domain:9999/"
我还找到了
nginx['custom_gitlab_server_config']="?"
nginx['custom_gitlab_mattermost_server_config']="?"
HTTP 连接正常工作(子域或 IP:Port,两者都有效)。一旦我更改为 Https,它就不会,我得到以下信息(如果我将 external_url 更改为端口 9998):
Service Unavailable
The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.
Additionally, a 503 Service Unavailable error was encountered while trying to use an ErrorDocument to handle the request.
证书是在 ProxyPass 之前安装的,并且 https 在没有 ProxyPass 条目的情况下工作没有任何问题(即证书存在并且有效)。
如果有人使用 Let's Encrypt up 和 运行 安装了 Plesk 和 GitLab,如果您能分享您的配置,我将不胜感激。
我在 /etc/gitlab/ssl 中创建了指向我的证书的符号链接
subdomain.domain.tld.crt => /opt/psa/var/modules/letsencrypt/etc/archive/subdomain.domain.tld/cert1.pem
subdomain.domain.tld.key => /opt/psa/var/modules/letsencrypt/etc/archive/subdomain.domain.tld/privkey1.pem
在文件中 gitlab.rb
external_url 'https://gitlab.domain.tld'
gitlab_rails['gitlab_shell_ssh_port'] = 22
gitlab_rails['initial_shared_runners_registration_token'] = "token"
web_server['external_users'] = ['webUser']
nginx['enable'] = false # Tutorial
nginx['redirect_http_to_https'] = true
nginx['listen_https'] = false
在 Plesk 中:域 => Apache 和 nginx 设置 => 其他 nginx 指令
location ~ / {
# for omnibus installation
root /opt/gitlab/embedded/service/gitlab-rails/public;
try_files $uri $uri/index.html $uri.html @gitlab;
}
# if a file, which is not found in the root folder is requested,
# then the proxy pass the request to the upsteam (gitlab unicorn)
location @gitlab {
proxy_read_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
proxy_connect_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
proxy_redirect off;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://gitlab;
}
在文件中 gitlab.conf
upstream gitlab {
# for omnibus installation
server unix:/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket;
}