如何在子域的 Plesk 下使用 Let's Encrypt with GitLab？

Question

我启动了 GitLab 并 运行，但目前它不使用 SSL。我通常使用 Let's Encrypt Plesk Extension 来获取免费的 SSL 证书。 这就是我的设置：

• Plesk v12.5.30_build1205150826.19 os_Ubuntu 14.04
• 亚搏体育app 8.8.5
• 让我们加密 Plesk 扩展 v1.6 第 1 版
• Plesk 子域：git.my-domain.com

git.my-domain.com 的 Plesk Apache 和 nginx 设置：

Additional directives for HTTP :
<Location />
    ProxyPass http://IP-of-my-domain:9999/
    ProxyPassReverse http://IP-of-my-domain:9999/
</Location>
Additional directives for HTTPS :
<Location />
     ProxyPass https://IP-of-my-domain:9998/
     ProxyPassReverse https://IP-of-my-domain:9998/
  </Location>

在我的 gitlab.rb 文件中：

external_url "http://IP-of-my-domain:9999/"

我还找到了 并尝试调整答案，但不知道要放入什么：

nginx['custom_gitlab_server_config']="?"
nginx['custom_gitlab_mattermost_server_config']="?"

HTTP 连接正常工作（子域或 IP:Port，两者都有效）。一旦我更改为 Https，它就不会，我得到以下信息（如果我将 external_url 更改为端口 9998）：

Service Unavailable

The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.

Additionally, a 503 Service Unavailable error was encountered while trying to use an ErrorDocument to handle the request.

证书是在 ProxyPass 之前安装的，并且 https 在没有 ProxyPass 条目的情况下工作没有任何问题（即证书存在并且有效）。

如果有人使用 Let's Encrypt up 和 运行 安装了 Plesk 和 GitLab，如果您能分享您的配置，我将不胜感激。

Answer 1

我在 /etc/gitlab/ssl 中创建了指向我的证书的符号链接

1. subdomain.domain.tld.crt => /opt/psa/var/modules/letsencrypt/etc/archive/subdomain.domain.tld/cert1.pem

2. subdomain.domain.tld.key => /opt/psa/var/modules/letsencrypt/etc/archive/subdomain.domain.tld/privkey1.pem

在文件中 gitlab.rb

external_url 'https://gitlab.domain.tld'
gitlab_rails['gitlab_shell_ssh_port'] = 22 
gitlab_rails['initial_shared_runners_registration_token'] = "token"
web_server['external_users'] = ['webUser']
nginx['enable'] = false  # Tutorial
nginx['redirect_http_to_https'] = true      
nginx['listen_https'] = false

在 Plesk 中：域 => Apache 和 nginx 设置 => 其他 nginx 指令

 location ~ / {
        # for omnibus installation
        root /opt/gitlab/embedded/service/gitlab-rails/public;
        try_files $uri $uri/index.html $uri.html @gitlab;
    }

    # if a file, which is not found in the root folder is requested,
    # then the proxy pass the request to the upsteam (gitlab unicorn)
    location @gitlab {
        proxy_read_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
        proxy_connect_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
        proxy_redirect     off;

        proxy_set_header   X-Forwarded-Proto $scheme;
        proxy_set_header   Host              $http_host;
        proxy_set_header   X-Real-IP         $remote_addr;

        proxy_pass http://gitlab;

    }

在文件中 gitlab.conf

  upstream gitlab {
        # for omnibus installation
        server unix:/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket;
    }