Gitlab Mattermost 的 nginx 服务器配置(使用非捆绑的 nginx 服务器)
nginx server configuration for Gitlab Mattermost (using non-bundled nginx server)
我正在尝试根据 https://docs.gitlab.com/omnibus/gitlab-mattermost/README.html. I am using a non-bundled nginx server, which is configured as described here. The rest of Gitlab is currently working; I can access it by going to http://code.my.company.com 配置 Gitlab Mattermost。
Mattermost 可能配置正确,但我似乎找不到任何关于如何使用 Mattermost 配置非捆绑 nginx 的信息。特别是,我想知道 proxy_pass 应该是什么。
Gitlab sample configuration file 使用 proxy_pass http://gitlab-workhorse。在同一个文件的顶部附近,他们将其定义为 unix:/home/git/gitlab/tmp/sockets/gitlab-workhorse.socket。这对 Gitlab 本身很有效(正如我们希望的那样!),但我不知道 proxy_pass 用于 Mattermost。
正如您将在下面的我的 nginx 配置文件中看到的,我通过简单地 copy/pasting 大多数普通 Gitlab nginx 配置创建了 nginx 配置的最重要部分,其中包括 proxy_pass http://gitlab-workhorse 行.毫不奇怪,这只会导致 http://code.my.company.com:1337 转发到普通的 Gitlab,而不是 Mattermost。
这是我的/etc/nginx/sites-available/default文件(这个文件中的所有评论都是我的;如果你想看原始评论,请看the source):
## Most of this is copy/pasted from https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/support/nginx/gitlab
## A few of the paths are different from the current version,
## perhaps because the Gitlab-suggested nginx config was different when I installed Gitlab
upstream gitlab-workhorse {
server unix:/var/opt/gitlab/gitlab-workhorse/socket;
}
map $http_upgrade $connection_upgrade_gitlab {
default upgrade;
'' close;
}
## Mattermost config, mostly copy/pasted from the server{} block below
server {
listen 0.0.0.0:1337 default_server;
listen [::]:1337 default_server;
server_name code.my.company.com;
location / {
client_max_body_size 0;
gzip off;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade_gitlab;
proxy_pass http://gitlab-workhorse;
}
}
## normal Gitlab config
server {
listen 0.0.0.0:80 default_server;
listen [::]:80 default_server;
server_name code.my.company.com;
server_tokens off;
root /opt/gitlab/embedded/service/gitlab-rails/public;
access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;
location / {
client_max_body_size 0;
gzip off;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade_gitlab;
proxy_pass http://gitlab-workhorse;
}
}
这里是/etc/gitlab/gitlab.rb的相关部分:
external_url 'http://code.my.company.com'
mattermost_external_url 'http://code.my.company.com:1337'
nginx['enable'] = false
mattermost_nginx['enable'] = false
mattermost['gitlab_enable'] = true
mattermost['gitlab_id'] = "HiddenForWhosebugPost"
mattermost['gitlab_secret'] = "HiddenForWhosebugPost"
mattermost['gitlab_scope'] = ""
mattermost['gitlab_auth_endpoint'] = "http://code.my.company.com/oauth/authorize"
mattermost['gitlab_token_endpoint'] = "http://code.my.company.com/oauth/token"
mattermost['gitlab_user_api_endpoint'] = "http://code.my.company.com/api/v3/user"
这里有一个来自 docs 的示例,展示了一个有效的 Mattermost nginx 配置的样子:
upstream backend {
server 10.10.10.2:8065;
}
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off;
server {
listen 80;
server_name mattermost.example.com;
location /api/v3/users/websocket {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
client_max_body_size 50M;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
proxy_read_timeout 600s;
proxy_pass http://backend;
}
location / {
client_max_body_size 50M;
proxy_set_header Connection "";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
proxy_read_timeout 600s;
proxy_cache mattermost_cache;
proxy_cache_revalidate on;
proxy_cache_min_uses 2;
proxy_cache_use_stale timeout;
proxy_cache_lock on;
proxy_pass http://backend;
}
}
您需要将 10.0.0.2:8065 替换为 Mattermost 所在的 IP(或主机)和端口 运行。如果您也想设置 SSL,请查看文档 here(此示例配置的来源)。
我正在尝试根据 https://docs.gitlab.com/omnibus/gitlab-mattermost/README.html. I am using a non-bundled nginx server, which is configured as described here. The rest of Gitlab is currently working; I can access it by going to http://code.my.company.com 配置 Gitlab Mattermost。
Mattermost 可能配置正确,但我似乎找不到任何关于如何使用 Mattermost 配置非捆绑 nginx 的信息。特别是,我想知道 proxy_pass 应该是什么。
Gitlab sample configuration file 使用 proxy_pass http://gitlab-workhorse。在同一个文件的顶部附近,他们将其定义为 unix:/home/git/gitlab/tmp/sockets/gitlab-workhorse.socket。这对 Gitlab 本身很有效(正如我们希望的那样!),但我不知道 proxy_pass 用于 Mattermost。
正如您将在下面的我的 nginx 配置文件中看到的,我通过简单地 copy/pasting 大多数普通 Gitlab nginx 配置创建了 nginx 配置的最重要部分,其中包括 proxy_pass http://gitlab-workhorse 行.毫不奇怪,这只会导致 http://code.my.company.com:1337 转发到普通的 Gitlab,而不是 Mattermost。
这是我的/etc/nginx/sites-available/default文件(这个文件中的所有评论都是我的;如果你想看原始评论,请看the source):
## Most of this is copy/pasted from https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/support/nginx/gitlab
## A few of the paths are different from the current version,
## perhaps because the Gitlab-suggested nginx config was different when I installed Gitlab
upstream gitlab-workhorse {
server unix:/var/opt/gitlab/gitlab-workhorse/socket;
}
map $http_upgrade $connection_upgrade_gitlab {
default upgrade;
'' close;
}
## Mattermost config, mostly copy/pasted from the server{} block below
server {
listen 0.0.0.0:1337 default_server;
listen [::]:1337 default_server;
server_name code.my.company.com;
location / {
client_max_body_size 0;
gzip off;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade_gitlab;
proxy_pass http://gitlab-workhorse;
}
}
## normal Gitlab config
server {
listen 0.0.0.0:80 default_server;
listen [::]:80 default_server;
server_name code.my.company.com;
server_tokens off;
root /opt/gitlab/embedded/service/gitlab-rails/public;
access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;
location / {
client_max_body_size 0;
gzip off;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade_gitlab;
proxy_pass http://gitlab-workhorse;
}
}
这里是/etc/gitlab/gitlab.rb的相关部分:
external_url 'http://code.my.company.com'
mattermost_external_url 'http://code.my.company.com:1337'
nginx['enable'] = false
mattermost_nginx['enable'] = false
mattermost['gitlab_enable'] = true
mattermost['gitlab_id'] = "HiddenForWhosebugPost"
mattermost['gitlab_secret'] = "HiddenForWhosebugPost"
mattermost['gitlab_scope'] = ""
mattermost['gitlab_auth_endpoint'] = "http://code.my.company.com/oauth/authorize"
mattermost['gitlab_token_endpoint'] = "http://code.my.company.com/oauth/token"
mattermost['gitlab_user_api_endpoint'] = "http://code.my.company.com/api/v3/user"
这里有一个来自 docs 的示例,展示了一个有效的 Mattermost nginx 配置的样子:
upstream backend {
server 10.10.10.2:8065;
}
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off;
server {
listen 80;
server_name mattermost.example.com;
location /api/v3/users/websocket {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
client_max_body_size 50M;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
proxy_read_timeout 600s;
proxy_pass http://backend;
}
location / {
client_max_body_size 50M;
proxy_set_header Connection "";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
proxy_read_timeout 600s;
proxy_cache mattermost_cache;
proxy_cache_revalidate on;
proxy_cache_min_uses 2;
proxy_cache_use_stale timeout;
proxy_cache_lock on;
proxy_pass http://backend;
}
}
您需要将 10.0.0.2:8065 替换为 Mattermost 所在的 IP(或主机)和端口 运行。如果您也想设置 SSL,请查看文档 here(此示例配置的来源)。