How to install gitlab separate on centos7? - apache

I wish to install gitlab on my Centos 7 server. But I need to separate the gitlab and apache folder. That is when I type localhost should get the index page in HTML folder and when I type git.example.com should get the gitlab page. Is there any way to do this? Please help me, anyone.

Might not be the best solution, but what I did was to set a "front NGINX" to proxy my 3 services: Apache (at www), Redmine (at issues) and GitLab (at git)
Then I configured my Apache to listen on another port (say 808). And my GitLab to listen on its own port (say 809).
And I added a server configuration in NGINX with a proxypass using something like this:
server {
listen 80;
server_name www.example.com;
location / {
access_log off;
proxy_pass http://localhost:808;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
and one for the GitLab as:
server {
listen 80;
server_name git.example.com;
location / {
access_log off;
proxy_pass http://localhost:809;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
error_page 502 /502.html;
location = /502.html {
root /opt/gitlab/error_pages;
}
}

Related

Harbor 2.5.0 behind Apache reverse proxy

I installed Harbor in a server inside the company farm and I can use it without problem through https://my-internal-server.com/harbor.
I tried to add the reverse proxy rules to Apache to access it through the public server for harbor, v2, chartrepo, service endpoints, like https://my-public-server.com/harbor, but this doesn't work.
For example:
ProxyPass /harbor https://eslregistry.eng.it/harbor
ProxyPassReverse /harbor https://eslregistry.eng.it/harbor
I also set in harbor.yaml:
external_url: https://my-public-server.com
When I try to access to https://my-public-server.com/harbor with the browser I see a Loading... page and 404 errors for static resources because it tries to get them with this GET:
https://my-public-server.com/scripts.a459d5a2820e9a99.js
How can I configure it to work?
You should pass the whole domain, not only the path. Take a look at the official Nginx config to have an idea how this might look like.
upstream harbor {
server harbor_proxy_ip:8080;
}
server {
listen 443 ssl;
server_name harbor.mycomp.com;
ssl_certificate /etc/nginx/conf.d/mycomp.com.crt;
ssl_certificate_key /etc/nginx/conf.d/mycomp.com.key;
client_max_body_size 0;
chunked_transfer_encoding on;
location / {
proxy_pass http://harbor/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffering off;
proxy_request_buffering off;
}
Note that you should disable proxy or buffering

Exposing multiple docker services over nginx

I'm serving a website, generated by a docker container, using nginx, which also lives in a docker container. This setup works quite well.
What I want to do now, is serve multiple websites, from multiple containers.
My (simplified) setup is below.
http {
upstream app_01 {
server container_01:80;
}
upstream app_02 {
server container_02:80;
}
server {
listen 443 ssl;
include common.conf;
include /etc/nginx/ssl.conf;
location / {
proxy_pass http://app_01;
proxy_redirect off;
include common_location.conf;
}
location /alternative {
proxy_pass http://app_02;
proxy_redirect off;
include common_location.conf;
}
}
}
common_location.conf contains:
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Port $server_port;
My original website still works fine (container_01), and I can kinda access the second site (container_02); the starting page gets loaded partially. It appears that it keeps the upload/ part in all links.
My question: how do I get this to work?
Since nobody seems to be able to answer, I ended up using an alternative to nginx, which worked within ten minutes.

Nginx Problem: Nginx adds comma and duplicate the url

I've just deployed a flask application with Gunicorn and Nginx. The application is running under 192.168.25.49 address. Nginx configured as following:
server {
listen 80;
server_name 192.168.25.49;
location / {
include proxy_params;
proxy_redirect off;
proxy_set_header host $host;
proxy_set_header X-real-ip $remote_addr;
proxy_set_header X-forward-for $proxy_add_x_forwarded_for;
proxy_pass http://unix:/home/avin/Saba/saba.sock;
}
}
The problem is: When I enter 192.168.25.49 in the address bar, it automatically changes to http://192.168.25.49,192.168.25.49/login. This problem occurs on login and logout too.
I've searched whole the internet but nothing found for this problem. If anyone with Nginx knowledge help me will appreciate.

proxy_set_header is not working either showing in phpinfo();

I don't know what else or how to ask Google so I come here.
I have this nginx config file (apache.servers.conf is the name):
server {
listen 80;
server_name mysite.com www.mysite.com;
location / {
proxy_pass http://xxx.yyy.zzz.235:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
But no matter what, headers are not showing on the phpinfo();
According to this: https://www.digitalocean.com/community/tutorials/how-to-configure-nginx-as-a-web-server-and-reverse-proxy-for-apache-on-one-ubuntu-16-04-server
The variables HTTPXREAL_IP and HTTPXFORWARDED_FOR were added by Nginx
and should show the public IP address of the computer you're using to
access the URL.
I've already replace mysite and xxx.yyy.zzz.235:8080 with the corresponding values
But is not showing on my phpinfo();
This is for a reserve proxy server. Apache and Nginx themselves are working fine but can't say the same about the headers.
Any help will be appreciated!
Thanks a lot!

nginx location directive : authentication happening in wrong location block?

I'm flummoxed.
I have a server that is primarily running couchdb over ssl (using nginx to proxy the ssl connection) but also has to serve some apache stuff.
Basically I want everything that DOESN'T start /www to be sent to the couchdb backend. If a url DOES start /www then it should be mapped to the local apache server on port 8080.
My config below works with the exception that I'm getting prompted for authentication on the /www paths as well. I'm a bit more used to configuring Apache than nginx, so I suspect I'm mis-understanding something, but if anyone can see what is wrong from my configuration (below) I'd be most grateful.
To clarify my use scenario;
https://my-domain.com/www/script.cgi should be proxied to
http://localhost:8080/script.cgi
https://my-domain.com/anythingelse should be proxied to
http://localhost:5984/anythingelse
ONLY the second should require authentication. It is the authentication issue that is causing problems - as I mentioned, I am being challenged on https://my-domain.com/www/anything as well :-(
Here's the config, thanks for any insight.
server {
listen 443;
ssl on;
# Any url starting /www needs to be mapped to the root
# of the back end application server on 8080
location ^~ /www/ {
proxy_pass http://localhost:8080/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# Everything else has to be sent to the couchdb server running on
# port 5984 and for security, this is protected with auth_basic
# authentication.
location / {
auth_basic "Restricted";
auth_basic_user_file /path-to-passwords;
proxy_pass http://localhost:5984;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Ssl on;
}
}
Maxim helpfully answered this for me by mentioning that browsers accessing the favicon would trigger this behaviour and that the config was correct in other respects.