puerto - GitLab 7.2.1 con Apache Server en lugar de Nginx

Acabo de pasar medio día averiguando por qué gitlab me estaba dando el error 422 y me quejaba de los tokens CSRF en los registros de gitlab-rails production.log.

Resulta que tuve que añadir esto a la configuración de apache:

RequestHeader set X-Forwarded-Ssl on

En mi caso, gitlab se instaló desde el paquete deb y Apache se está ejecutando en HTTPS.

Con dos cosas en mente:

1. Unicorn está escuchando en 8080 (puedes verificar esto con sudo netstat -pant | grep unicorn )
2. La raíz de su documento es /opt/gitlab/embedded/service/gitlab-rails/public

Puede crear un nuevo vhost para gitlab en apache con la siguiente configuración:

<VirtualHost *:80> ServerName gitlab.example.com ServerSignature Off ProxyPreserveHost On <Location /> Order deny,allow Allow from all ProxyPassReverse http://127.0.0.1:8080 ProxyPassReverse http://gitlab.example.com/ </Location> RewriteEngine on RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f RewriteRule .* http://127.0.0.1:8080%{REQUEST_URI} [P,QSA] # needed for downloading attachments DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public </VirtualHost>

En Debian GNU / Linux 8.4 (jessie) con la versión Omnibus 8.5.0 (apt-get):

Configuración de GitLab

# cat /etc/gitlab/gitlab.rb | grep -v ''^$/|^/s*/#'' external_url ''http://gitlab.example.fr'' gitlab_workhorse[''enable''] = true gitlab_workhorse[''listen_network''] = "tcp" gitlab_workhorse[''listen_addr''] = "127.0.0.1:8181" web_server[''external_users''] = [''www-data''] nginx[''enable''] = false

Configuración de Apache2

# cat /etc/apache2/sites-enabled/gitlab.conf | grep -v ''^$/|^/s*/#'' <VirtualHost *:80> ServerName gitlab.example.fr ServerSignature Off ProxyPreserveHost On AllowEncodedSlashes NoDecode <Location /> Require all granted ProxyPassReverse http://127.0.0.1:8181 ProxyPassReverse http://gitlab.example.fr/ </Location> RewriteEngine on RewriteCond %{REQUEST_URI} ^/api/v3/.* RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE] RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR] RewriteCond %{REQUEST_URI} ^/uploads/.* RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA] DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public ErrorDocument 404 /404.html ErrorDocument 422 /422.html ErrorDocument 500 /500.html ErrorDocument 503 /deploy.html LogFormat "%{X-Forwarded-For}i %l %u %t /"%r/" %>s %b" common_forwarded ErrorLog /var/log/apache2/gitlab_error.log CustomLog /var/log/apache2/gitlab_forwarded.log common_forwarded CustomLog /var/log/apache2/gitlab_access.log combined env=!dontlog CustomLog /var/log/apache2/gitlab.log combined </VirtualHost>

Salida de Netstat

# netstat -pant Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 11849/postgres tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 23736/config.ru tcp 0 0 127.0.0.1:8181 0.0.0.0:* LISTEN 26061/gitlab-workho

Fuente

https://gitlab.com/gitlab-org/gitlab-recipes/blob/master/web-server/apache/gitlab-omnibus-apache24.conf

http://doc.gitlab.com/omnibus/settings/nginx.html#using-a-non-bundled-web-server

Instalación desde origen. gitlab 7.4.5

Unicorn está escuchando 9095. Apache es 2.2.9 y no estoy usando https.

System information System: CentOS 6.7 Current User: git Using RVM: no Ruby Version: 2.1.2p95 Gem Version: 2.2.2 Bundler Version:1.11.2 Rake Version: 10.3.2 Sidekiq Version:2.17.0 GitLab information Version: 7.4.5 Revision: 19d572e Directory: /home/git/gitlab DB Adapter: mysql2 URL: http://gitlab.example.com HTTP Clone URL: http://gitlab.example.com/some-project.git SSH Clone URL: [email protected]:some-project.git Using LDAP: no Using Omniauth: no GitLab Shell Version: 2.0.1 Repositories: /home/git/repositories/ Hooks: /home/git/gitlab-shell/hooks/ Git: /usr/bin/git

Modificar el archivo de configuración de apache 2.2 funciona para mí.

Otro archivo de configuración antiguo para gitlab 6.0 está here que también funciona para mí.

#This configuration has been tested on GitLab 8.0.0 #Note this config assumes unicorn is listening on default port 8080 and gitlab-git-http-server is listening on port 8181. #To allow gitlab-git-http-server to listen on port 8181, edit or create /etc/default/gitlab and change or add the following: #gitlab_git_http_server_options="-listenUmask 0 -listenNetwork tcp -listenAddr localhost:8181 -authBackend http://127.0.0.1:8080" #Module dependencies # mod_rewrite # mod_proxy # mod_proxy_http # HTTP Configuration <VirtualHost *:80> ServerName gitlab.example.com ServerSignature Off ProxyPreserveHost On # Ensure that encoded slashes are not decoded but left in their encoded state. # http://doc.gitlab.com/ce/api/projects.html#get-single-project AllowEncodedSlashes NoDecode # Ensure that encoded slashes are not decoded but left in their encoded state. # http://doc.gitlab.com/ce/api/projects.html#get-single-project #AllowEncodedSlashes NoDecode <Location /> #Require all granted Order deny,allow Allow from all #Allow forwarding to gitlab-git-http-server #ProxyPassReverse http://127.0.0.1:8181 #Allow forwarding to GitLab Rails app (Unicorn) ProxyPassReverse http://127.0.0.1:9095 ProxyPassReverse http://gitlab.example.com/ </Location> #apache equivalent of nginx try files # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files # http://.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab RewriteEngine on #Forward these requests to gitlab-git-http-server #Forward these requests to gitlab-git-http-server #RewriteCond %{REQUEST_URI} ^/[/w/.-]+/[/w/.-]+/repository/archive.* [OR] #RewriteCond %{REQUEST_URI} ^/api/v3/projects/.*/repository/archive.* [OR] #RewriteCond %{REQUEST_URI} ^/[/w/.-]+/[/w/.-]+/(info/refs|git-upload-pack|git-receive-pack)$ #RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA] #Forward any other requests to GitLab Rails app (Unicorn) RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR] RewriteCond %{REQUEST_URI} ^/uploads RewriteRule .* http://127.0.0.1:9095%{REQUEST_URI} [P,QSA,NE] # needed for downloading attachments DocumentRoot /home/git/gitlab/public #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up. ErrorDocument 404 /404.html ErrorDocument 422 /422.html ErrorDocument 500 /500.html ErrorDocument 503 /deploy.html LogFormat "%{X-Forwarded-For}i %l %u %t /"%r/" %>s %b" common_forwarded ErrorLog logs/gitlab.example.com_error.log CustomLog logs/gitlab.example.com_forwarded.log common_forwarded CustomLog logs/gitlab.example.com_access.log combined env=!dontlog CustomLog logs/gitlab.example.com.log combined </VirtualHost>

Esperanza útil para alguien que la instalación desde la fuente con la antigua edición de gitlab.

Para los viajeros recientes con GitLab 10.XX, eche un vistazo a este repositorio . Puede encontrar los archivos de configuración de Apache2, así como las instrucciones para que GitLab se ejecute únicamente con Apache2 y NGINX deshabilitados.

Seguí este artículo http://eserdeniz.fr/articles/view/4/installer-gitlab-sous-debian-7-avec-nginx-et-mysql y funcionó pero necesitaba apache en lugar de nginx.

Después de tener muchos problemas para configurar apache2 con gitlab-ce 7.9.0.rc3, busqué en la documentación de apache, con respecto a la directiva ProxyPass y ProxyPassReverse.

Resolví mis problemas con este vhost:

<VirtualHost *:80> ServerName gitlab.me # those options below are recommanded by apache, dealing with the simple Proxy we need for gitlab ProxyRequests Off ProxyPreserveHost On AllowEncodedSlashes NoDecode # here we don''t want to proxify the requests for the existing assets in gitlab''s public directory ProxyPassMatch ^(/[^/]+/.(html|png|ico|css|txt))$ ! ProxyPass /assets ! # here we "redirect" the requests for http://gitlab.me/ to http://127.0.0.1:8080/ ProxyPass / http://127.0.0.1:8080/ # here we "rewrite" the redirections form unicorn for http://127.0.0.1:8080/ into http://gitlab.me/ ProxyPassReverse / http://127.0.0.1:8080/ # And of course the DocumentRoot to handle the assets requests DocumentRoot /home/git/gitlab/public/ # In the last versions of apache, there is a deny,allow default order so we put those two sections to prevent ''client denied by server configuration'' 403 error <Directory /home/git/gitlab/public/> # apache 2.2 Order allow,deny Allow from all # apache 2.4 Require all granted </Directory> <Location /> # apache 2.2 Order allow,deny Allow from all # apache 2.4 Require all granted </Location> </VirtualHost>

Ahora está ardiendo rápido!

¡Espero que esto ayude!

Si tiene un problema de acceso HTTP Git, mire esta configuración:

# cat /etc/gitlab/gitlab.rb | grep -v ''^$/|^/s*/#'' external_url ''http://gitlab.example.fr'' web_server[''external_users''] = [''www-data''] nginx[''enable''] = false ci_nginx[''enable''] = false gitlab_git_http_server[''listen_network''] = "tcp" gitlab_git_http_server[''listen_addr''] = "localhost:8282"

y la configuración de apache2:

# cat /etc/apache2/sites-enabled/gitlab <VirtualHost *:80> ServerName gitlab.example.fr ProxyRequests Off ServerSignature Off ProxyPreserveHost On AllowEncodedSlashes NoDecode ProxyPassMatch ^(/[^/]+/.(html|png|ico|css|txt))$ ! ProxyPass /assets ! ProxyPass / http://127.0.0.1:8080/ ProxyPassReverse / http://127.0.0.1:8080/ RewriteEngine on RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f RewriteRule /[-///w/.]+/.git// http://127.0.0.1:8282%{REQUEST_URI} [P,QSA,L] DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public <Directory /opt/gitlab/embedded/service/gitlab-rails/public/> Order allow,deny Allow from all </Directory> <Location /> Order allow,deny Allow from all </Location> </VirtualHost>

Aplicar los cambios:

# gitlab-ctl reconfigure # service apache2 reload

Desde https://gitlab.com/gitlab-org/gitlab-ce/issues/2669#note_2176671

Usando la respuesta de @ pincoded, pude hacer que GitLab estuviera en funcionamiento, pero cuando presionaba los cambios siempre recibía un error 500.

Luego usé la configuración oficial para apache proporcionada por GitLab en la respuesta de @ themadmax. El problema aquí es que el servidor nunca fue accesible y después de algún tiempo produjo un error 502.

Mi solución: utilizando https://gitlab.com/gitlab-org/gitlab-recipes/blob/master/web-server/apache/gitlab-omnibus-apache24.conf de GitLab (tenga cuidado, recuerde elegir la configuración SSL en este enlace, si ejecuta GitLab SSL solamente) PERO después de esta entrada en el foro tuve que volver a activar nginx.

Así que al final mi configuración se veía así:

vhost

<VirtualHost *:80> ServerName YOUR_SERVER_FQDN ServerSignature Off ProxyPreserveHost On # Ensure that encoded slashes are not decoded but left in their encoded state. # http://doc.gitlab.com/ce/api/projects.html#get-single-project AllowEncodedSlashes NoDecode <Location /> # New authorization commands for apache 2.4 and up # http://httpd.apache.org/docs/2.4/upgrading.html#access Require all granted #Allow forwarding to gitlab-workhorse ProxyPassReverse http://127.0.0.1:8181 ProxyPassReverse http://YOUR_SERVER_FQDN/ </Location> # Apache equivalent of nginx try files # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files # http://.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab RewriteEngine on #Forward all requests to gitlab-workhorse except existing files like error documents RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR] RewriteCond %{REQUEST_URI} ^/uploads/.* RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE] # needed for downloading attachments DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up. ErrorDocument 404 /404.html ErrorDocument 422 /422.html ErrorDocument 500 /500.html ErrorDocument 502 /502.html ErrorDocument 503 /503.html </VirtualHost>

gitlab.ru:

# nginx[''enable''] = false # this defaults to true gitlab_workhorse[''enable''] = true gitlab_workhorse[''listen_network''] = "tcp" gitlab_workhorse[''listen_addr''] = "127.0.0.1:8181"