问题
I got GitLab up and running, but currently it doesn't use SSL. I use the Let's Encrypt Plesk Extension to get free SSL Certificates in general. This is what my setup looks like:
- Plesk v12.5.30_build1205150826.19 os_Ubuntu 14.04
- GitLab 8.8.5
- Let's Encrypt Plesk Extension v1.6 Release 1
- Plesk Subdomain: git.my-domain.com
Plesk Apache & nginx Settings for git.my-domain.com:
Additional directives for HTTP :
<Location />
ProxyPass http://IP-of-my-domain:9999/
ProxyPassReverse http://IP-of-my-domain:9999/
</Location>
Additional directives for HTTPS :
<Location />
ProxyPass https://IP-of-my-domain:9998/
ProxyPassReverse https://IP-of-my-domain:9998/
</Location>
In my gitlab.rb file:
external_url "http://IP-of-my-domain:9999/"
I also found How do I use let’s encrypt with gitlab? and tried to adapt the answers but couldn't figure out what to put into:
nginx['custom_gitlab_server_config']="?"
nginx['custom_gitlab_mattermost_server_config']="?"
Http connection is working flawlessly (Subdomain or IP:Port, both work). As soon as I change to Https it doesn't and I get the following (also if I change external_url to port 9998):
Service Unavailable
The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.
Additionally, a 503 Service Unavailable error was encountered while trying to use an ErrorDocument to handle the request.
Certificate was installed before the ProxyPass and https works without any problems without the ProxyPass entries (i.e. the certificate exists and is valid).
If anyone got Plesk and GitLab with Let's Encrypt up and running, I would really appreciate if you could share your configuration.
回答1:
I created symlinks in /etc/gitlab/ssl to my certificates
subdomain.domain.tld.crt => /opt/psa/var/modules/letsencrypt/etc/archive/subdomain.domain.tld/cert1.pem
subdomain.domain.tld.key => /opt/psa/var/modules/letsencrypt/etc/archive/subdomain.domain.tld/privkey1.pem
In file gitlab.rb
external_url 'https://gitlab.domain.tld'
gitlab_rails['gitlab_shell_ssh_port'] = 22
gitlab_rails['initial_shared_runners_registration_token'] = "token"
web_server['external_users'] = ['webUser']
nginx['enable'] = false # Tutorial
nginx['redirect_http_to_https'] = true
nginx['listen_https'] = false
In Plesk: Domain => Apache & nginx Settings => Additional nginx directives
location ~ / {
# for omnibus installation
root /opt/gitlab/embedded/service/gitlab-rails/public;
try_files $uri $uri/index.html $uri.html @gitlab;
}
# if a file, which is not found in the root folder is requested,
# then the proxy pass the request to the upsteam (gitlab unicorn)
location @gitlab {
proxy_read_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
proxy_connect_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
proxy_redirect off;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://gitlab;
}
In file gitlab.conf
upstream gitlab {
# for omnibus installation
server unix:/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket;
}
来源:https://stackoverflow.com/questions/37854712/how-do-i-use-let-s-encrypt-with-gitlab-under-plesk-on-subdomain