GitLab always Redirects to HTTPS

Question

I would like to run GitLab behind an Apache Reverse Proxy. The Apache makes all the SSL Stuff.

I´ve configured gitlab.rb like this.

external_url 'https://gitlab.example.com'
nginx['listen_address'] = '192.168.178.63'
nginx['listen_port'] = 8888
nginx['listen_https'] = false
nginx['external_users'] = ['http']

but when i enter the 192.168.178.63 in my webbrowser Gitlab always redirects me to https://192.168.178.63 but thats wrong the embedded Webserver from gitlab shoud do everithing with HTTP only

The problem is

external_url 'https://gitlab.example.com'

if i change it to

external_url 'http://gitlab.example.com'

everything works fine but it does not solve my problem because now gitlab thinks the external URL is only a HTTP not HTTPS.

How can I kill this redirect to https? That the Gitlab embedded Webserver does everything with http and the reverse proxy the ssl stuff

Thanks.

Answer 1

The external_url has to be set in GitLab only http, https will be enabled on your reverse proxy:

external_url 'http://gitlab.example.com'

Do not forget to reconfigire Gitlab after making changes.

gitlab-ctl reconfigure

In your reverse proxy set:

proxy_pass http://192.168.178.63:8888

Answer 2

GitLab does support reverse proxies, even when you configure external_url with HTTPS.

By default, Omnibus GitLab auto-detects whether to use SSL if external_url contains https:// and configures NGINX for SSL termination. However, if configuring GitLab to run behind a reverse proxy or an external load balancer, some environments may want to terminate SSL outside the GitLab application. To do this, edit /etc/gitlab/gitlab.rb to prevent the bundled NGINX from handling SSL termination:

nginx['listen_port'] = 80
nginx['listen_https'] = false

See the docs for more details.