How to configure port forwarding in gitlab?

Question

I have configured gitlab so that I can only connect to it from a specific ip address. In gitlab.rb file I configured the url this way:

external_url 'gitlab.example.pl:2000'

and also configured ufw:

[ 1] 2000   ALLOW IN    192.169.0.1/24

When I want to access gitlab by browser I have to type additionally port 2000, so I would like to port forwarding to 443. I can't give access to port 443 only to a specific ip address in ufw because i configured mattermost in this same server and must be access from everywhere. I tried port forwarding with apache2 or ngnix but gitlab listens on port 80 and because of this apache2 and nginx are not working. I also tried find solution in file gitlab.rb

nginx['listen_port'] = 443
nginx['redirect_http_to_https_port'] = 80
nginx['redirect_http_to_https'] = false

Please give me a solution to this problem.

score 0 · Answer 1 · answered Oct 29 '21 at 20:50

You do you not have to configure listeners for gitlab and mattermost separately. Both your mattermost and gitlab URL will point to the same IP address and port and both should route to NGINX.

NGINX will route traffic appropriately to gitlab or mattermost based on the hostname header. Just configure the external_url for gitlab and mattermost_external_url for mattermost appropriately within the same gitlab installation. There's no particular need to put apache in front of gitlab's nginx.

external_url 'https://gitlab.example.com'
mattermost_external_url 'https://mattermost.example.com'
nginx['listen_port'] = 443
nginx['listen_https'] = true

As long as your firewall allows traffic on port 443 to nginx, you're OK. If you need that to be a specific IP address, set nginx['listen_address'].

Ok, but I want mattermost to be accessible everywhere and gitlab only from a specific IP — tomasz0124k, Nov 03 '21 at 08:37

How to configure port forwarding in gitlab?

1 Answers1