我在 CentOS6.5 服务器上使用 GitLab Omnibus。
gitlab nginx 服务器监听 6543 端口(Apache 已使用 80 和 443)。
我想使用 Apache 作为反向代理来访问 GitLab,地址是:gitlab.example.com,而不是 example.com:6543
因此我添加了一个 Apache 虚拟主机,配置如下:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin [email protected]
ServerName gitlab.example.com
ServerSignature Off
CustomLog /var/log/httpd/gitlab_access.log combined
ErrorLog /var/log/httpd/gitlab_error.log
ErrorLog syslog:local2
<IfModule mod_proxy.c>
ProxyVia On
ProxyRequests Off
ProxyPass / https://example.com:6543/
ProxyPassReverse / https://example.com:6543/
ProxyPreserveHost Off
<Proxy *>
Options FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Proxy>
</IfModule>
# SSL Config
SSLCertificateFile /etc/ssl/example.com/default.crt
SSLCertificateKeyFile /etc/ssl/example.com/default.key
SSLEngine on
SSLProtocol all -SSLv2
SSLHonorCipherOrder on
SSLCipherSuite ALL:!aNULL:!eNULL:!LOW:!EXP:!RC4:!3DES:+HIGH:+MEDIUM
Header set Strict-Transport-Security "max-age=2678400"
</VirtualHost>
</IfModule>
<VirtualHost *:80>
ServerName gitlab.example.com
Redirect / https://gitlab.example.com:443
</VirtualHost>
因此 gitlab 和 apache 正在运行,但是当尝试通过代理服务器访问 gitlab 时,失败并输出 500 错误。
我怎样才能让它工作?
答案1
我主要看到与我的工作设置有以下差异:
我有
# It's all internal connections, so we can dump all certificate checking
# between Apache and Gitlab:
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
# Also configure your Gitlab to assume its name is gitlab.example.com with:
# external_url 'https://gitlab.example.com'
# in your gitlab.rb
ProxyPreserveHost On
# There's no need to give a name, the IP address should be sufficient:
ProxyPass / https://0.0.0.0:4000/
ProxyPassReverse / https://0.0.0.0:4000/