Apache 作为 GitLab Omnibus 的反向代理

Apache 作为 GitLab Omnibus 的反向代理

我在 CentOS6.5 服务器上使用 GitLab Omnibus。

gitlab nginx 服务器监听 6543 端口(Apache 已使用 80 和 443)。

我想使用 Apache 作为反向代理来访问 GitLab,地址是:gitlab.example.com,而不是 example.com:6543

因此我添加了一个 Apache 虚拟主机,配置如下:

<IfModule mod_ssl.c>
    <VirtualHost *:443>
        ServerAdmin [email protected]
        ServerName gitlab.example.com
        ServerSignature Off
        CustomLog /var/log/httpd/gitlab_access.log combined
        ErrorLog /var/log/httpd/gitlab_error.log
        ErrorLog syslog:local2

        <IfModule mod_proxy.c>
            ProxyVia On
            ProxyRequests Off
            ProxyPass / https://example.com:6543/
            ProxyPassReverse / https://example.com:6543/
            ProxyPreserveHost Off
            <Proxy *>
                Options FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
            </Proxy>
        </IfModule>

        # SSL Config
        SSLCertificateFile /etc/ssl/example.com/default.crt
        SSLCertificateKeyFile /etc/ssl/example.com/default.key

        SSLEngine on
        SSLProtocol all -SSLv2
        SSLHonorCipherOrder on
        SSLCipherSuite ALL:!aNULL:!eNULL:!LOW:!EXP:!RC4:!3DES:+HIGH:+MEDIUM
        Header set Strict-Transport-Security "max-age=2678400"
    </VirtualHost>
</IfModule>

<VirtualHost *:80>
        ServerName gitlab.example.com
        Redirect / https://gitlab.example.com:443
</VirtualHost>

因此 gitlab 和 apache 正在运行,但是当尝试通过代理服务器访问 gitlab 时,失败并输出 500 错误。

我怎样才能让它工作?

答案1

我主要看到与我的工作设置有以下差异:

我有

# It's all internal connections, so we can dump all certificate checking
# between Apache and Gitlab:
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off

# Also configure your Gitlab to assume its name is gitlab.example.com with:
# external_url 'https://gitlab.example.com'
# in your gitlab.rb
ProxyPreserveHost On

# There's no need to give a name, the IP address should be sufficient:
ProxyPass        / https://0.0.0.0:4000/
ProxyPassReverse / https://0.0.0.0:4000/

相关内容