Personal Gitlab on a home bare metal trough Reverse proxy

If you don’t want all your repositories on GitHub or other project hosting platform, you can choose Gitlab.I guess you already know what GitLab is.Yeah very similar to the Gitlab platform and the best thing is that hosting is on your server, you can have private/internal/public repositories. You have some kind of open source security software that you can be used for nefarious uses, you want to make the source public but some big companies consider that this kind of code is not “open source”.Simple use your server and do what you want. I’ll show my configuration for a GitLab, I use SSL for the proxy that accesses a local server on non-SSL. Also, I use an external mail server with a custom domain hosted on Zoho.

Let’s go into Gitlab.rb

Ok, I should say that the server auto updates Gitlab for every new version. I didn’t have a problem with my auto updates yet, but I mention that just for the fact that this configuration runs on Gitlab 8.12.4.

First, we find the external_url directive and we change to something like:

 external_url 'https://gitlab.flashsoft.ro'

And then search the directives for the internal Nginx Gitlab server. You should change the fallowing directives with appropriate values, you can ignore the rest.

nginx['redirect_http_to_https'] = false
nginx['listen_addresses'] = ['10.0.1.145']
nginx['listen_port'] = 80 # override only if you use a reverse proxy: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md#setting-the-nginx-listen-port
nginx['listen_https'] = false # override only if your reverse proxy internally communicates over HTTP: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md#supporting-proxied-ssl

After you set those settings if you have an external mail server here are my Zoho settings:

gitlab_rails['smtp_enable'] = true
gitlab_rails['smtp_address'] = "smtp.zoho.com"
gitlab_rails['smtp_port'] = 587 
gitlab_rails['smtp_user_name'] = "gitlab@flashsoft.ro"
gitlab_rails['smtp_password'] = "yourPasswordHere"
gitlab_rails['smtp_domain'] = "gitlab.flashsoft.ro"
gitlab_rails['smtp_authentication'] = "login"
gitlab_rails['smtp_enable_starttls_auto'] = true
gitlab_rails['smtp_tls'] = false 

Setting up the reverse proxy (Nginx)

For the reverse HTTP proxy, I guess you can use both Apache or Nginx or any other software that supports reverse HTTP proxy.Here is my config for this Gitlab instance:

server {
listen 80;
server_name gitlab.flashsoft.ro;

return 301 https://$server_name$request_uri;

}

# HTTPS server
#
server {
listen 443;
server_name gitlab.flashsoft.ro;

ssl on;
#ssl_certificate /etc/letsencrypt/live/flashsoft.ro/fullchain.pem;
#ssl_certificate_key /etc/letsencrypt/live/flashsoft.ro/privkey.pem;
ssl_certificate /etc/nginx/ssl/flashsoft.ro.cert.pem;
ssl_certificate_key /etc/nginx/ssl/flashsoft.ro.pkey.pem;

ssl_session_timeout 5m;

ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;

location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

proxy_pass http://10.0.1.145;
}
}

Share the joy

Leave a Reply