Last active
December 18, 2015 14:58
-
-
Save atomaka/5800691 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # GITLAB | |
| # Maintainer: @randx | |
| # App Version: 5.0 | |
| upstream gitlab { | |
| server unix:/home/git/gitlab/tmp/sockets/gitlab.socket; | |
| } | |
| server { | |
| listen 80; # e.g., listen 192.168.1.1:80; | |
| server_name gitlab.localdomain.local; # e.g., server_name source.example.com; | |
| server_tokens off; | |
| root /home/git/gitlab/public; | |
| # individual nginx logs for this gitlab vhost | |
| access_log /var/log/nginx/gitlab_access.log; | |
| error_log /var/log/nginx/gitlab_error.log; | |
| location / { | |
| # serve static files from defined root folder;. | |
| # @gitlab is a named location for the upstream fallback, see below | |
| try_files $uri $uri/index.html $uri.html @gitlab; | |
| } | |
| # if a file, which is not found in the root folder is requested, | |
| # then the proxy pass the request to the upsteam (gitlab puma) | |
| location @gitlab { | |
| proxy_read_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694 | |
| proxy_connect_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694 | |
| proxy_redirect off; | |
| proxy_set_header X-Forwarded-Proto $scheme; | |
| proxy_pass http://gitlab; | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # GITLAB | |
| # Maintainer: @randx | |
| # App Version: 5.0 | |
| upstream gitlab { | |
| server unix:/home/git/gitlab/tmp/sockets/gitlab.socket; | |
| #server unix:/var/lib/gitlab/gitlab.socket; | |
| } | |
| server { | |
| listen 80 default_server; | |
| server_name gitlab.msu.edu; | |
| return 301 https://$server_name$request_uri; | |
| } | |
| server { | |
| listen 443; # e.g., listen 192.168.1.1:80; | |
| server_name gitlab.msu.edu; # e.g., server_name source.example.com; | |
| server_tokens off; | |
| root /home/git/gitlab/public; | |
| ssl on; | |
| ssl_certificate /etc/ssl/certs/gitlab_msu_edu_chained.cer; | |
| ssl_certificate_key /etc/ssl/private/gitlab_msu_edu.key; | |
| ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; | |
| ssl_ciphers AES:HIGH:!ADH:!MDF; | |
| ssl_prefer_server_ciphers on; | |
| # individual nginx logs for this gitlab vhost | |
| access_log /var/log/nginx/gitlab_access.log; | |
| error_log /var/log/nginx/gitlab_error.log; | |
| location / { | |
| # serve static files from defined root folder;. | |
| # @gitlab is a named location for the upstream fallback, see below | |
| try_files $uri $uri/index.html $uri.html @gitlab; | |
| } | |
| # if a file, which is not found in the root folder is requested, | |
| # then the proxy pass the request to the upsteam (gitlab puma) | |
| location @gitlab { | |
| proxy_read_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694 | |
| proxy_connect_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694 | |
| proxy_redirect off; | |
| proxy_set_header X-Forwarded-Proto $scheme; | |
| proxy_set_header X-Forwarded-Ssl on; | |
| proxy_set_header Host $http_host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_pass http://gitlab; | |
| } | |
| } |
Line 29 in the gitlab.conf-ssl has a typo for protocols
Line 29 protocols aren't correct, there is no TLSv2, these should be:
SSLv3 TLSv1 TLSv1.1 TLSv1.2;
Per nginx docs http://nginx.org/en/docs/http/configuring_https_servers.html
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Line 28 in the gitlab.conf-ssl should be /etc/ssl/private/ per Ubuntu docs https://help.ubuntu.com/12.04/serverguide/certificates-and-security.html