-
-
Save IssacTran/abc5aa7c1205fa341d0e85ee0d5f4112 to your computer and use it in GitHub Desktop.
Nginx reverse proxy configuration for GitLab
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| upstream gitlab { | |
| server 172.17.42.1:10080 fail_timeout=0; | |
| } | |
| # let gitlab deal with the redirection | |
| server { | |
| listen 80; | |
| server_name git.example.com; | |
| server_tokens off; | |
| root /dev/null; | |
| # Increase this if you want to upload larger attachments | |
| client_max_body_size 20m; | |
| # individual nginx logs for this vhost | |
| access_log /var/log/nginx/gitlab_access.log; | |
| error_log /var/log/nginx/gitlab_error.log; | |
| location / { | |
| proxy_read_timeout 300; | |
| proxy_connect_timeout 300; | |
| proxy_redirect off; | |
| proxy_set_header X-Forwarded-Proto $scheme; | |
| proxy_set_header Host $http_host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Frame-Options SAMEORIGIN; | |
| proxy_pass http://gitlab; | |
| } | |
| } | |
| server { | |
| listen 443 ssl spdy; | |
| server_name git.example.com; | |
| server_tokens off; | |
| root /dev/null; | |
| ## Increase this if you want to upload larger attachments | |
| client_max_body_size 20m; | |
| ## SSL | |
| ssl on; | |
| ## Individual nginx logs for this vhost | |
| access_log /var/log/nginx/gitlab_ssl_access.log; | |
| error_log /var/log/nginx/gitlab_ssl_error.log; | |
| location / { | |
| ## If you use https make sure you disable gzip compression | |
| ## to be safe against BREACH attack. | |
| gzip off; | |
| proxy_read_timeout 300; | |
| proxy_connect_timeout 300; | |
| proxy_redirect off; | |
| proxy_set_header Host $http_host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forwarded-Proto https; | |
| proxy_set_header X-Frame-Options SAMEORIGIN; | |
| proxy_pass http://gitlab; | |
| } | |
| } |
Author
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The easiest way is to disable the SSL CERT verification:
git config --global http.sslVerify false
This will prevent CURL to verity the HTTPS certification.
For one repository only:
git config http.sslVerify false
Note: disabling SSL verification has security implications. It allows Man in the Middle attacks when you use Git to transfer data over a network. Be sure you fully understand the security implications before using this as a solution.