nginx - 具有非捆绑 Nginx 的 GitLab 返回 502 不响应
问题描述
我正在尝试在 Debian 10 上安装 GitLab Omnibus。Nginx 已经在此服务器上提供网站服务,因此我需要禁用 gitlab 捆绑的 Nginx 实例。
我已按照记录的步骤禁用 Nginx 和 puma,但每当我尝试从其子域访问它时,我都会被重定向到主域并返回 502“哎呀,GitLab 响应时间过长。”
我在这个问题上花了两天时间,搜索任何相关问题但没有找到相关的解决方案。
这是我的差异配置:
external_url 'https://git.domain.com'
puma['enable'] = false
web_server['external_users'] = ['www-data']
nginx['enable'] = false
nginx['redirect_http_to_https'] = true
nginx['redirect_http_to_https_port'] = 443
alertmanager['flags'] = {
'cluster.advertise-address' => "127.0.0.1:9093"
}
alertmanager conf 已被修改,因为没有此修改它无法运行
当我运行 gitlab-ctl status 时,一切似乎都很好:
run: alertmanager: (pid 11318) 13175s; run: log: (pid 18017) 148461s
run: crond: (pid 9970) 13261s; run: log: (pid 16679) 96331s
run: gitaly: (pid 9979) 13260s; run: log: (pid 17341) 148669s
run: gitlab-exporter: (pid 10033) 13258s; run: log: (pid 17929) 148479s
run: gitlab-workhorse: (pid 10044) 13257s; run: log: (pid 17741) 148517s
run: grafana: (pid 10054) 13257s; run: log: (pid 19406) 148356s
run: logrotate: (pid 3922) 2456s; run: log: (pid 17815) 148500s
run: node-exporter: (pid 10092) 13256s; run: log: (pid 17910) 148485s
run: postgres-exporter: (pid 10099) 13256s; run: log: (pid 18134) 148453s
run: postgresql: (pid 10121) 13255s; run: log: (pid 17480) 148656s
run: prometheus: (pid 10134) 13255s; run: log: (pid 17988) 148467s
run: redis: (pid 10146) 13254s; run: log: (pid 17291) 148678s
run: redis-exporter: (pid 10159) 13254s; run: log: (pid 17960) 148473s
run: sidekiq: (pid 10555) 13215s; run: log: (pid 17701) 148524s
这是我的 Nginx 配置,大部分是从官方存储库复制的(日志路径、证书和域已修改):
upstream gitlab-workhorse {
server unix:/var/opt/gitlab/gitlab-workhorse/sockets/socket fail_timeout=0;
}
server {
listen 0.0.0.0:80;
listen [::]:80 ipv6only=on;# default_server;
server_name git.domain.com;
server_tokens off;
return 301 https://$http_host$request_uri;
access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;
}
server {
listen 0.0.0.0:443 ssl;
listen [::]:443 ipv6only=on ssl;
server_name git.domain.com;
server_tokens off;
return 301 https://$http_host$request_uri;
access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;
}
server {
listen 0.0.0.0:443 ssl;
listen [::]:443 ipv6only=on ssl;
server_name git.domain.com;
server_tokens off;
root /opt/gitlab/embedded/service/gitlab-rails/public;
ssl on;
ssl_certificate /etc/gitlab/ssl/git.domain.com.crt;
ssl_certificate_key /etc/gitlab/ssl/git.domain.com.key;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:$
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;
location / {
client_max_body_size 0;
gzip off;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://gitlab-workhorse;
}
}
解决方案
推荐阅读
- c++ - 如何将字符串文字转换为同名变量的值?
- google-sheets - 使用条件格式根据特定文本为整个单元格着色
- ios - iOS 14 - 需要以编程方式隐藏新的日期选择器小部件
- java - 将 sql 时间戳转换为 java OffsetDateTime
- ios - 单击 IOS“更新联系人”(文本中的姓名和照片)会破坏激进的只读客户端连接
- c - 模拟连续文件分配
- javascript - 微捕捉到锚点
- java - 从 Mono 中收集 int 值
使用 WebFlux 的对象 - javascript - 运行在 Promise.then() 中定义的函数
- java - 使用 Jackson 将多个 json 键反序列化到一个字段