Support proxied SSL (!319) · Merge requests · GitLab.org / omnibus-gitlab

Stan Hu requested to merge stanhu/omnibus-gitlab:nginx-support-ssl-reverse-proxy into master Apr 11, 2015

This MR makes it possible to proxy SSL by disabling HTTPS on the GitLab nginx server.

This is used to support the use case where a reverse proxy handles all the HTTPS interaction with the user but the GitLab nginx process communicates over HTTP with the reverse proxy:

User <-> HTTPS (reverse proxy) on https://mydomain.com <-> GitLab nginx server on http://localhost:8080

Tested by configuring a GitLab Docker image with the options:

external_url 'https://mydomain.com'
nginx['listen_port'] = 8080
nginx['listen_https'] = false

The nginx reverse proxy settings:

location / {
        proxy_pass http://localhost:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Ssl on;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

See #489 (closed)

Admin message

Admin message

Support proxied SSL

Merge request reports