Gitlab: Difference between revisions
imported>Onny mNo edit summary |
imported>Onny Add troubleshooting section for running behind reverse proxy |
||
| Line 31: | Line 31: | ||
systemd.services.gitlab-backup.environment.BACKUP = "dump"; | systemd.services.gitlab-backup.environment.BACKUP = "dump"; | ||
</syntaxHighlight> | |||
== Troubleshooting == | |||
=== Error 422 The change you requested was rejected on login ==== | |||
There might be different reasons for this error to show up after a failing login. One possible issue could be that your Gitlab instance is configured to be served with SSL encryption but running unencrypted behind a reverse proxy | |||
<syntaxHighlight lang="nix"> | |||
services.gitlab = { | |||
enable = true; | |||
port = 443; | |||
https = true; | |||
[...] | |||
</syntaxHighlight> | |||
To solve this, add following http headers to your upstream reverse proxy. In this example for the web server [[Caddy]] but it can be set for others too | |||
<syntaxHighlight lang="nix"> | |||
caddy = { | |||
enable = true; | |||
virtualHosts = { | |||
"git.example.org".extraConfig = '' | |||
reverse_proxy http://10.100.0.3 { | |||
header_up X-Forwarded-Proto https | |||
header_up X-Forwarded-Ssl on | |||
} | |||
''; | |||
}; | |||
}; | |||
</syntaxHighlight> | </syntaxHighlight> | ||
[[Category:Services]] | [[Category:Services]] | ||
[[Category:Web Applications]] | [[Category:Web Applications]] | ||
Revision as of 20:45, 24 November 2022
The GitLab web application offers git repository management, code reviews, issue tracking, activity feeds and wikis.
Installation
A minimal local installation of Gitlab might look like this
services.gitlab = {
enable = true;
databasePasswordFile = pkgs.writeText "dbPassword" "test123";
initialRootPasswordFile = pkgs.writeText "rootPassword" "test123";
secrets = {
secretFile = pkgs.writeText "secret" "Aig5zaic";
otpFile = pkgs.writeText "otpsecret" "Riew9mue";
dbFile = pkgs.writeText "dbsecret" "we2quaeZ";
jwsFile = pkgs.runCommand "oidcKeyBase" {} "${pkgs.openssl}/bin/openssl genrsa 2048 > $out";
};
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts = {
localhost = {
locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
};
};
};
services.openssh.enable = true;
systemd.services.gitlab-backup.environment.BACKUP = "dump";
Troubleshooting
Error 422 The change you requested was rejected on login =
There might be different reasons for this error to show up after a failing login. One possible issue could be that your Gitlab instance is configured to be served with SSL encryption but running unencrypted behind a reverse proxy
services.gitlab = {
enable = true;
port = 443;
https = true;
[...]
To solve this, add following http headers to your upstream reverse proxy. In this example for the web server Caddy but it can be set for others too
caddy = {
enable = true;
virtualHosts = {
"git.example.org".extraConfig = ''
reverse_proxy http://10.100.0.3 {
header_up X-Forwarded-Proto https
header_up X-Forwarded-Ssl on
}
'';
};
};