Minimalist by design

A gotcha for proxied SSL with gitlab


This is more of a self note, but I think it might prove useful to someone else (even my future self).

The conventional way of configuring gitlab to be behind an ssl-proxy is to have the external_url option with an https url and the nginx['listen_https'] option set to false. However, gitlab’s nginx will still listen on the 443 port. Don’t forget to redirect to the right port…

It might take you some time and lengthy debugging to find out…

Et voilà !

Edit It seems that when doing that, forms don’t work anymore due to the CSRF token being tied to HTTP/HTTPS protocol, and the switch disorient it. I’ve forced the X-Forwarded-Proto line to https in the embedded nginx configuration, but its a ugly hack that need to be redone by hand in the docker container each reboot. Irk.