• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Jaranguda

Belajar Mengajar

  • Home
  • Sponsor/Jasa
  • Tentang

Menggunakan SSL di GitLab CE

Last Updated on 15 June 2015 By tommy Leave a Comment

Disini saya menggunakan Omnibus untuk menginstall GitLab CE (Community Edition). File konfigurasi nginx disimpan di /var/opt/gitlab/nginx
Buat folder baru tempat menyimpan file SSL

mkdir /var/opt/gitlab/nginx/ssl

Self Signed SSL

Pindah ke folder ssl lalu generate SSL dengan perintah

openssl req -sha256 -nodes -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 3560

Commercial SSL/SSL Berbayar

Bila menggunakan SSL berbayar, certificate dan key tinggal di copy paste ke file cert.pem dan key.pem.

Cara untuk menggunakan SSL berbayar maupun Self signed sama saja ;). Edit server block nginx /var/opt/gitlab/nginx/conf/gitlab-http.conf
tambahkan di baris paling bawah

server {
  ssl on;
  listen *:443;
  server_name git.fgg;
  ssl_certificate /var/opt/gitlab/nginx/ssl/cert.pem;
  ssl_certificate_key /var/opt/gitlab/nginx/ssl/key.pem;
  server_tokens off; ## Don't show the nginx version number, a security best practice
  root /opt/gitlab/embedded/service/gitlab-rails/public;
 
  ## Increase this if you want to upload large attachments
  ## Or if you want to accept large git objects over http
  client_max_body_size 250m;
 
 
  ## Individual nginx logs for this GitLab vhost
  access_log  /var/log/gitlab/nginx/gitlab_access.log;
  error_log   /var/log/gitlab/nginx/gitlab_error.log;
 
  location / {
    ## Serve static files from defined root folder.
    ## @gitlab is a named location for the upstream fallback, see below.
    try_files $uri $uri/index.html $uri.html @gitlab;
  }
 
  location /uploads/ {
    ## If you use HTTPS make sure you disable gzip compression
    ## to be safe against BREACH attack.
    gzip off;
 
    ## https://github.com/gitlabhq/gitlabhq/issues/694
    ## Some requests take more than 30 seconds.
    proxy_read_timeout      300;
    proxy_connect_timeout   300;
    proxy_redirect          off;
 
    proxy_set_header    Host                $http_host;
    proxy_set_header    X-Real-IP           $remote_addr;
    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto   $scheme;
    proxy_set_header    X-Frame-Options     SAMEORIGIN;
 
    proxy_pass http://gitlab;
  }
 
  ## If a file, which is not found in the root folder is requested,
  ## then the proxy passes the request to the upsteam (gitlab unicorn).
  location @gitlab {
    ## If you use HTTPS make sure you disable gzip compression
    ## to be safe against BREACH attack.
      ## https://github.com/gitlabhq/gitlabhq/issues/694
    ## Some requests take more than 30 seconds.
    proxy_read_timeout      300;
    proxy_connect_timeout   300;
    proxy_redirect          off;
 
    proxy_set_header    Host                $http_host;
    proxy_set_header    X-Real-IP           $remote_addr;
    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto   $scheme;
    proxy_set_header    X-Frame-Options     SAMEORIGIN;
 
    proxy_pass http://gitlab;
  }
 
  ## Enable gzip compression as per rails guide:
  ## http://guides.rubyonrails.org/asset_pipeline.html#gzip-compression
  ## WARNING: If you are using relative urls remove the block below
  ## See config/application.rb under "Relative url support" for the list of
  ## other files that need to be changed for relative url support
  location ~ ^/(assets)/ {
    root /opt/gitlab/embedded/service/gitlab-rails/public;
    gzip_static on; # to serve pre-gzipped version
    expires max;
    add_header Cache-Control public;
  }
  error_page 502 /502.html;
 
}

yang perlu di edit adalah bagian server_name dan letak file SSL anda.

Terakhir restart semua service gitlab

gitlab-ctl restart

Tulisan menarik lainnya

  • Force HTTPS to HTTP nginx

    Force (paksa) URL https ke http di nginx. Di blok ssl anda tambahkan seperti di…

  • Menginstall SSL Berbayar di Mikrotik

    Cara untuk menginstall SSL verified di Mikrotik caranya hampir sama dengan menginstall self signed SSL.…

  • Menggunakan https di Shoutcast

    Sekarang jamannya serba pake SSL (https), walaupun ngga jelas kebutuhannya kenapa harus pake SSL :P.…

  • Nginx SSL di Debian

    Untuk instalasi bisa dilihat di Instalasi nginx PHP MySQL (LEMP) di Debian 7. Disini kita…

Filed Under: Linux Tagged With: git, GitLab

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Pencarian

Tanya Jawab tentang DevOps SRE CPE, gabung di https://t.me/devopsindonesia

Terbaru

  • Cara Menonaktifkan Pager di macOS
  • Cara Mengupdate Nama Apple silicon-as-a-Service Scaleway
  • Cara Force Delete Namespace di Kubernetes
  • Install PHP MariaDB di Mac Monterey
  • MacOS Minta Install Git

Komentar

  • Ari on Cara Mematikan SSID Molecool Balifiber
  • kiki anarki on Mengambil Data dari Situs BPJS Ketenagakerjaan dengan PHP cURL
  • musgan on Password Router Huawei HG8245H5 Indihome
  • ghabily on Mengambil Informasi Router Alcatel Lucent G-241W-A dengan PHP
  • nea on Mencari urutan angka yang hilang di PHP

Tulisan Populer

  • Password Router Huawei HG8245H5 Indihome 1.1m views
  • Password Terbaru ZTE F609 Indihome 784k views
  • Password Superadmin Huawei HG8245A 314k views
  • Cara Setting Manual Modem GPON ZTE F609 Indihome 272.2k views
  • Cara Setting Wireless ZTE F609 Indihome 256k views
  • Mengaktifkan Port LAN di Huawei HG8245 Indihome 169k views
  • Akses UseeTV Indihome via Wireless ZTE F609 156.5k views
  • Kemana Menghilangnya Saldo BCA 50 ribu 150.1k views
  • Cara Reset Password ZTE F609 Indihome 147.2k views
  • Cara Setting DHCP Server Modem/Router ZTE F609 112.8k views

Kategori

  • Delphi
  • dll
  • Gambas
  • Internet
  • Java
  • Lazarus
  • Linux
  • PHP
  • Review
  • Teknologi

Sponsor

kadal.id
carakami.com
kuotabisa.com
Untuk jadi sponsor, hubungi kita lewat halaman sponsor
© 2021. Jaranguda
  • Linux
  • PHP
  • Internet
  • Teknologi
  • Delphi
  • Gambas
  • Java