带有 Apache 服务器而不是 Nginx 的 GitLab 7.2.1

Posted

技术标签:

【中文标题】带有 Apache 服务器而不是 Nginx 的 GitLab 7.2.1【英文标题】:GitLab 7.2.1 with Apache Server instead of Nginx 【发布时间】:2014-11-05 07:28:33 【问题描述】:

我已经在我拥有 root 访问权限的虚拟服务器上安装了 GitLab 7.2.1 和来自 GitLab.org 的 .deb 包,用于 Debian 7。 在这个虚拟服务器上,我已经安装了 Apache,版本 2.2.22,我不想在 GitLab 上使用 Ngnix。

现在我不知道 GitLab 的公共文件夹在哪里,也不知道我必须做什么,或者我需要注意什么。

所以我的问题是:我必须如何为 apache 配置我的虚拟主机,或者我还必须做什么才能在我的 apache 网络服务器上使用像“gitlab.example.com”这样的子域?

【问题讨论】:

【参考方案1】:

记住两件事:

    Unicorn 正在监听 8080(您可以通过 sudo netstat -pant | grep unicorn 进行检查) 您的文档根目录是/opt/gitlab/embedded/service/gitlab-rails/public

您可以使用以下配置在 apache 中为 gitlab 创建一个新的 vhost:

<VirtualHost *:80>
  ServerName gitlab.example.com
  ServerSignature Off

  ProxyPreserveHost On

  <Location />
    Order deny,allow
    Allow from all

    ProxyPassReverse http://127.0.0.1:8080
    ProxyPassReverse http://gitlab.example.com/
  </Location>

  RewriteEngine on
  RewriteCond %DOCUMENT_ROOT/%REQUEST_FILENAME !-f
  RewriteRule .* http://127.0.0.1:8080%REQUEST_URI [P,QSA]

  # needed for downloading attachments
  DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public

</VirtualHost>

【讨论】:

您可能还需要 sudo a2enmod proxy_http 如果您收到诸如“您无权访问此服务器上的 /assets/logo-white-0b53cd4ea06811d79b3acd486384e047.png 的权限”之类的权限错误。那么您需要在 中“要求所有已授予” 我的独角兽进程名称是config.ru,所以我使用netstat -pant | grep 8080 如何让gitlab-ce不启动nginx?我升级了 gitlab,它用 nginx 劫持了 80 端口,阻止了我现有的 Apache 实例启动。 gitlab 真的不想与现有服务共享服务器。 @arclight 我知道这是事后的事,但我被困在同一件事上一天。您必须在 gitlab 设置中禁用它, gitlab.rb 我试了几次,但找到 nginx['enable'] 行并将其设置为 false 并删除前导标签。【参考方案2】:

我关注了这篇文章http://eserdeniz.fr/articles/view/4/installer-gitlab-sous-debian-7-avec-nginx-et-mysql,它确实有效,但我需要 apache 而不是 nginx。

在使用 gitlab-ce 7.9.0.rc3 配置 apache2 遇到很多麻烦之后,我查看了 apache 文档,关于 ProxyPass 和 ProxyPassReverse 指令。

我用这个虚拟主机解决了我的问题:

    <VirtualHost *:80>
            ServerName gitlab.me

            # those options below are recommanded by apache, dealing with the simple Proxy we need for gitlab
            ProxyRequests Off
            ProxyPreserveHost On
            AllowEncodedSlashes NoDecode

            # here we don't want to proxify the requests for the existing assets in gitlab's public directory
            ProxyPassMatch ^(/[^/]+\.(html|png|ico|css|txt))$ !
            ProxyPass /assets !

            # here we "redirect" the requests for http://gitlab.me/ to http://127.0.0.1:8080/
            ProxyPass / http://127.0.0.1:8080/

            # here we "rewrite" the redirections form unicorn for http://127.0.0.1:8080/ into http://gitlab.me/
            ProxyPassReverse / http://127.0.0.1:8080/

            # And of course the DocumentRoot to handle the assets requests
            DocumentRoot /home/git/gitlab/public/

            # In the last versions of apache, there is a deny,allow default order so we put those two sections to prevent 'client denied by server configuration' 403 error

            <Directory /home/git/gitlab/public/>
                    # apache 2.2
                    Order allow,deny
                    Allow from all

                    # apache 2.4
                    Require all granted
            </Directory>

            <Location />
                    # apache 2.2
                    Order allow,deny
                    Allow from all

                    # apache 2.4
                    Require all granted
            </Location>
    </VirtualHost>

现在火爆了!!

希望这会有所帮助!

【讨论】:

【参考方案3】:

Debian GNU/Linux 8.4 (jessie) 和 Omnibus 8.5.0 (apt-get) 版本上:

GitLab 配置

# cat /etc/gitlab/gitlab.rb | grep -v '^$\|^\s*\#'
external_url 'http://gitlab.example.fr'
gitlab_workhorse['enable'] = true
gitlab_workhorse['listen_network'] = "tcp"
gitlab_workhorse['listen_addr'] = "127.0.0.1:8181"
web_server['external_users'] = ['www-data']
nginx['enable'] = false

Apache2 配置

# cat /etc/apache2/sites-enabled/gitlab.conf  | grep -v '^$\|^\s*\#'
<VirtualHost *:80>
  ServerName gitlab.example.fr
  ServerSignature Off
  ProxyPreserveHost On
  AllowEncodedSlashes NoDecode
  <Location />
    Require all granted
    ProxyPassReverse http://127.0.0.1:8181
    ProxyPassReverse http://gitlab.example.fr/
  </Location>
  RewriteEngine on
  RewriteCond %REQUEST_URI ^/api/v3/.*
  RewriteRule .* http://127.0.0.1:8181%REQUEST_URI [P,QSA,NE]
  RewriteCond %DOCUMENT_ROOT/%REQUEST_FILENAME !-f [OR]
  RewriteCond %REQUEST_URI ^/uploads/.*
  RewriteRule .* http://127.0.0.1:8181%REQUEST_URI [P,QSA]
  DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public
  ErrorDocument 404 /404.html
  ErrorDocument 422 /422.html
  ErrorDocument 500 /500.html
  ErrorDocument 503 /deploy.html
  LogFormat "%X-Forwarded-Fori %l %u %t \"%r\" %>s %b" common_forwarded
  ErrorLog  /var/log/apache2/gitlab_error.log
  CustomLog /var/log/apache2/gitlab_forwarded.log common_forwarded
  CustomLog /var/log/apache2/gitlab_access.log combined env=!dontlog
  CustomLog /var/log/apache2/gitlab.log combined
</VirtualHost>

网络统计输出

# netstat -pant
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:5432          0.0.0.0:*               LISTEN      11849/postgres
tcp        0      0 127.0.0.1:8080          0.0.0.0:*               LISTEN      23736/config.ru
tcp        0      0 127.0.0.1:8181          0.0.0.0:*               LISTEN      26061/gitlab-workho

来源

https://gitlab.com/gitlab-org/gitlab-recipes/blob/master/web-server/apache/gitlab-omnibus-apache24.conf

http://doc.gitlab.com/omnibus/settings/nginx.html#using-a-non-bundled-web-server

【讨论】:

【参考方案4】:

如果您有 HTTP git 访问问题,请查看以下配置:

# cat /etc/gitlab/gitlab.rb | grep -v '^$\|^\s*\#'
external_url 'http://gitlab.example.fr'
web_server['external_users'] = ['www-data']
nginx['enable'] = false
ci_nginx['enable'] = false
gitlab_git_http_server['listen_network'] = "tcp"
gitlab_git_http_server['listen_addr'] = "localhost:8282"

和apache2的配置:

# cat /etc/apache2/sites-enabled/gitlab
<VirtualHost *:80>
        ServerName gitlab.example.fr
        ProxyRequests Off
        ServerSignature Off
        ProxyPreserveHost On
        AllowEncodedSlashes NoDecode
        ProxyPassMatch ^(/[^/]+\.(html|png|ico|css|txt))$ !
        ProxyPass /assets !
        ProxyPass / http://127.0.0.1:8080/
        ProxyPassReverse / http://127.0.0.1:8080/
        RewriteEngine on
        RewriteCond %DOCUMENT_ROOT/%REQUEST_FILENAME !-f
        RewriteRule /[-\/\w\.]+\.git\/ http://127.0.0.1:8282%REQUEST_URI [P,QSA,L]
        DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public
            <Directory /opt/gitlab/embedded/service/gitlab-rails/public/>
                    Order allow,deny
                    Allow from all
            </Directory>
            <Location />
                    Order allow,deny
                    Allow from all
            </Location>
</VirtualHost>

应用更改:

# gitlab-ctl reconfigure
# service apache2 reload

来自https://gitlab.com/gitlab-org/gitlab-ce/issues/2669#note_2176671

【讨论】:

【参考方案5】:

对于最近使用 GitLab 10.X.X 的旅行者,请查看this repo。您可以在此处找到 Apache2 配置文件以及说明,以使 GitLab 仅在禁用 Apache2 和 NGINX 的情况下运行。

【讨论】:

【参考方案6】:

从源安装。 gitlab 7.4.5

Unicorn 正在监听 9095。Apache 是 2.2.9,我没有使用 https。

System information
System:         CentOS 6.7
Current User:   git
Using RVM:      no
Ruby Version:   2.1.2p95
Gem Version:    2.2.2
Bundler Version:1.11.2
Rake Version:   10.3.2
Sidekiq Version:2.17.0

GitLab information
Version:        7.4.5
Revision:       19d572e
Directory:      /home/git/gitlab
DB Adapter:     mysql2
URL:            http://gitlab.example.com
HTTP Clone URL: http://gitlab.example.com/some-project.git
SSH Clone URL:  git@gitlab.example.com:some-project.git
Using LDAP:     no
Using Omniauth: no

GitLab Shell
Version:        2.0.1
Repositories:   /home/git/repositories/
Hooks:          /home/git/gitlab-shell/hooks/
Git:            /usr/bin/git

修改 apache 2.2 的 configuration file 对我有用。

gitlab 6.0 的另一个旧配置文件是 here,它也适用于我。

#This configuration has been tested on GitLab 8.0.0
#Note this config assumes unicorn is listening on default port 8080 and gitlab-git-http-server is listening on port 8181.
#To allow gitlab-git-http-server to listen on port 8181, edit or create /etc/default/gitlab and change or add the following:
#gitlab_git_http_server_options="-listenUmask 0 -listenNetwork tcp -listenAddr localhost:8181 -authBackend http://127.0.0.1:8080"

#Module dependencies
#  mod_rewrite
#  mod_proxy
#  mod_proxy_http
# HTTP Configuration
<VirtualHost *:80>
  ServerName gitlab.example.com
  ServerSignature Off

  ProxyPreserveHost On

  # Ensure that encoded slashes are not decoded but left in their encoded state.
  # http://doc.gitlab.com/ce/api/projects.html#get-single-project
  AllowEncodedSlashes NoDecode

    # Ensure that encoded slashes are not decoded but left in their encoded state.
    # http://doc.gitlab.com/ce/api/projects.html#get-single-project
    #AllowEncodedSlashes NoDecode
    <Location />
        #Require all granted
        Order deny,allow
        Allow from all

        #Allow forwarding to gitlab-git-http-server
        #ProxyPassReverse http://127.0.0.1:8181
        #Allow forwarding to GitLab Rails app (Unicorn)
        ProxyPassReverse http://127.0.0.1:9095
        ProxyPassReverse http://gitlab.example.com/
    </Location>

  #apache equivalent of nginx try files
  # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
  # http://***.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
  RewriteEngine on
  #Forward these requests to gitlab-git-http-server
  #Forward these requests to gitlab-git-http-server
  #RewriteCond %REQUEST_URI ^/[\w\.-]+/[\w\.-]+/repository/archive.* [OR]
  #RewriteCond %REQUEST_URI ^/api/v3/projects/.*/repository/archive.* [OR]
  #RewriteCond %REQUEST_URI ^/[\w\.-]+/[\w\.-]+/(info/refs|git-upload-pack|git-receive-pack)$
  #RewriteRule .* http://127.0.0.1:8181%REQUEST_URI [P,QSA]

  #Forward any other requests to GitLab Rails app (Unicorn)
  RewriteCond %DOCUMENT_ROOT/%REQUEST_FILENAME !-f [OR]
  RewriteCond %REQUEST_URI ^/uploads
  RewriteRule .* http://127.0.0.1:9095%REQUEST_URI [P,QSA,NE]

  # needed for downloading attachments
  DocumentRoot /home/git/gitlab/public

  #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
  ErrorDocument 404 /404.html
  ErrorDocument 422 /422.html
  ErrorDocument 500 /500.html
  ErrorDocument 503 /deploy.html

  LogFormat "%X-Forwarded-Fori %l %u %t \"%r\" %>s %b" common_forwarded
  ErrorLog  logs/gitlab.example.com_error.log
  CustomLog logs/gitlab.example.com_forwarded.log common_forwarded
  CustomLog logs/gitlab.example.com_access.log combined env=!dontlog
  CustomLog logs/gitlab.example.com.log combined

</VirtualHost>

希望对使用旧版 gitlab 从源代码安装的人有用。

【讨论】:

感谢您提供最有用的链接。这帮助我使用 apache 重写规则以正确代理独​​角兽和主力。【参考方案7】:

我只花了半天时间弄清楚为什么 gitlab 给我错误 422 并在 gitlab-rails production.log 的日志中抱怨 CSRF 令牌。

事实证明我必须将它添加到 apache 配置中:

RequestHeader set X-Forwarded-Ssl on

在我的例子中,gitlab 是从 deb 包安装的,而 Apache 在 HTTPS 上运行。

【讨论】:

【参考方案8】:

使用@pincoded 的答案,我能够启动并运行 GitLab,但是在推送更改时,我总是收到 500 错误。

然后我在@themadmax 的回答中使用了 GitLab 提供的 apache 官方配置。这里的问题是服务器永远无法访问,并且在一段时间后它产生了 502 错误。

我的解决方案: 使用 GitLab 的 the official solution(请注意,如果您仅运行 GitLab SSL,请记住在此链接中选择 SSL 配置)但是在 this forum entry 之后我不得不再次打开 nginx。

所以最后我的配置看起来像这样:

虚拟主机:

<VirtualHost *:80>
  ServerName YOUR_SERVER_FQDN
  ServerSignature Off

  ProxyPreserveHost On

  # Ensure that encoded slashes are not decoded but left in their encoded state.
  # http://doc.gitlab.com/ce/api/projects.html#get-single-project
  AllowEncodedSlashes NoDecode

  <Location />
    # New authorization commands for apache 2.4 and up
    # http://httpd.apache.org/docs/2.4/upgrading.html#access
    Require all granted

    #Allow forwarding to gitlab-workhorse
    ProxyPassReverse http://127.0.0.1:8181
    ProxyPassReverse http://YOUR_SERVER_FQDN/
  </Location>

  # Apache equivalent of nginx try files
  # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
  # http://***.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
  RewriteEngine on

  #Forward all requests to gitlab-workhorse except existing files like error documents
  RewriteCond %DOCUMENT_ROOT/%REQUEST_FILENAME !-f [OR]
  RewriteCond %REQUEST_URI ^/uploads/.*
  RewriteRule .* http://127.0.0.1:8181%REQUEST_URI [P,QSA,NE]

  # needed for downloading attachments
  DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public

  #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
  ErrorDocument 404 /404.html
  ErrorDocument 422 /422.html
  ErrorDocument 500 /500.html
  ErrorDocument 502 /502.html
  ErrorDocument 503 /503.html

</VirtualHost>

gitlab.ru:

# nginx['enable'] = false # this defaults to true
gitlab_workhorse['enable'] = true
gitlab_workhorse['listen_network'] = "tcp"
gitlab_workhorse['listen_addr'] = "127.0.0.1:8181"

【讨论】:

以上是关于带有 Apache 服务器而不是 Nginx 的 GitLab 7.2.1的主要内容,如果未能解决你的问题,请参考以下文章

在带有协议升级的 nginx 反向代理后面运行 daphne 总是路由到 http 而不是 websocket

如何将简单的 Spring Boot(带有 Gradle 构建系统)部署到 Apache Tomcat(真实服务器,而不是嵌入服务器)?

你知道使用 Apache 而不是 Nginx 的任何理由吗? [关闭]

我为什么推荐大家使用 Nginx 而不是 Apache?

双节点(nginx+keepalived)为两台apache服务器提供负载均衡

来自用户而不是 Nginx 反向代理服务器的 REMOTE_ADDR IP