Hello everyone,
I've set up a GitLab instance running behind an Apache HTTP-Server acting a
proxy. GitLab officially only supports NGINX as a proxy, but since my Apache
also serves different VirtualHosts, I'd rather keep the setup I have instead
of setting up another WebServer.
According to [1], and [2] I have configured my virtual host's proxy as
following:
ProxyAddHeaders On
RequestHeader add X-Forwarded-Ssl on
RequestHeader set X-Forwarded-Proto "https"
ProxyPass unix:///opt/gitlab/gitlab/tmp/sockets/gitlab-workhorse.socket|
http://127.0.0.1/
ProxyPassReverse unix:///opt/gitlab/gitlab/tmp/sockets/gitlab-
workhorse.socket|http://127.0.0.1/
So far, this is just working fine. GitLab also uses Web-Sockets, that need to
be forwarded, too. Right now using this configuration, GitLabs log show the
following, when trying to make a Web-Socket:
Started GET "/-/cable" for $REMOTE_IP at 2022-12-22 14:35:51 +0100
Started GET "/-/cable/"[non-WebSocket] for $REMOTE_IP at 2022-12-22 14:35:51
+0100
Failed to upgrade to WebSocket (REQUEST_METHOD: GET, HTTP_CONNECTION: ,
HTTP_UPGRADE: )
Finished "/-/cable/"[non-WebSocket] for $REMOTE_IP at 2022-12-22 14:35:51
+0100
So; following [3], I added:
RewriteEngine on
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule ^/?(.*) "unix:/opt/gitlab/gitlab/tmp/sockets/gitlab-
workhorse.socket|http://127.0.0.1/$1"; [P,NE]
Missing the NE-Flag, as well as replacing http with ws results in a bad config
message in Apache's error logs:
[Thu Dec 22 14:34:51.093012 2022] [proxy:warn] [pid 781:tid 140179385861824]
[client $REMOTE_IP:57328] AH01144: No protocol handler was valid for the URL
/-/cable (scheme 'unix'). If you are using a DSO version of mod_proxy, make
sure the proxy submodules are included in the configuration using LoadModule.
Using the config as written shows the following in GitLab's logs:
Started GET "/proxy:http://127.0.0.1/-/cable/"; for $REMOTE_IP at 2022-12-22
14:46:19 +0100
Processing by ApplicationController#route_not_found as HTML
Parameters: {"unmatched_route"=>"proxy:http:/127.0.0.1/-/cable"}
Rendered layout layouts/errors.html.haml (Duration: 2.2ms | Allocations:
600)
Completed 404 Not Found in 30ms (Views: 2.8ms | ActiveRecord: 3.5ms |
Elasticsearch: 0.0ms | Allocations: 7303)
So I assume the config is still wrong, but I could not yet find a working
solution. Anybody knows what I'm missing?
Thanks!
[1] https://docs.gitlab.com/omnibus/settings/nginx.html
[2] https://httpd.apache.org/docs/2.4/mod/mod_proxy.html
[3] https://httpd.apache.org/docs/2.4/mod/mod_proxy_wstunnel.html
--
MfG Jan
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|