Documentation for GITLAB_PAGES_EXTERNAL_HTTP and GITLAB_PAGES_EXTERNAL_HTTPS

[adamlc]

Thanks for all the great work on getting pages added in, its working perfectly with the default setup!

I think it would be a good idea to document how GITLAB_PAGES_EXTERNAL_HTTP and GITLAB_PAGES_EXTERNAL_HTTPS should be configured. Whilst we can look at the documentation running gitlab it a container may make things a little more challenging to get things up and running.

I'm running the current setup behind an nginx reverse proxy (jwilder/nginx-proxy), which I would guess is a pretty common use case. It works perfectly for supporting domains on the pages domain, I just add a wildcard into the VIRTUAL_HOST env variable for the container.

I think configuring the other external http / https need some documentation on how it may work with common setups. In some respects it may be easier to run the gitlab pages daemon in a separate container. Not everyone has an extra IP address to play with, so using a reverse proxy may be the only option for some people who want to use custom domains.

[catesandrew]

I don't want to get into a lengthy discussion here so take my response with a grain of salt. I think that the external_http is just an alias to the same process. so that the web server can respond to those requests as well as others proxied to it by the gitlab.

when you run pages on same box as gitlab than this is important and not as much when they are separated. if gitlab proxies to pages:8090 vs localhost:8090 than by definition it is already open at pages:8090 (minus a few details).

i run them separate so am discovering the external_http setting to not be as big of a deal as i am putting pages box behind a load balancer anyways.

sorry for the brevity, hope it helps

[adamlc]

Thanks for the feedback @catesandrew!

Unfortunately whatever I try it seems to create an invalid config or something for pages as it fails to start. Any ideas on how we go about configuring this @solidnerd?

Should GITLAB_PAGES_EXTERNAL_HTTP be a port number like GITLAB_PAGES_EXTERNAL_HTTP=8091 or something else?

Thanks :)

[adamlc]

So turns out after a little research you need to put a colon before the port, so GITLAB_PAGES_EXTERNAL_HTTP=:8091.

I managed to get custom domains working by running pages in a different container. I noticed the gitlab config for nginx is the default_server, do you think it would be more useful for pages to be the default_server so any custom domains are forwarded to pages instead?

[gopeter]

It would be really great if the documentation could include the information about the colon :) This issue saved me hours.

[vkarps]

Hi @adamlc Do you mind posting your env paramaters for gitlab pages component of the container please? I have been struggling for some time now trying to get it going on my synology. Even if you could point me to some documentation on how to get it going on a separate container, that would be great.

[gopeter]

I'm running GitLab pages with this config on my Synology:

[...]
"env_variables" : [
    [...]    
    {
        "key" : "GITLAB_PAGES_EXTERNAL_HTTP",
        "value" : ":8081"
    },
    {
        "key" : "GITLAB_PAGES_ENABLED",
        "value" : "true"
    },
    {
        "key" : "GITLAB_PAGES_DOMAIN",
        "value" : "pages.YOURDOMAIN.com"
    },
    [...]
],
"port_bindings" : [
    {
        "container_port" : 22,
        "host_port" : 11022,
        "type" : "tcp"
    },
    {
        "container_port" : 80,
        "host_port" : 11080,
        "type" : "tcp"
    },
    {
        "container_port" : 8081,
        "host_port" : 11082,
        "type" : "tcp"
    }
],
[...]

To make web applications work on port 80, I've created some extra vHosts with Nginx on the Synology:

/etc/nginx/sites-enabled/git.YOURDOMAIN.com:

server {
	listen 80;
	server_name git.YOURDOMAIN.com;
	return 301 https://$host$request_uri;
}

server {
	listen 443 ssl http2;
	server_name git.YOURDOMAIN.com;

	ssl on;
	ssl_certificate      /volume1/docker/gitlab-data/certs/git.YOURDOMAIN.com.pem;
	ssl_certificate_key  /volume1/docker/gitlab-data/certs/git.YOURDOMAIN.com.key;
	ssl_protocols		TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers			HIGH:!aNULL:!MD5;

	location / {
		proxy_set_header    Host $host;
		proxy_set_header    X-Real-IP $remote_addr;
		proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header    X-Forwarded-Ssl on;
		proxy_set_header    X-Forwarded-Proto https;
		proxy_redirect      off;

		proxy_pass			http://localhost:11080;
	}
}

and

/etc/nginx/sites-enabled/pages.YOURDOMAIN.com (we're running GitLab pages over http at the moment):

server {
	listen 80;
	server_name *.pages.YOURDOMAIN.com;

    location / {
        proxy_set_header    Host $host;
        proxy_set_header    X-Real-IP $remote_addr;
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header    X-Forwarded-Proto https;
        proxy_redirect      off;
 
		proxy_pass          http://localhost:11082;
	}
}

Hope this helps!

[vkarps]

Ah, I think that is what is getting me unstuck, the synology config. I'll give it a shot and let you know, thank you for the quick response!

[stale[bot]]

This issue has been automatically marked as stale because it has not had any activity for the last 60 days. It will be closed if no further activity occurs during the next 7 days. Thank you for your contributions.

[olovskos]

Can someone please post his docker(compose) file/settings to get pages running with jwilder nginx? Maybe @adamlc? I have been struggling since days but could not get it to work...

[jixintangen]

I'm running GitLab pages with this config on my Synology:

[...]
"env_variables" : [
    [...]    
    {
        "key" : "GITLAB_PAGES_EXTERNAL_HTTP",
        "value" : ":8081"
    },
    {
        "key" : "GITLAB_PAGES_ENABLED",
        "value" : "true"
    },
    {
        "key" : "GITLAB_PAGES_DOMAIN",
        "value" : "pages.YOURDOMAIN.com"
    },
    [...]
],
"port_bindings" : [
    {
        "container_port" : 22,
        "host_port" : 11022,
        "type" : "tcp"
    },
    {
        "container_port" : 80,
        "host_port" : 11080,
        "type" : "tcp"
    },
    {
        "container_port" : 8081,
        "host_port" : 11082,
        "type" : "tcp"
    }
],
[...]

To make web applications work on port 80, I've created some extra vHosts with Nginx on the Synology:

/etc/nginx/sites-enabled/git.YOURDOMAIN.com:

server {
	listen 80;
	server_name git.YOURDOMAIN.com;
	return 301 https://$host$request_uri;
}

server {
	listen 443 ssl http2;
	server_name git.YOURDOMAIN.com;

	ssl on;
	ssl_certificate      /volume1/docker/gitlab-data/certs/git.YOURDOMAIN.com.pem;
	ssl_certificate_key  /volume1/docker/gitlab-data/certs/git.YOURDOMAIN.com.key;
	ssl_protocols		TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers			HIGH:!aNULL:!MD5;

	location / {
		proxy_set_header    Host $host;
		proxy_set_header    X-Real-IP $remote_addr;
		proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header    X-Forwarded-Ssl on;
		proxy_set_header    X-Forwarded-Proto https;
		proxy_redirect      off;

		proxy_pass			http://localhost:11080;
	}
}

and

/etc/nginx/sites-enabled/pages.YOURDOMAIN.com (we're running GitLab pages over http at the moment):

server {
	listen 80;
	server_name *.pages.YOURDOMAIN.com;

    location / {
        proxy_set_header    Host $host;
        proxy_set_header    X-Real-IP $remote_addr;
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header    X-Forwarded-Proto https;
        proxy_redirect      off;
 
		proxy_pass          http://localhost:11082;
	}
}

Hope this helps!

where does the config writed in ? is it gitlab.rb?