Gitlab in a subdirectory with apache and passenger

2019-03-11 05:27发布

问题:

I'm attempting to set up gitlab so that it is accessible through a subdirectory of an existing apache server, example.com/gitlab, for example. I am trying to use passenger, as this seems to be the easiest to set up, but other solutions would also be acceptable. Using a separate virtual host for gitlab is unfortunately not an option for me.

My Setup

In setting this up, I have followed the gitlab setup guide and the passenger documentation.

I believe the most relevant parts of /etc/httpd/conf/httpd.conf are the following:

DocumentRoot "/home/.www"

# gitlab config
RackBaseURI /gitlab
<Directory "/home/.www/gitlab">
    Options -MultiViews
</Directory>

The DocumentRoot of apache contains a symlink to the gitlab public directory:

$ ls -l /home/.www
lrwxrwxrwx  1 root  http    23 Jul 29 12:35 gitlab -> ../gitlab/gitlab/public

Passenger was installed using the passenger-install-apache2-module script, and the config lines output by the script are included in the apache config.

I have played with the relative_url_root in config/gitlab.yml; that did not have any effect (judging from the the comments in the file, this mechanism seems to be discouraged or deprecated---it would be nice to avoid it).

Results

When accessing example.com/gitlab, I get the following output (a plain text document):

Not Found: /

Apache's logs indicate that passenger has started, but that at least favicon.ico is being requested from the document root, when it should be be requested from the subdirectory as /gitlab/favicon.ico:

[ 2013-07-29 14:14:12.1029 2037/7f3502e1e740 agents/HelperAgent/Main.cpp:597 ]: PassengerHelperAgent online, listening at unix:/tmp/passenger.1.0.2033/generation-0/request
[ 2013-07-29 14:14:12.1150 2043/7fa24dbf3740 agents/LoggingAgent/Main.cpp:330 ]: PassengerLoggingAgent online, listening at unix:/tmp/passenger.1.0.2033/generation-0/logging
[ 2013-07-29 14:14:12.1154 2034/7ff20a0cb740 agents/Watchdog/Main.cpp:635 ]: All Phusion Passenger agents started!
[Mon Jul 29 14:14:12 2013] [notice] Digest: generating secret for digest authentication ...
[Mon Jul 29 14:14:12 2013] [notice] Digest: done
[ 2013-07-29 14:14:13.0297 2057/7f5380ee3740 agents/Watchdog/Main.cpp:452 ]: Options: { 'analytics_log_user' => 'nobody', 'default_group' => 'nobody', 'default_python' => 'python', 'default_ruby' => '/usr/bin/ruby', 'default_user' => 'nobody', 'log_level' => '0', 'max_instances_per_app' => '0', 'max_pool_size' => '6', 'passenger_root' => '/usr/lib/ruby/gems/2.0.0/gems/passenger-4.0.10', 'pool_idle_time' => '300', 'temp_dir' => '/tmp', 'union_station_gateway_address' => 'gateway.unionstationapp.com', 'union_station_gateway_port' => '443', 'user_switching' => 'true', 'web_server_pid' => '2055', 'web_server_type' => 'apache', 'web_server_worker_gid' => '33', 'web_server_worker_uid' => '33' }
[ 2013-07-29 14:14:13.0367 2061/7f92eefef740 agents/HelperAgent/Main.cpp:597 ]: PassengerHelperAgent online, listening at unix:/tmp/passenger.1.0.2055/generation-0/request
[ 2013-07-29 14:14:13.0485 2067/7f4cc5205740 agents/LoggingAgent/Main.cpp:330 ]: PassengerLoggingAgent online, listening at unix:/tmp/passenger.1.0.2055/generation-0/logging
[ 2013-07-29 14:14:13.0490 2057/7f5380ee3740 agents/Watchdog/Main.cpp:635 ]: All Phusion Passenger agents started!
[Mon Jul 29 14:14:13 2013] [notice] Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/1.0.1e DAV/2 Phusion_Passenger/4.0.10 configured -- resuming normal operations
[ 2013-07-29 14:14:16.8354 2061/7f92eef2a700 Pool2/Spawner.h:738 ]: [App 2096 stdout] 
[ 2013-07-29 14:14:24.8814 2061/7f92eef2a700 Pool2/SmartSpawner.h:301 ]: Preloader for /home/.www/../gitlab/gitlab started on PID 2096, listening on unix:/tmp/passenger.1.0.2055/generation-0/backends/preloader.2096
[Mon Jul 29 14:14:25 2013] [error] [client 129.241.220.221] File does not exist: /home/.www/favicon.ico

It seems to me that it should not be necessary to start any puma server or similar, so I have not run any bundle exec rake ... commands to start anything rails-related when generating the logs above (I have tried that but I'm not including the output here as it seems identical to me).

Does anyone see what I am doing wrong?

回答1:

I don't think that Passenger is the easiest way to configure Apache for GitLab. Using a local reverse proxy is actually more simple.

The lastest version of GitLab (6.0) is using Unicorn, but it almost the same with Puma.

In your config/unicorn.rb file, comment listen directive and add:

listen "127.0.0.1:9242"

In your Apache configuration, you can then add

ProxyPass         /gitlab http://127.0.0.1:9242
ProxyPassReverse  /gitlab http://127.0.0.1:9242

Restart Apache and GitLab, and it should work.



回答2:

Running Gitlab in a subdirectory is not officially supported, but works fine (I'm currently running an instance). I don't know anything about Passenger, but this is how you run it using unicorn and a frontend proxy:

You need to set you subdirectory in three places (to cite the default gitlab.yml):

# Uncomment and customize the last line to run in a non-root path
# WARNING: This feature is no longer supported
# Note that three settings need to be changed for this to work.
# 1) In your application.rb file: config.relative_url_root = "/gitlab"
# 2) In your gitlab.yml file: relative_url_root: /gitlab
# 3) In your unicorn.rb: ENV['RAILS_RELATIVE_URL_ROOT']
#
relative_url_root: /gitlab

I just put the ENV['RAILS_RELATIVE_URL_ROOT'] '/gitlab' somewhere at the top in unicorn.rb, as there is no "default" place.

After this, you need to start sidekiq (the background job deamon) and unicorn (the webserver for gitlab) as described in the installation documentation. The supplied init script works really well.

Finally you need to setup your apache webserver to proxy requests to the backend unicorn instance. mod_proxy configured as a reverse proxy should do the job. (Arthurs answer has a bit more detail on this part)

If you (or someone comming from google) want to use nginx as a frontend proxy, this is the configuration I use:

location /gitlab {
    alias /home/git/gitlab/public;

    access_log  /var/log/nginx/gitlab_access.log;
    error_log   /var/log/nginx/gitlab_error.log;

    # serve static files from defined root folder;.
    # @gitlab is a named location for the upstream fallback, see below
    try_files $uri $uri/index.html $uri.html @gitlab;
}

# if a file, which is not found in the root folder is requested,
# then the proxy pass the request to the upsteam (gitlab unicorn)
location @gitlab {
    proxy_read_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
    proxy_connect_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
    proxy_redirect     off;

    proxy_set_header   X-Forwarded-Proto $scheme;
    proxy_set_header   Host              $http_host;
    proxy_set_header   X-Real-IP         $remote_addr;

    proxy_pass http://gitlab;

    access_log  /var/log/nginx/gitlab_access.log;
    error_log   /var/log/nginx/gitlab_error.log;
}


回答3:

I did the following to get gitlab 6.2.2 available in a sub-directory with Apache and a LAMP environment:

enable the following apache modules:

sudo a2enmod proxy
sudo a2enmod proxy_balancer
sudo a2enmod proxy_http
sudo a2enmod rewrite

right from the documentation, do the following:

# 1) In your application.rb file: config.relative_url_root = "/gitlab"
# 2) In your gitlab.yml file: relative_url_root: /gitlab
# 3) In your unicorn.rb: ENV['RAILS_RELATIVE_URL_ROOT'] = "/gitlab"

in /etc/apache2/mod-available/proxy.conf:

ProxyRequests On
ProxyPreserveHost on
<Proxy *>
  AddDefaultCharset off
  Order deny,allow
  Allow from all 
  AllowOverride All
</Proxy>

in /etc/apache2/apache2.conf:

ProxyPass         /gitlab/ http://127.0.0.1:8080/gitlab/
ProxyPassReverse  /gitlab/ http://127.0.0.1:8080/gitlab/
ProxyPass         /gitlab http://127.0.0.1:8080/gitlab
ProxyPassReverse  /gitlab http://127.0.0.1:8080/gitlab
ProxyPass         /assets http://127.0.0.1:8080/gitlab/assets
ProxyPassReverse  /assets http://127.0.0.1:8080/gitlab/assets


回答4:

An update on user1258056's post :

On recent releases of Gitlab (I'm using 10.0.3), the proposed solution leads to assets not being loaded (Error 401 : Not Authorized)

To fix this, add the following lines in /etc/gitlab/gitlab.rb :

unicorn['port'] = 8081
gitlab_workhorse['listen_addr'] ="127.0.0.1:8181"
gitlab_workhorse['listen_network'] = "tcp"

And change /etc/apache2/apache2.conf as follow :

ProxyPass         /gitlab/assets/ http://127.0.0.1:8181/gitlab/assets/
ProxyPassReverse  /gitlab/assets/ http://127.0.0.1:8181/gitlab/assets/

ProxyPass         /gitlab/ http://127.0.0.1:8081/gitlab/
ProxyPassReverse  /gitlab/ http://127.0.0.1:8081/gitlab/
ProxyPass         /gitlab http://127.0.0.1:8081/gitlab
ProxyPassReverse  /gitlab http://127.0.0.1:8081/gitlab

This leads to assets request being dispatched to the Workhorse component (port 8181), while other requests go through the usual path (port 8081)



回答5:

I use gitlab & nginx. use gitlab in subdir has many problems (or bugs). I use gitlab.example.com (easy to configure, easy to remember), not example.com/gitlab.