Intro
In addition to using github a little bit, I've built my own private gitlab server. Part of my motivation is that some things I'm using this for don't belong on a public repo. Part of it is education. I already have an apache server running and wanted to integrate my gitlab access into this in a fluid fashion rather than running and exposing gitlab on some alternate port. This took a little more work than I anticipated and I learned a bit from it.
What got me over the hurdle
I spent several hours trying to integrate the gitlab's included nginx
server
behind apache via a reverse proxy. This, of course, never worked and felt as
kludgy as it sounds while I was trying to do it. This is actually because
nginx
is itself a reverse proxy in front of gitlab's unicorn server. Once I
realized that, I realized I could use apache to reverse proxy calls to my
gitlab url to the gitlab unicorn server and skip the nginx
layer
So once I realized that I found this recipe for an Apache 2.4
configuration. The difference here is using the Require
2.4 directive
where I'm using apache 2.2 so I needed the Allow
directive. So that section
of the config looks like this:
<Location /> Order allow,deny Allow from 127.0.0.1 4.4.4.4 5.5.5.5 etc. Deny from env=blockAccess ProxyPassReverse http://localhost:8080 ProxyPassReverse http://gitlab.example.com/ </Location>
This limits access to the URL to known IP addresses. If I need to get into the gitlab URL from a non-known address, I can VPN in or use an ad-hoc SSH tunnel.