Integrating gitlab into my existing Apache

Intro

In addition to using github a little bit, I've built my own private gitlab server. Part of my motivation is that some things I'm using this for don't belong on a public repo. Part of it is education. I already have an apache server running and wanted to integrate my gitlab access into this in a fluid fashion rather than running and exposing gitlab on some alternate port. This took a little more work than I anticipated and I learned a bit from it.

What got me over the hurdle

I spent several hours trying to integrate the gitlab's included nginx server behind apache via a reverse proxy. This, of course, never worked and felt as kludgy as it sounds while I was trying to do it. This is actually because nginx is itself a reverse proxy in front of gitlab's unicorn server. Once I realized that, I realized I could use apache to reverse proxy calls to my gitlab url to the gitlab unicorn server and skip the nginx layer

So once I realized that I found this recipe for an Apache 2.4 configuration. The difference here is using the Require 2.4 directive where I'm using apache 2.2 so I needed the Allow directive. So that section of the config looks like this:

<Location /> 
        Order allow,deny
        Allow from 127.0.0.1 4.4.4.4 5.5.5.5 etc.
        Deny from env=blockAccess
        ProxyPassReverse        http://localhost:8080
        ProxyPassReverse http://gitlab.example.com/
</Location>

This limits access to the URL to known IP addresses. If I need to get into the gitlab URL from a non-known address, I can VPN in or use an ad-hoc SSH tunnel.

 Share!

 
comments powered by Disqus