Gitlab and Apache

Using Gitlab with Apache server isn’t quite difficult to manage but it costs me some time to find the right resources and hints. To avoid this search again, here are some useful steps to get it work.

First of all this is my configuration:

Preparation

  • Download the following configuration files from the Gitlab Apache Server Configuration Files site:gitlab-omnibus-ssl-apache24.conf
    gitlab-omnibus-apache24.confCopy them to /etc/apache2/sites-available and create a system link to /etc/apache2/sites-enabled

    >> ln -s /etc/apache2/sites-available/gitlab-omnibus-ssl-apache24.conf /etc/apache2/sites-enabled/gitlab-omnibus-ssl-apache24.conf
    >> ln -s /etc/apache2/sites-available/gitlab-omnibus-apache24.conf /etc/apache2/sites-enabled/gitlab-omnibus-apache24.conf
  • Install missing mod and enable┬ádependencies for Apache (listed in the *.conf files)
    >> apt-get install libapache2-mod-proxy-html
    >> a2enmod rewrite
    >> a2enmod ssl
    >> a2enmod proxy
    >> a2enmod proxy_http
    >> a2enmod headers

Configuration

  • Add new domain to your /etc/hosts configuration
    /etc/hosts
    ...
    123.123.123.123 gitlab.yourdomain.com
  • If you do have a static IP, configure your DNS on your domain hoster website for correct redirection
  • Change in the configuration files (*.conf) the YOUR_SERVER_FQDN entries to your domain name, e.g. gitlab.yourdomain.com
  • For the Gitlab configuration follow these steps:
    /etc/gitlab/gitlab.rb
    add
    gitlab_workhorse['listen_network'] = "tcp"
    gitlab_workhorse['listen_addr'] = "127.0.0.1:8181"
    
    set
    nginx['enable'] = false
    ...
    web_server['external_users'] = ['www-data']
    
    >> gitlab-ctl reconfigure
  • Restart Apache server
    >> service apache2 restart | systemctl status apache2.service

Hint

If you are using Letsencrypt for SSL then change the following lines in the gitlab-omnibus-ssl-apache24.conf file

/etc/apache2/sites-available/gitlab-omnibus-ssl-apache24.conf
...
SSLEngine on
#strong encryption ciphers only
#see ciphers(1) http://www.openssl.org/docs/apps/ciphers.html
#SSLProtocol all -SSLv2
#SSLHonorCipherOrder on
#SSLCipherSuite "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
#Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
#SSLCompression Off
SSLCertificateFile /etc/letsencrypt/live/gitlab.yourdomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/gitlab.yourdomain.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
#SSLCACertificateFile /etc/httpd/ssl.crt/your-ca.crt
...