gitlab version 18.0 config ssl
2026-05-26gitlab version 18.0 config ssl
1、gitlab nginx dir
/var/opt/gitlab/nginx/conf/nginx.conf
include upstream_definitions/*.conf;
include service_conf/*.conf;
2、默认只有http
cd /var/opt/gitlab/nginx/conf/service_conf/
cp gitlab-rails.conf gitlab-rails.conf.bak
也可以复制一个https文件
cp gitlab-rails.conf gitlab-rails-https.conf
然后修改80端口为443
增加ssl配置
listen *:443 default_server ssl;
http2 on;
ssl_certificate /etc/gitlab/ssl/gitlab.my.com.pem;
ssl_certificate_key /etc/gitlab/ssl/gitlab.my.com.key;
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_session_timeout 1d;
3、也可以用/etc/gitlab/gitlab.rb配置
external_url 'http://gitlab.my.com'
nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.my.com.pem"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.my.com.key"
gitlab-ctl reconfigure
会生成带ssl配置的 gitlab-rails.conf
cp gitlab-rails.conf gitlab-rails-https.conf
cp gitlab-rails.conf.bak gitlab-rails.conf
会重启所有服务
gitlab-ctl restart nginx
重启nginx让ssl生效
netstat -ntlp|grep 443
4、dns域名验证位置
cd /opt/gitlab/embedded/service/gitlab-rails/public/
robots.txt
.well-known/pki-validation/fileauth.txt
5、日志位置
tail -f /var/log/gitlab/nginx/gitlab_access.log