I share below my configuration of GitLab when served behind a reverse proxy (haproxy to name it) that is handling the HTTPS part of the communication (and is also load balancing). <Disclaimer> I am not claiming this is the best configuration or the only possible configuration but I can report that it works well</Disclaimer>.
The network transaction is established as follows:
- HTTPS HTTP/2 -> HAPROXY < - HTTP -> NGINX < - HTTP -> Unicorn/GitLab
I will not detail here the configuration of HAProxy which is pretty classical.
Configuration of GitLab
In gitlab.yml (presumably in /home/git/gitlab/config/ if you installed from source), I have the following:
production: &base ## Web server settings (note: host is the FQDN, do not include http://) host: gitlab.domain.tld port: 443 https: true
And yes I indicate https true and port 445 even if Gitlab itself does not handle the https part of the communication.
Configuration of Nginx
In the config of Nginx (another layer of reverse proxy), I have:
proxy_set_header X-Forwarded-Proto https;
which differs from the configuration proposed by the Gitlab team. Indeed, it does not convey the protocol that is seen by Nginx but rather forces the header to https as initially the communication was https-secured.
And it works flawlessly!