GitLab + Ubuntu 16.04 + Plesk Onyx


0

GitLab Omnibus 패키지가 설치되어 있습니다. 이제 패키지 nginx 대신 Plesk의 nginx를 사용하고 싶습니다. 번들 nginx를 사용하지 않도록 구성을 설정했습니다.

이제 Plesk Onyx의 nginx를 사용하여 gitlab에 요청을 제공하고 싶습니다. 이를 위해 ngingx plesk를 어떻게 구성합니까 (Vhost?)?

다음을 추가했습니다.

## GitLab
##
## Modified from nginx http version
## Modified from http://blog.phusion.nl/2012/04/21/tutorial-setting-up-gitlab-on-debian-6/
## Modified from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
##
## Lines starting with two hashes (##) are comments with information.
## Lines starting with one hash (#) are configuration parameters that can be uncommented.
##
##################################
##        CONTRIBUTING          ##
##################################
##
## If you change this file in a Merge Request, please also create
## a Merge Request on https://gitlab.com/gitlab-org/omnibus-gitlab/merge_requests
##
###################################
##         configuration         ##
###################################
##
## See installation.md#using-https for additional HTTPS configuration details.

upstream gitlab-workhorse {
  server unix:/var/opt/gitlab/gitlab-workhorse/socket fail_timeout=0;
}

## Redirects all HTTP traffic to the HTTPS host
server {
  ## Either remove "default_server" from the listen line below,
  ## or delete the /etc/nginx/sites-enabled/default file. This will cause gitlab
  ## to be served if you visit any address that your server responds to, eg.
  ## the ip address of the server (http://x.x.x.x/)
  listen 0.0.0.0:80;
  listen [::]:80 ipv6only=on;
  server_name gitlab.nextgamers.eu; ## Replace this with something like gitlab.example.com
  server_tokens off; ## Don't show the nginx version number, a security best practice
  return 301 https://$http_host$request_uri;
  access_log  /var/log/nginx/gitlab_access.log;
  error_log   /var/log/nginx/gitlab_error.log;
}

## HTTPS host
server {
  listen 0.0.0.0:443 ssl;
  listen [::]:443 ipv6only=on ssl;
  server_name gitlab.nextgamers.eu; ## Replace this with something like gitlab.example.com
  server_tokens off; ## Don't show the nginx version number, a security best practice
  root /opt/gitlab/embedded/service/gitlab-rails/public;

  ## Strong SSL Security
  ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/
  ssl on;
  ssl_certificate /etc/nginx/ssl/gitlab.crt;
  ssl_certificate_key /etc/nginx/ssl/gitlab.key;

  # GitLab needs backwards compatible ciphers to retain compatibility with Java IDEs
  ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_session_cache shared:SSL:10m;
  ssl_session_timeout 5m;

  ## See app/controllers/application_controller.rb for headers set

  ## [Optional] Enable HTTP Strict Transport Security
  ## HSTS is a feature improving protection against MITM attacks
  ## For more information see: https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/
  # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

  ## [Optional] If your certficate has OCSP, enable OCSP stapling to reduce the overhead and latency of running SSL.
  ## Replace with your ssl_trusted_certificate. For more info see:
  ## - https://medium.com/devops-programming/4445f4862461
  ## - https://www.ruby-forum.com/topic/4419319
  ## - https://www.digitalocean.com/community/tutorials/how-to-configure-ocsp-stapling-on-apache-and-nginx
  # ssl_stapling on;
  # ssl_stapling_verify on;
  # ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt;
  # resolver 208.67.222.222 208.67.222.220 valid=300s; # Can change to your DNS resolver if desired
  # resolver_timeout 5s;

  ## [Optional] Generate a stronger DHE parameter:
  ##   sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096
  ##
  # ssl_dhparam /etc/ssl/certs/dhparam.pem;

  ## Individual nginx logs for this GitLab vhost
  access_log  /var/log/nginx/gitlab_access.log;
  error_log   /var/log/nginx/gitlab_error.log;

  location / {
    client_max_body_size 0;
    gzip off;

    ## https://github.com/gitlabhq/gitlabhq/issues/694
    ## Some requests take more than 30 seconds.
    proxy_read_timeout      300;
    proxy_connect_timeout   300;
    proxy_redirect          off;

    proxy_http_version 1.1;

    proxy_set_header    Host                $http_host;
    proxy_set_header    X-Real-IP           $remote_addr;
    proxy_set_header    X-Forwarded-Ssl     on;
    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto   $scheme;
    proxy_pass http://gitlab-workhorse;
  }
}

nginx의 conf.d 디렉토리에있는 gitlab.conf nginx 시작이 실패하고 오류는 다음과 같습니다.

root@baby /etc/nginx/conf.d # systemctl status nginx.service
● nginx.service - Startup script for nginx service
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Thu 2017-07-13 11:46:25 CEST; 4min 21s ago
  Process: 7688 ExecStop=/bin/kill -s QUIT $MAINPID (code=exited, status=0/SUCCESS)
  Process: 24657 ExecReload=/bin/kill -s HUP $MAINPID (code=exited, status=0/SUCCESS)
  Process: 24654 ExecReload=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)
  Process: 24651 ExecReload=/usr/bin/test $NGINX_ENABLED = yes (code=exited, status=0/SUCCESS)
  Process: 7708 ExecStart=/usr/sbin/nginx (code=exited, status=1/FAILURE)
  Process: 7700 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)
  Process: 7697 ExecStartPre=/usr/bin/test $NGINX_ENABLED = yes (code=exited, status=0/SUCCESS)
 Main PID: 5578 (code=exited, status=0/SUCCESS)

Jul 13 11:46:24 baby.freakyonline.de nginx[7708]: nginx: [emerg] bind() to [::]:443 failed (98: Address already in use)
Jul 13 11:46:24 baby.freakyonline.de nginx[7708]: nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
Jul 13 11:46:24 baby.freakyonline.de nginx[7708]: nginx: [emerg] bind() to [::]:443 failed (98: Address already in use)
Jul 13 11:46:25 baby.freakyonline.de nginx[7708]: nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
Jul 13 11:46:25 baby.freakyonline.de nginx[7708]: nginx: [emerg] bind() to [::]:443 failed (98: Address already in use)
Jul 13 11:46:25 baby.freakyonline.de nginx[7708]: nginx: [emerg] still could not bind()
Jul 13 11:46:25 baby.freakyonline.de systemd[1]: nginx.service: Control process exited, code=exited status=1
Jul 13 11:46:25 baby.freakyonline.de systemd[1]: Failed to start Startup script for nginx service.
Jul 13 11:46:25 baby.freakyonline.de systemd[1]: nginx.service: Unit entered failed state.
Jul 13 11:46:25 baby.freakyonline.de systemd[1]: nginx.service: Failed with result 'exit-code'.
root@baby /etc/nginx/conf.d #

청취 옵션의 default_server 부분을 제거했지만.

누군가 나를 도울 수 있다면 정말 감사하겠습니다.

대단히 감사합니다! 이상한.

답변:


당사 사이트를 사용함과 동시에 당사의 쿠키 정책개인정보 보호정책을 읽고 이해하였음을 인정하는 것으로 간주합니다.
Licensed under cc by-sa 3.0 with attribution required.