Configuration
如何為 GitLab NixOS 服務配置主機名?
我正在嘗試在 NixOS 20.09.1632.a6a3a368dda (Nightingale) 上部署一個新的 GitLab 實例。
我有這個相當小的configuration.nix:
{ modulesPath, ... }: let host = "example.org"; adminEmail = "admin@example.org"; in { imports = [ "${modulesPath}/virtualisation/amazon-image.nix" ]; ec2.hvm = true; services.gitlab = rec { enable = true; inherit host; port = 80; # You, dear sysadmin, have to make these files exist. initialRootPasswordFile = "/tmp/gitlab-secrets/initial-password"; secrets = rec { # A file containing 30 "0" characters. secretFile = "/tmp/gitlab-secrets/zeros"; dbFile = secretFile; otpFile = secretFile; # openssl genrsa 2048 > jws.rsa jwsFile = "/tmp/gitlab-secrets/jws.rsa"; }; }; services.nginx = { enable = true; user = "gitlab"; virtualHosts = { "${host}" = { locations."/" = { # http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass proxyPass = "http://unix:/var/gitlab/state/tmp/sockets/gitlab.socket"; }; }; }; }; networking.firewall = { enable = true; allowPing = false; allowedTCPPorts = [ 22 80 ]; }; }
啟動此配置時,會啟動許多程序(redis、postgresql、sidekiq 等)。然而,nginx(感謝,我假設,GitLab 的 Rails HTTP 伺服器)用以下方式響應請求
/
:* Connected to example.org (X.X.X.X) port 80 (#0) > GET / HTTP/1.1 > Host: example.org > User-Agent: curl/7.72.0 > Accept: */* > * Mark bundle as not supporting multiuse < HTTP/1.1 302 Found < Server: nginx < Date: Thu, 11 Feb 2021 19:38:40 GMT < Content-Type: text/html; charset=utf-8 < Transfer-Encoding: chunked < Connection: keep-alive < X-Frame-Options: DENY < X-XSS-Protection: 1; mode=block < X-Content-Type-Options: nosniff < X-Download-Options: noopen < X-Permitted-Cross-Domain-Policies: none < Referrer-Policy: strict-origin-when-cross-origin < X-UA-Compatible: IE=edge < Location: http://localhost/users/sign_in < Cache-Control: no-cache < Set-Cookie: experimentation_subject_id=eyJfcmFpbHMiOnsibWVzc2FnZSI6IklqZGhabU0zWXpVNExUSmxNR1F0TkdZMlpTMWlZVEkwTFdKak1EVTFaREZoTURJd1ppST0iLCJleHAiOm51bGwsInB1ciI6ImNvb2tpZS5leHBlcmltZW50YXRpb25fc3ViamVjdF9pZCJ9fQ%3D%3D--cbf53392028ed41f7c582a64e643476a5c2aab6b; path=/; expires=Mon, 11 Feb 2041 19:38:40 -0000; HttpOnly < X-Request-Id: 545cc04e-1689-4351-b5a9-ca171f1a85d4 < X-Runtime: 0.060596 < * Connection #0 to host example.org left intact <html><body>You are being <a href="http://localhost/users/sign_in">redirected</a>.</body></html>
由於
localhost
is notexample.org
,因此失敗。如何配置 GitLab 以了解其自己的主機名?
proxy_set_header
使用NGINX 指令可以實現所需的行為:proxy_set_header Host $host;
如果你在反向代理配置中包含這一行,NGINX 將
localhost
使用原始請求中的主機名(即)重寫從上游伺服器(即 GitLab)發回的主機頭(即example.org
)。services.nginx.recommendedProxySettings
在 NixOS 中啟用該選項將生成包含該指令的 NGINX 配置。