Skip to content

Reverse proxy (with SSL termination) setup works OK, but direct access to gitlab (bypassing proxy) results in wrong HTTPS redirects

I'm trying setup the typical reverse proxy that does SSL termination. The reverse proxy part is working OK!

The problem is that I can't access the gitlab server directly from the internal network (bypassing the SSL terminator).

Apparently gitlab is trying to redirect my internal request to HTTPS aswell (HTTP 302), which obviously does not work because I do not have HTTPS internally and gitlab is not listening on HTTPS port.

This works:

            https://git.mycorp.com                    http://git.my.domain.internal
Public Client --------------------> NGinx SSL Terminator -----------------------> GitLab

This does not work:

                              http://git.my.domain.internal
Internal Network Client ------------------------------------------> GitLab

When accessing gitlab directly from my internal network (bypassing the reverse proxy that does SSL termination), I'm getting HTTP 302 redirects from HTTP to HTTPS, resulting in something like https://git.my.domain.internal that does not exist.

I've followed the guides and setted up everything accordingly. My reverse proxy setup is working OK, but I really would like to keep internal URLs working as they were before because there are a lot of people in my organization that access gitlab through the internal network which is considered safe.

I understand that maybe gitlab is redirecting because he's not receiving the forwarded headers, which will never happen because i'm accessing it directly.

I already searched a lot through the issues, and found out that there are a lot of similar issues. Unfortunately I did not find any suitable answer... Any help is appreciated!

My gitlab.rb relevant settings are:

external_url 'https://git.mycorp.com'
nginx['redirect_http_to_https'] = false
nginx['listen_port'] = 80
nginx['listen_https'] = false
nginx['proxy_set_headers'] = {
  "X-Forwarded-Proto" => "https",
  "X-Forwarded-Ssl" => "on"
}

My Gitlab env:info:

System information
System:         Ubuntu 14.04
Current User:   git
Using RVM:      no
Ruby Version:   2.1.8p440
Gem Version:    2.5.1
Bundler Version:1.10.6
Rake Version:   10.5.0
Sidekiq Version:4.1.2

GitLab information
Version:        8.8.5
Revision:       68cd138
Directory:      /opt/gitlab/embedded/service/gitlab-rails
DB Adapter:     postgresql
Using LDAP:     yes
Using Omniauth: no

GitLab Shell
Version:        2.7.2
Repositories:   /mnt/data/git-data/repositories
Hooks:          /opt/gitlab/embedded/service/gitlab-shell/hooks/
Git:            /opt/gitlab/embedded/bin/git