Registry http to https redirection incorrect url (missing port)
This is with gitlab-ce 10.5.4-ce.0 on Ubuntu 16.04.
When configuring http to https redirection for the registy in gitlab.rb, I end up with a slightly incorrect redirect URI. On the return 301 line, the :
without port number in /var/opt/gitlab/nginx/conf/gitlab-registry.conf
is invalid (actually browsers don't complain, but letsencrypt does).
server {
listen *:80;
server_name registry.gitlab.my.domain;
server_tokens off; ## Don't show the nginx version number, a security best practice
return 301 https://$http_host:$request_uri;
access_log /var/log/gitlab/nginx/gitlab_registry_access.log gitlab_access;
error_log /var/log/gitlab/nginx/gitlab_registry_error.log;
}
The relevant part of my gitlab.rb
looks like this:
################################################################################
## Registry NGINX
################################################################################
registry_nginx['enable'] = true
registry_nginx['redirect_http_to_https'] = true
# registry_nginx['redirect_http_to_https_port'] = 80
# registry_nginx['ssl_ciphers'] = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
# registry_nginx['ssl_prefer_server_ciphers'] = "on"
# registry_nginx['ssl_certificate'] = "/etc/gitlab/ssl/certificate.pem"
# registry_nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/certificate.key"
registry_nginx['ssl_certificate'] = "/etc/letsencrypt/live/registry.gitlab.my.domain/fullchain.pem"
registry_nginx['ssl_certificate_key'] = "/etc/letsencrypt/live/registry.gitlab.my.domain/privkey.pem"
registry_nginx['custom_gitlab_server_config'] = "location ^~ /.well-known { root /var/www/letsencrypt; }"