[GitLab反代] 非标准443端口上的GitLab实例,通过WAF反代,链接跳转会丢失端口
Published a year ago
# Github Discussion
# Q&A
Published a year ago
mazhewei
Updated a year ago
0
GitLab的启动参数如下(docker-compose.yml):
1version: '3.8' 2services: 3 gitlab: 4 image: 'gitlab/gitlab-ce:latest' 5 restart: always 6 container_name: gitlab 7 environment: 8 GITLAB_OMNIBUS_CONFIG: | 9 external_url 'https://my-domain:10000' 10 # 禁用letsencrypt 11 letsencrypt['enable'] = false 12 # 配置SSL证书(不用配置了,证书放到WAF中) 13 # nginx['ssl_certificate'] = "/etc/gitlab/cert/my-domain.pem" 14 # nginx['ssl_certificate_key'] = "/etc/gitlab/cert/my-domain.key" 15 # 修改ssh端口 16 gitlab_rails['gitlab_shell_ssh_port'] = 8888 17 # 配置root初始密码,仅首次启动容器有效 18 gitlab_rails['initial_root_password'] = "xxxxxxxx" 19 # 禁用自带的https,https由WAF实现 20 nginx['listen_https'] = false 21 nginx['listen_port'] = 80 22 # 配置时区 23 gitlab_rails['time_zone'] = 'Asia/Shanghai' 24 # 开启gitlab Pages功能 25 # gitlab_pages['enable'] = true 26 # 禁用远程头像 27 gitlab_rails['gravatar_enabled'] = false 28 # Add any other gitlab.rb configuration here, each on its own line 29 ports: 30 - '1000:80' 31 - '8888:22' 32 volumes: 33 - '/home/gitlab/config:/etc/gitlab' 34 - '/home/gitlab/cert:/etc/gitlab/cert' 35 - '/home/gitlab/logs:/var/log/gitlab' 36 - '/home/gitlab/data:/var/opt/gitlab' 37 38networks: 39 default: 40 driver: "bridge"
除上面的设置外,其他设置使用GitLab默认,GitLab版本是14.6.1
然后WAF上的反向代理配置如下:
域名:my-domain
端口:10000
类型:代理一个已有的网站
证书:选择上传的证书
上游服务器:http://localhost:1000
保存提交后访问:https://my-domain:10000
访问不到,浏览器自动重定向会变成:https://my-domain 端口号丢失了
如果手工访问:https://my-domain:10000/users/sign_in 则可以打开登录界面
WAF站点全局设置:
SSL协议:TLSv1.2
为上游服务器传递 X-Forwarded-Host、 X-Forwarded-Proto:启用
支持 GZip 压缩:启用
支持 Brotli 压缩:启用
请问有没有办法能解决端口号丢失的问题?有人做过类似的场景吗?谢谢