I am trying to enable the Pages feature of Gitlab(17.1.0-ce.0), I have a private domain
a.org
, public domain
b.com
, private domain and private dns are implemented using Windows, The public network is reverse proxy to
git.a.org
by nginx deployed on the Windows service by accessing
git.b.com:8443
, How do I configure nginx on a Windows server so that <repo_namespace>.pages.b.com can access Pages from Gitlab correctly?
I try to follow
this document
to configure my gitlab.rb
# GitLab Pages Settings
gitlab_rails['pages_path'] = '/mnt/data/gitlab/pages'
# case doc said pages domain must not be gitlab domain's child domain, so i use the public domain
pages_external_url "http://pages.b.com:8443"
gitlab_pages['enable'] = true
gitlab_pages['namespace_in_path'] = true
pages_nginx['enable'] = true
pages_nginx['listen_port'] = 81
pages_nginx['listen_https'] = false
pages_nginx['redirect_http_to_https'] = false
gitlab_pages['listen_proxy'] = "127.0.0.1:8090"
# This file is managed by gitlab-ctl. Manual changes will be
# erased! To change the contents below, edit /etc/gitlab/gitlab.rb
# and run `sudo gitlab-ctl reconfigure`.
## Lines starting with two hashes (##) are comments with information.
## Lines starting with one hash (#) are configuration parameters that can be uncommented.
###################################
## configuration ##
###################################
## Experimental - Handle requests having namespace in path
## See https://gitlab.com/gitlab-org/gitlab/-/issues/211677
server {
listen *:81;
server_name ~^pages\.b\.com$;
server_tokens off; ## Don't show the nginx version number, a security best practice
## Disable symlink traversal
disable_symlinks on;
## Real IP Module Config
## http://nginx.org/en/docs/http/ngx_http_realip_module.html
## HSTS Config
## https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/
add_header Strict-Transport-Security "max-age=63072000 ";
## Individual nginx logs for this GitLab vhost
access_log /mnt/data/gitlab/logs/gitlab-nginx/gitlab_pages_access.log gitlab_access;
error_log /mnt/data/gitlab/logs/gitlab-nginx/gitlab_pages_error.log error;
# Define custom error pages
error_page 403 /403.html;
error_page 404 /404.html;
# In case of a unique domain URL, add a trailing '/' if it's missing
location ~ ^/(?<namespace>[^/]+)$ {
return 301 $scheme://$http_host$request_uri/;
# Pass when namespace in path to pages daemon after the rewrite
location ~ ^/(?<namespace>[^/]+)/(?<project>.*)$ {
## Rewrite remove namespace from path
rewrite ^/([^/]+)/(.*)$ /$2 break;
## Put namespace back in host from path
proxy_set_header Host $1.$http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Gitlab-Namespace-In-Path $namespace;
# Prevent NGINX from caching pages in response to the pages `Cache-Control`
# header.
# Browsers already respect this directive and Pages can handle the request
# volume without help from NGINX.
# If this changes in the future, ensure `proxy_cache_key` is set to a value
# like `$scheme$host$request_uri`, as the default value does not take the
# Pages hostname into account, leading to incorrect responses being served.
# See https://gitlab.com/gitlab-org/gitlab-pages/issues/73
proxy_cache off;
proxy_http_version 1.1;
proxy_pass http://127.0.0.1:8090;
## Put namespace in path from host before sending it to the user
proxy_redirect ~^http://([^/]*)\.(pages\.b\.com:8443)/(.*)$ http://$2/$1/$3;
proxy_redirect ~^//([^/]*)\.(pages\.b\.com:8443)/(.*)$ http://$2/$1/$3;
proxy_redirect ~^/(.*)$ http://pages\.b\.com:8443/$namespace/$1;
server {
listen *:81;
server_name ~^(?<group>.*)\.pages\.b\.com$;
server_tokens off; ## Don't show the nginx version number, a security best practice
## Disable symlink traversal
disable_symlinks on;
## Real IP Module Config
## http://nginx.org/en/docs/http/ngx_http_realip_module.html
## HSTS Config
## https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/
add_header Strict-Transport-Security "max-age=63072000 ";
## Individual nginx logs for this GitLab vhost
access_log /mnt/data/gitlab/logs/gitlab-nginx/gitlab_pages_access.log gitlab_access;
error_log /mnt/data/gitlab/logs/gitlab-nginx/gitlab_pages_error.log error;
# Define custom error pages
error_page 403 /403.html;
error_page 404 /404.html;
# Pass everything to pages daemon when namespace in host
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_hide_header X-Gitlab-Namespace-In-Path;
# Prevent NGINX from caching pages in response to the pages `Cache-Control`
# header.
# Browsers already respect this directive and Pages can handle the request
# volume without help from NGINX.
# If this changes in the future, ensure `proxy_cache_key` is set to a value
# like `$scheme$host$request_uri`, as the default value does not take the
# Pages hostname into account, leading to incorrect responses being served.
# See https://gitlab.com/gitlab-org/gitlab-pages/issues/73
proxy_cache off;
proxy_http_version 1.1;
proxy_pass http://127.0.0.1:8090;
pages-domain=pages.b.com
pages-root=/mnt/data/gitlab/pages
api-secret-key=/var/opt/gitlab/gitlab-pages/.gitlab_pages_secret
listen-proxy=127.0.0.1:8090
log-format=json
use-http2=true
artifacts-server=http://git.a.org/api/v4
artifacts-server-timeout=10
gitlab-server=http://git.a.org
namespace-in-path=true
server {
listen 80;
server_name git.b.com;
access_log logs/gitlab.access.log;
error_log logs/gitlab.error.log;
location / {
proxy_pass http://git.a.org:80;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
proxy_redirect http://git.a.org/ /;
client_max_body_size 250m;
server {
listen 80;
server_name ~^pages\.b\.com$;
charset utf-8;
access_log logs/gitlab.pages.access.log;
error_log logs/gitlab.pages.error.log;
location / {
proxy_pass http://172.16.0.9:81;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
client_max_body_size 250m;
Please select whether options apply, and add the version information.
[ x ] Self-managed
GitLab.com SaaS
Versions
GitLab (Web: /help or self-managed system information):
System information
System: Ubuntu 20.04
Current User: git
Using RVM: no
Ruby Version: 3.1.5p253
Gem Version: 3.5.11
Bundler Version:2.5.11
Rake Version: 13.0.6
Redis Version: 7.0.15
Sidekiq Version:7.1.6
Go Version: unknown
GitLab information
Version: 17.1.0
Revision: 35cd573d799
Directory: /opt/gitlab/embedded/service/gitlab-rails
DB Adapter: PostgreSQL
DB Version: 14.11
URL: http://git.a.org
HTTP Clone URL: http://git.a.org/some-group/some-project.git
SSH Clone URL: [email protected]:some-group/some-project.git
Using LDAP: no
Using Omniauth: yes
Omniauth Providers:
GitLab Shell
Version: 14.36.0
Repository storages:
- default: unix:/var/opt/gitlab/gitaly/gitaly.socket
GitLab Shell path: /opt/gitlab/embedded/service/gitlab-shell
Gitaly
- default Address: unix:/var/opt/gitlab/gitaly/gitaly.socket
- default Version: 17.1.0
- default Git Version: 2.45.1
If need all log for detail information ,please contact me by email ([email protected])and i will reply in email attaches
