Gitlab Pages domain change process

Tutorial tutorial
Created At :
  1. Gitlab config
  2. Nginx configure
  3. Change gitlab auth callback url
  4. Nginx configure template

Gitlab config

Edit gitlab.rb to change domain

pages_external_url "https://ydam.dev"
gitlab_pages['enable'] = true
gitlab_pages['access_control'] = true

gitlab-ctl reconfigure

Nginx configure

Change domain

nginx -s reload

Change gitlab auth callback url

https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/4107

Login to gitlab admin area

Enter Admin Area -> Applications and change Callback URL of GitLab Pages to https://projects.ydam.dev/auth

Nginx configure template

# This file is managed by gitlab-ctl. Manual changes will be
# erased! To change the contents below, edit /etc/gitlab/gitlab.rb
# and run `sudo gitlab-ctl reconfigure`.

## Lines starting with two hashes (##) are comments with information.
## Lines starting with one hash (#) are configuration parameters that can be uncommented.
##
###################################
##         configuration         ##
###################################


server {
  listen 443 ssl http2;
  server_name  ~^(?<group>.*)\.ydam\.dev$ blog.ydam.top;
  server_tokens off; ## Don't show the nginx version number, a security best practice

  ## Disable symlink traversal
  disable_symlinks on;

  ## Strong SSL Security
  ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/
  ssl_certificate /etc/letsencrypt/live/ydam.dev/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/ydam.dev/privkey.pem;

  # GitLab needs backwards compatible ciphers to retain compatibility with Java IDEs
  ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4';
  ssl_protocols  TLSv1.2 TLSv1.3;
  ssl_prefer_server_ciphers on;
  ssl_session_cache  builtin:1000  shared:SSL:10m;
  ssl_session_timeout  5m;


  ## Real IP Module Config
  ## http://nginx.org/en/docs/http/ngx_http_realip_module.html

  ## Individual nginx logs for this GitLab vhost
  access_log  /var/log/gitlab/nginx/gitlab_pages_access.log;
  error_log   /var/log/gitlab/nginx/gitlab_pages_error.log;

  # Pass everything to pages daemon
  location / {
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header X-Forwarded-Ssl on;

    # Prevent NGINX from caching pages in response to the pages `Cache-Control`
    # header.
    #
    # Browsers already respect this directive and Pages can handle the request
    # volume without help from NGINX.
    #
    # If this changes in the future, ensure `proxy_cache_key` is set to a value
    # like `$scheme$host$request_uri`, as the default value does not take the
    # Pages hostname into account, leading to incorrect responses being served.
    #
    # See https://gitlab.com/gitlab-org/gitlab-pages/issues/73
    proxy_cache off;

    # use https for solve error
    proxy_pass          https://localhost:8090;
  }

  # Define custom error pages
  error_page 403 /403.html;
  error_page 404 /404.html;

  
}

©2016-2020 Ydam

Built with Hexo and 3-hexo theme