代码之家  ›  专栏  ›  技术社区  ›  Amedee Van Gasse Bruno Lowagie

Gitlab Omnibus:如何使用捆绑nginx重写url

  •  2
  • Amedee Van Gasse Bruno Lowagie  · 技术社区  · 6 年前

    我将GitLab迁移到了一个新服务器。作为迁移的一部分,一些存储库被重新组织。我们有一个网站,直接链接到 斑点 未经加工的 斑点 文件夹。

    Gitlab Omnibus: how to redirect all requests to another domain ,这又引用了GitLab的官方文档: https://docs.gitlab.com/omnibus/settings/nginx.html#inserting-custom-settings-into-the-nginx-config .

    1. sudo mkdir -p /etc/nginx/conf.d/

    2. 创建 /etc/nginx/conf.d/redirect.conf

    .

    server {
      server_name gitlab.itextsupport.com;
      rewrite ^\/itext7\/samples\/(blob|raw)\/master\/(?!samples\/)(.*)$ https://$server_name/itext7/samples/$1/master/samples/$2 permanent;
    }
    
    1. 在处编辑配置文件 /etc/gitlab/gitlab.rb 添加以下行:

      nginx['custom_nginx_config'] = "include /etc/nginx/conf.d/redirect.conf;"

    2. 重写nginx配置:

      sudo gitlab-ctl reconfigure

    3. 重新启动捆绑的nginx:

      sudo gitlab-ctl restart nginx

    4. sudo grep 'redirect.conf' /var/opt/gitlab/nginx/conf/nginx.conf

    测试配置

    curl -I https://gitlab.itextsupport.com/itext/tutorial/blob/master/signatures/src/main/java/signatures/chapter4/C4_05_SignWithBEID.java
    

    /samples 在之后插入 /blob/master . 我希望看到301重写 https://gitlab.itextsupport.com/itext/tutorial/blob/master/samples/signatures/src/main/java/signatures/chapter4/C4_05_SignWithBEID.java

    实际结果

    在未修改的URL上200 OK。

    丑陋的黑客

    将此行添加到 /var/opt/gitlab/nginx/conf/gitlab-http.conf 重新启动捆绑的nginx:

    rewrite ^\/itext7\/samples\/(blob|raw)\/master\/(?!samples\/)(.*)$ https://$server_name/itext7/samples/$1/master/samples/$2 permanent;
    

    通过这样做,我已经验证了我的实际重写规则本身是正确的。

    gitlab-ctl reconfigure 正在运行。

    问题

    我需要更改什么才能使URL重写按预期工作?没有丑陋的黑客?

    附加信息

    当我跑的时候 sudo /opt/gitlab/embedded/sbin/nginx -p /var/opt/gitlab/nginx -T ,我看到两个 server { } /etc/gitlab/gitlab.rb ,那么我的问题很可能就解决了。

    1 回复  |  直到 6 年前
        1
  •  3
  •   Amedee Van Gasse Bruno Lowagie    6 年前

    嗯,看起来答案就在我眼前 gitlab.rb nginx['custom_nginx_config'] ,有 nginx['custom_gitlab_server_config'] . 我把include语句放在那里,删除了 server {} 重写规则的括号。GitLab文档中也描述了这一点 https://docs.gitlab.com/omnibus/settings/nginx.html#inserting-custom-nginx-settings-into-the-gitlab-server-block :

    这会将定义的字符串插入到 /var/opt/gitlab/nginx/conf/gitlab-http.conf .

    我就是这么做的:

    1. /etc/gitlab/gitlab.rb ,注释掉 nginx['custom\u nginx\u config']

      nginx['custom_gitlab_server_config'] = "include /etc/nginx/conf.d/redirect.conf;"

    2. /etc/nginx/conf.d/redirect.conf ,只保留重写行:

      rewrite ^\/itext7\/samples\/(blob|raw)\/master\/(?!samples\/)(.*)$ https://$server_name/itext7/samples/$1/master/samples/$2 permanent;

    3. 重新配置GitLab:

      sudo gitlab-ctl reconfigure

    4. sudo gitlab-ctl restart nginx

    5. 验证nginx配置:

      sudo /opt/gitlab/embedded/sbin/nginx -p /var/opt/gitlab/nginx -T | tail -n 20

    nginx: the configuration file /var/opt/gitlab/nginx/conf/nginx.conf syntax is ok
    nginx: configuration file /var/opt/gitlab/nginx/conf/nginx.conf test is successful
    
      include /etc/nginx/conf.d/redirect.conf;
    }
    
    # configuration file /etc/nginx/conf.d/redirect.conf:
    rewrite ^\/itext7\/samples\/(blob|raw)\/master\/(?!samples\/)(.*)$ https://$server_name/itext7/samples/$1/master/samples/$2 permanent;
    
    # configuration file /var/opt/gitlab/nginx/conf/nginx-status.conf:
    server  {
        listen 127.0.0.1:8060;
        server_name localhost;
        location /nginx_status {
          stub_status on;
          server_tokens off;
          access_log off;
          allow 127.0.0.1;
          deny all;
        }
    }
    
    1. curl -I https://gitlab.itextsupport.com/itext/tutorial/blob/master/signatures/src/main/java/signatures/chapter4/C4_05_SignWithBEID.java

    HTTP/1.1 301 Moved Permanently
    Server: nginx
    Date: Thu, 27 Sep 2018 11:32:23 GMT
    Content-Type: text/html
    Content-Length: 178
    Connection: keep-alive
    Location: https://gitlab.itextsupport.com/itext/tutorial/blob/master/samples/signatures/src/main/java/signatures/chapter4/C4_05_SignWithBEID.java
    Strict-Transport-Security: max-age=31536000
    

    有一件事我仍然很好奇:

    • 这个 rewrite 排队结束了 外部 这个 server{}
    • 这个 行使用 $server_name 变量。
    • $server\u名称 变量已定义 里面 这个 阻止。

    这在视觉上是不是因为包含语句的方式很奇怪 nginx -T ? 是 真的吗 里面 服务器{} 外部