Nginx configure SSL load balancer -

-

i have docker server have installed gitlab sameersbn/docker-gitlab

i have nginx container listen 443:433 , 80:80, use 1 load balance http , https (with signed cert) requests

nginx.conf

worker_processes auto;  events { worker_connections 1024; }  http {      ##     # logging settings     ##      access_log /var/log/nginx/access.log;     error_log /var/log/nginx/error.log;       upstream gitlab {         server gitlab:10080;     }      server {         listen 80;         listen 443 ssl;         server_name www.domain.tld;          ssl on;         ssl_certificate         /usr/local/share/ca-certificates/domain.crt;         ssl_certificate_key     /usr/local/share/ca-certificates/domain.key;         ssl_trusted_certificate /usr/local/share/ca-certificates/gandistandardsslca2.pem;          ssl_session_timeout 5m;          ssl_protocols tlsv1 tlsv1.1 tlsv1.2;         ssl_ciphers "high:!anull:!md5 or high:!anull:!md5:!3des";         ssl_prefer_server_ciphers on;          root /usr/share/nginx/html;          location /git/ {             proxy_pass http://gitlab;             proxy_set_header x-forwarded-ssl on;             proxy_set_header host $host;             proxy_set_header x-real-ip $remote_addr;             proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;             proxy_set_header x-forwarded-proto $scheme;         }     }

without ssl, working url acces gitlab http://www.domain.tld:10080/git

with ssl, want url https://www.domain.tld/git

using nginx load balancer configuration

when go on http://www.domain.tld/git

400 bad request  plain http request sent https port

when go on https://www.domain.tld/git

err_connection_refused

these first signed certificate, how supposed work ?

to solve problem there 2 steps required:

  1. make nginx redirect http https
  2. make gitlab listen port 80 via http

why make gitlab listen port 80? technique called ssl offload prevent redundant https encryption/decryption happen between upstream , web-server. required , makes sense in case of different hosts complex security requirements.

nginx

server {    listen         80;    server_name    www.domain.tld;    return         301 https://$server_name$request_uri; }  server {    listen         443 ssl;    server_name    www.domain.tld;     [....]

}

gitlab

vi ./gitlab/config.yml gitlab_url: "http://server1.example.com" # http rather https

Comments

Post a Comment

Popular posts from this blog

java - Andrioid studio start fail: Fatal error initializing 'null' -

-
i don't know happened android studio,when start ,it shows me error message below. , try uninstall/reinstall it,but doesn't work.who can me!!! internal error. please report https://code.google.com/p/android/issues java.lang.runtimeexception: com.intellij.ide.plugins.pluginmanager$startupabortedexception: fatal error initializing 'null' @ com.intellij.idea.ideaapplication.run(ideaapplication.java:178) @ com.intellij.idea.mainimpl$1$1$1.run(mainimpl.java:52) @ java.awt.event.invocationevent.dispatch(invocationevent.java:209) @ java.awt.eventqueue.dispatcheventimpl(eventqueue.java:715) @ java.awt.eventqueue.access$400(eventqueue.java:82) @ java.awt.eventqueue$2.run(eventqueue.java:676) @ java.awt.eventqueue$2.run(eventqueue.java:674) @ java.security.accesscontroller.doprivileged(native method) @ java.security.accesscontrolcontext$1.dointersectionprivilege(accesscontrolcontext.java:86) @ java.awt.eventqueue.dispatchevent(eventqu
Read more

android - Gradle sync Error:Configuration with name 'default' not found -

-
i want add external library guillotinemenu-android in application. followed steps given in upvoted answer existing question how add library project android studio? facing error when try build project after step 6 i.e. when added dependency in app/build.gradle compile project(":guillotinemenu") . tried stackoverflow links related error not working out. have made folder named libs in app directory , copied project folder guillotine menu there. here build.gradle(module:app) file apply plugin: 'com.android.application' android { compilesdkversion 22 buildtoolsversion "22.0.1" defaultconfig { applicationid "com.sunshine.bbreaker.appet_i" minsdkversion 14 targetsdkversion 22 versioncode 1 versionname "1.0" } buildtypes { release { minifyenabled false proguardfiles getdefaultproguardfile('proguard-android.txt'), 'proguard-rules.p
Read more

StringGrid issue in Delphi XE8 firemonkey mobile app -

-
i'm using delphi xe8 developing mobile application , i'm facing of problem in tstringgrid. i have written following code in stringgridselectcell event. showmessage(stringgrid.cells[0, arow]); and shows proper value of selected row @ first time. when have tried click again selected row, event not getting fired. , cant able unselect particular row. so, have tried write message in onclick event. var irowind: integer; begin irowind := stringgrid1.selected; showmessage(stringgrid.cells[0, irowind]); end; and not working @ first time of click , when clicked second time works properly. issue in android mobile , not in windows. later, have kept both event code , faced issue. when i'm scrolling grid, firing onclick event. so, displaying selected row value. please provide me solution. , in advance. let's onclick event: procedure tfmmain.stringgrid1click(sender: tobject); begin caption := 'selected row id: ' + stringgrid1.select
Read more