After installing GitLab Omnibus package on Debian 7, we need to properly configure it to work with an external Nginx web server. The key configuration in /etc/gitlab/gitlab.rb should include:
external_url 'http://git.mydomain.fr'
web_server['external_users'] = ['www-data']
nginx['enable'] = false
ci_nginx['enable'] = false
The error logs show a critical issue with worker connections:
2015/02/28 14:29:16 [alert] 4137#0: *14738 768 worker_connections are not enough...
This indicates the default Nginx configuration isn't sufficient for handling GitLab traffic. We need to create a custom Nginx configuration that properly proxies requests to the GitLab workhorse service.
Create /etc/nginx/sites-available/gitlab with these essential directives:
upstream gitlab-workhorse {
server unix:/var/opt/gitlab/gitlab-workhorse/socket fail_timeout=0;
}
server {
listen *:80;
server_name git.mydomain.fr;
server_tokens off;
location / {
proxy_pass http://gitlab-workhorse;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# Important for large repositories
client_max_body_size 0;
proxy_request_buffering off;
}
# Error handling
error_page 502 /502.html;
location = /502.html {
root /opt/gitlab/embedded/service/gitlab-rails/public;
}
}
In /etc/nginx/nginx.conf, add these performance-related settings:
worker_processes auto;
worker_rlimit_nofile 100000;
events {
worker_connections 4096;
multi_accept on;
use epoll;
}
http {
# Buffer optimizations
client_body_buffer_size 1m;
client_header_buffer_size 1m;
large_client_header_buffers 4 8m;
# Timeouts
client_body_timeout 60;
client_header_timeout 60;
keepalive_timeout 75;
send_timeout 60;
}
After making these changes:
- Test Nginx configuration:
sudo nginx -t - Reload Nginx:
sudo systemctl reload nginx - Restart GitLab:
sudo gitlab-ctl restart - Verify socket permissions:
sudo chmod 770 /var/opt/gitlab/gitlab-workhorse/socket
If you still encounter 502 errors, check these components:
- Workhorse service status:
sudo gitlab-ctl status gitlab-workhorse - Socket file existence and permissions
- Nginx error logs:
tail -f /var/log/nginx/error.log
For high-traffic installations, consider increasing these values in gitlab.rb:
unicorn['worker_processes'] = 4
postgresql['max_worker_processes'] = 8
sidekiq['concurrency'] = 25
When setting up GitLab Omnibus with an external NGINX web server, the most common issue you'll encounter is the 502 Bad Gateway error. Let's examine the critical components:
# /etc/gitlab/gitlab.rb critical settings
external_url 'http://git.mydomain.fr'
web_server['external_users'] = ['www-data']
nginx['enable'] = false
ci_nginx['enable'] = false
You'll need to create a custom NGINX configuration. Here's a working template:
# /etc/nginx/sites-available/gitlab.conf
upstream gitlab-workhorse {
server unix:/var/opt/gitlab/gitlab-workhorse/socket fail_timeout=0;
}
server {
listen 80;
server_name git.mydomain.fr;
server_tokens off;
location / {
proxy_pass http://gitlab-workhorse;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
error_log /var/log/nginx/gitlab_error.log;
access_log /var/log/nginx/gitlab_access.log;
}
The error log shows "worker_connections are not enough". Add these to your nginx.conf:
events {
worker_connections 10240;
}
http {
# Add these to prevent connection flooding
limit_req_zone $binary_remote_addr zone=gitlab:10m rate=10r/s;
limit_req zone=gitlab burst=20 nodelay;
}
Ensure proper permissions for the workhorse socket:
sudo chown git:www-data /var/opt/gitlab/gitlab-workhorse/socket
sudo chmod 775 /var/opt/gitlab/gitlab-workhorse/socket
- Test NGINX configuration:
sudo nginx -t - Reload NGINX:
sudo systemctl reload nginx - Check workhorse status:
sudo gitlab-ctl status gitlab-workhorse - Verify socket exists:
ls -la /var/opt/gitlab/gitlab-workhorse/