gitlab 外网 无法访问 查端口 看文档

云服务器安装成功后

curl   页面可以正常跳转 重置密码的token  页面可以生成 但是  外网无法 访问

[root@test ~]# curl 127.0.0.1:18021
<html><body>You are being <a href="http://127.0.0.1:18021/users/sign_in">redirected</a>.</body></html>[root@test ~]#
[root@test ~]#
[root@test ~]#
[root@test ~]# curl http://127.0.0.1:18021/users/sign_in
<html><body>You are being <a href="http://127.0.0.1:18021/users/password/edit?reset_password_token=u7GR7TABHQ13h72gncdu">redirected</a>.</body></html>[root@test ~]# curl http://127.0.0.1:18021/users/password/edit?reset_password_token=u7GR7TABHQ13h72gncdu
<!DOCTYPE html>
<html class="devise-layout-html">
<head prefix="og: http://ogp.me/ns#">
<meta charset="utf-8">
<meta content="IE=edge" http-equiv="X-UA-Compatible">
<meta content="object" property="og:type">
<meta content="GitLab" property="og:site_name">
<meta content="" property="og:title">
<meta content="GitLab Enterprise Edition" property="og:description">
<meta content="http://127.0.0.1:18021/assets/gitlab_logo-7ae504fe4f68fdebb3c2034e36621930cd36ea87924c11ff65dbcb8ed50dca58.png" property="og:image">
<meta content="64" property="og:image:width">
<meta content="64" property="og:image:height">
<meta content="http://127.0.0.1:18021/users/password/edit?reset_password_token=u7GR7TABHQ13h72gncdu" property="og:url">
<meta content="summary" property="twitter:card">
<meta content="" property="twitter:title">
<meta content="GitLab Enterprise Edition" property="twitter:description">
<meta content="http://127.0.0.1:18021/assets/gitlab_logo-7ae504fe4f68fdebb3c2034e36621930cd36ea87924c11ff65dbcb8ed50dca58.png" property="twitter:image">

<title>GitLab</title>
<meta content="GitLab Enterprise Edition" name="description">
<link rel="shortcut icon" type="image/png" href="/assets/favicon-7901bd695fb93edb07975966062049829afb56cf11511236e61bcf425070e36e.png" id="favicon" data-original-href="/assets/favicon-7901bd695fb93edb07975966062049829afb56cf11511236e61bcf425070e36e.png" />
<link rel="stylesheet" media="all" href="/assets/application-10723f1f6d76069649a38e767f7bfe21dcffa233b627b12a612b5f64a597096c.css" />
<link rel="stylesheet" media="print" href="/assets/print-c8ff536271f8974b8a9a5f75c0ca25d2b8c1dceb4cff3c01d1603862a0bdcbfc.css" />

<script>
//<![CDATA[
window.gon={};gon.api_version="v4";gon.default_avatar_url="http://code.baimacloud.com:18021/assets/no_avatar-849f9c04a3a0d0cea2424ae97b27447dc64a7dbfae83c036c45b403392f0e8ba.png";gon.max_file_size=10;gon.asset_host=null;gon.webpack_public_path="/assets/webpack/";gon.relative_url_root="";gon.shortcuts_path="/help/shortcuts";gon.user_color_scheme="white";gon.gitlab_url="http://code.baimacloud.com:18021";gon.revision="d17962f";gon.gitlab_logo="/assets/gitlab_logo-7ae504fe4f68fdebb3c2034e36621930cd36ea87924c11ff65dbcb8ed50dca58.png";gon.sprite_icons="/assets/icons-07542808fffaf82e9b57b144464ea42620b32f65ce441c01528d23d4b96d5f11.svg";gon.sprite_file_icons="/assets/file_icons-7262fc6897e02f1ceaf8de43dc33afa5e4f9a2067f4f68ef77dcc87946575e9e.svg";gon.emoji_sprites_css_path="/assets/emoji_sprites-289eccffb1183c188b630297431be837765d9ff4aed6130cf738586fb307c170.css";gon.test_env=false;gon.suggested_label_colors=["#0033CC","#428BCA","#44AD8E","#A8D695","#5CB85C","#69D100","#004E00","#34495E","#7F8C8D","#A295D6","#5843AD","#8E44AD","#FFECDB","#AD4363","#D10069","#CC0033","#FF0000","#D9534F","#D1D100","#F0AD4E","#AD8D43"];
//]]>
</script>

<script src="/assets/webpack/runtime.7424e5fb.bundle.js" defer="defer"></script>
<script src="/assets/webpack/main.5ab70142.chunk.js" defer="defer"></script>
<script src="/assets/webpack/default.890522b7.chunk.js" defer="defer"></script>

<meta name="csrf-param" content="authenticity_token" />
<meta name="csrf-token" content="gJ2hJqLjUQUJmj7acKm8PJGoi2VgPd9fa8nACzynVhQ+YaypzPg9RsWUGFg/Irlgkl0Xn9RiNtREgjBxofYjKQ==" />
<meta content="origin-when-cross-origin" name="referrer">
<meta content="width=device-width, initial-scale=1, maximum-scale=1" name="viewport">
<meta content="#474D57" name="theme-color">
<link rel="apple-touch-icon" type="image/x-icon" href="/assets/touch-icon-iphone-5a9cee0e8a51212e70b90c87c12f382c428870c0ff67d1eb034d884b78d2dae7.png" />
<link rel="apple-touch-icon" type="image/x-icon" href="/assets/touch-icon-ipad-a6eec6aeb9da138e507593b464fdac213047e49d3093fc30e90d9a995df83ba3.png" sizes="76x76" />
<link rel="apple-touch-icon" type="image/x-icon" href="/assets/touch-icon-iphone-retina-72e2aadf86513a56e050e7f0f2355deaa19cc17ed97bbe5147847f2748e5a3e3.png" sizes="120x120" />
<link rel="apple-touch-icon" type="image/x-icon" href="/assets/touch-icon-ipad-retina-8ebe416f5313483d9c1bc772b5bbe03ecad52a54eba443e5215a22caed2a16a2.png" sizes="152x152" />
<link color="rgb(226, 67, 41)" href="/assets/logo-d36b5212042cebc89b96df4bf6ac24e43db316143e89926c0db839ff694d2de4.svg" rel="mask-icon">
<meta content="/assets/msapplication-tile-1196ec67452f618d39cdd85e2e3a542f76574c071051ae7effbfde01710eb17d.png" name="msapplication-TileImage">
<meta content="#30353E" name="msapplication-TileColor">

</head>

<body class="ui-indigo login-page application navless" data-page="passwords:edit">

<div class="page-wrap">
<header class="navbar fixed-top navbar-empty">
<div class="container">
<div class="mx-auto">
<svg width="24" height="24" class="tanuki-logo" viewBox="0 0 36 36">
  <path class="tanuki-shape tanuki-left-ear" fill="#e24329" d="M2 14l9.38 9v-9l-4-12.28c-.205-.632-1.176-.632-1.38 0z"/>
  <path class="tanuki-shape tanuki-right-ear" fill="#e24329" d="M34 14l-9.38 9v-9l4-12.28c.205-.632 1.176-.632 1.38 0z"/>
  <path class="tanuki-shape tanuki-nose" fill="#e24329" d="M18,34.38 3,14 33,14 Z"/>
  <path class="tanuki-shape tanuki-left-eye" fill="#fc6d26" d="M18,34.38 11.38,14 2,14 6,25Z"/>
  <path class="tanuki-shape tanuki-right-eye" fill="#fc6d26" d="M18,34.38 24.62,14 34,14 30,25Z"/>
  <path class="tanuki-shape tanuki-left-cheek" fill="#fca326" d="M2 14L.1 20.16c-.18.565 0 1.2.5 1.56l17.42 12.66z"/>
  <path class="tanuki-shape tanuki-right-cheek" fill="#fca326" d="M34 14l1.9 6.16c.18.565 0 1.2-.5 1.56L18 34.38z"/>
</svg>

</div>
</div>
</header>

<div class="login-page-broadcast">

</div>
<div class="container navless-container">
<div class="content">
<div class="flash-container flash-container-page">
</div>

<div class="row">
<div class="col-sm-7 brand-holder">
<h1>
GitLab Enterprise Edition
</h1>

<h3>Open source software to collaborate on code</h3>
<p>
Manage Git repositories with fine-grained access controls that keep your code secure.
Perform code reviews and enhance collaboration with merge requests.
Each project can also have an issue tracker and a wiki.
</p>
</div>
<div class="col-sm-5 new-session-forms-container">
<ul class="nav-links new-session-tabs single-tab nav-tabs nav">
<li class="nav-item">
<a class="nav-link active">Change your password</a>
</li>
</ul>

<div class="login-box">
<div class="login-body">
<form class="gl-show-field-errors" id="new_user" action="/users/password" accept-charset="UTF-8" method="post"><input name="utf8" type="hidden" value="✓" /><input type="hidden" name="_method" value="put" /><input type="hidden" name="authenticity_token" value="1X0BLeyNyit8JxOzNjB6+tvWV7Imf7D2aiH2hVvvG1drgQyigpamaLApNTF5u3+m2CPLSJIgWX1Fagb/xr5uag==" /><div class="devise-errors">

</div>
<input type="hidden" value="u7GR7TABHQ13h72gncdu" name="user[reset_password_token]" id="user_reset_password_token" />
<div class="form-group">
<label for="user_password">New password</label>
<input class="form-control top" required="required" title="This field is required" type="password" name="user[password]" id="user_password" />
</div>
<div class="form-group">
<label for="user_password_confirmation">Confirm new password</label>
<input class="form-control bottom" title="This field is required" required="required" type="password" name="user[password_confirmation]" id="user_password_confirmation" />
</div>
<div class="clearfix">
<input type="submit" name="commit" value="Change your password" class="btn btn-primary" />
</div>
</form></div>
</div>
<div class="clearfix prepend-top-20">
<p>
<span class="light">Didn't receive a confirmation email?</span>
<a href="/users/confirmation/new">Request a new one</a>
</p>
</div>
<p>
<span class="light">
Already have login and password?
<a href="/users/sign_in?redirect_to_referer=yes">Sign in</a>
</span>
</p>

</div>
</div>
</div>
</div>
<hr class="footer-fixed">
<div class="container footer-container">
<div class="footer-links">
<a href="/explore">Explore</a>
<a href="/help">Help</a>
<a href="https://about.gitlab.com/">About GitLab</a>
</div>
</div>

</div>
</body>
</html>
[root@test ~]# netstat -apn
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:9100          0.0.0.0:*               LISTEN      16348/node_exporter
tcp        0      0 127.0.0.1:9229          0.0.0.0:*               LISTEN      16603/gitlab-workho
tcp        0      0 127.0.0.1:9168          0.0.0.0:*               LISTEN      16649/ruby
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      30671/java
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      17013/nginx: master
tcp        0      0 127.0.0.1:8082          0.0.0.0:*               LISTEN      16144/sidekiq 5.1.3
tcp        0      0 127.0.0.1:9236          0.0.0.0:*               LISTEN      16618/gitaly
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      26433/sshd
tcp        0      0 0.0.0.0:8060            0.0.0.0:*               LISTEN      16179/nginx: master
tcp        0      0 127.0.0.1:18080         0.0.0.0:*               LISTEN      18266/unicorn maste
tcp        0      0 127.0.0.1:9121          0.0.0.0:*               LISTEN      16436/redis_exporte
tcp        0      0 127.0.0.1:9090          0.0.0.0:*               LISTEN      18278/prometheus
tcp        0      0 127.0.0.1:9187          0.0.0.0:*               LISTEN      16696/postgres_expo
tcp        0      0 127.0.0.1:9093          0.0.0.0:*               LISTEN      16680/alertmanager
tcp        0      0 0.0.0.0:18021           0.0.0.0:*               LISTEN      16179/nginx: master
　　

　　

Linux下使用ps命令查看某个进程文件的启动位置 - EasonJim - 博客园 https://www.cnblogs.com/EasonJim/p/6803375.html

查看18021端口的进程的目录

[root@test ~]# ll /proc/16179
total 0
dr-xr-xr-x 2 root root 0 Aug 22 10:02 attr
-rw-r--r-- 1 root root 0 Aug 22 10:07 autogroup
-r-------- 1 root root 0 Aug 22 10:07 auxv
-r--r--r-- 1 root root 0 Aug 22 10:07 cgroup
--w------- 1 root root 0 Aug 22 10:07 clear_refs
-r--r--r-- 1 root root 0 Aug 22 09:48 cmdline
-rw-r--r-- 1 root root 0 Aug 22 10:07 comm
-rw-r--r-- 1 root root 0 Aug 22 10:07 coredump_filter
-r--r--r-- 1 root root 0 Aug 22 10:07 cpuset
lrwxrwxrwx 1 root root 0 Aug 22 09:48 cwd -> /var/opt/gitlab/nginx
-r-------- 1 root root 0 Aug 22 10:07 environ
lrwxrwxrwx 1 root root 0 Aug 22 09:48 exe -> /opt/gitlab/embedded/sbin/nginx
dr-x------ 2 root root 0 Aug 22 09:48 fd
dr-x------ 2 root root 0 Aug 22 10:07 fdinfo
-rw-r--r-- 1 root root 0 Aug 22 10:07 gid_map
-r-------- 1 root root 0 Aug 22 10:07 io
-r--r--r-- 1 root root 0 Aug 22 10:07 limits
-rw-r--r-- 1 root root 0 Aug 22 10:07 loginuid
dr-x------ 2 root root 0 Aug 22 10:07 map_files
-r--r--r-- 1 root root 0 Aug 22 10:07 maps
-rw------- 1 root root 0 Aug 22 10:07 mem
-r--r--r-- 1 root root 0 Aug 22 10:07 mountinfo
-r--r--r-- 1 root root 0 Aug 22 10:07 mounts
-r-------- 1 root root 0 Aug 22 10:07 mountstats
dr-xr-xr-x 5 root root 0 Aug 22 10:07 net
dr-x--x--x 2 root root 0 Aug 22 10:07 ns
-r--r--r-- 1 root root 0 Aug 22 10:07 numa_maps
-rw-r--r-- 1 root root 0 Aug 22 10:07 oom_adj
-r--r--r-- 1 root root 0 Aug 22 10:07 oom_score
-rw-r--r-- 1 root root 0 Aug 22 10:07 oom_score_adj
-r--r--r-- 1 root root 0 Aug 22 10:07 pagemap
-r--r--r-- 1 root root 0 Aug 22 10:07 personality
-rw-r--r-- 1 root root 0 Aug 22 10:07 projid_map
lrwxrwxrwx 1 root root 0 Aug 22 10:07 root -> /
-rw-r--r-- 1 root root 0 Aug 22 10:07 sched
-r--r--r-- 1 root root 0 Aug 22 10:07 schedstat
-r--r--r-- 1 root root 0 Aug 22 10:07 sessionid
-rw-r--r-- 1 root root 0 Aug 22 10:07 setgroups
-r--r--r-- 1 root root 0 Aug 22 10:07 smaps
-r--r--r-- 1 root root 0 Aug 22 10:07 stack
-r--r--r-- 1 root root 0 Aug 22 09:48 stat
-r--r--r-- 1 root root 0 Aug 22 10:07 statm
-r--r--r-- 1 root root 0 Aug 22 09:48 status
-r--r--r-- 1 root root 0 Aug 22 10:07 syscall
dr-xr-xr-x 3 root root 0 Aug 22 10:07 task
-r--r--r-- 1 root root 0 Aug 22 10:07 timers
-rw-r--r-- 1 root root 0 Aug 22 10:07 uid_map
-r--r--r-- 1 root root 0 Aug 22 10:07 wchan
[root@test ~]# cd /var/opt/gitlab/nginx
[root@test nginx]# ll -as
total 40
4 drwxr-x---  9 root       gitlab-www 4096 Aug 22 09:48 .
4 drwxr-xr-x 20 root       root       4096 Aug 22 09:54 ..
4 drwx------  2 gitlab-www root       4096 Aug 22 09:48 client_body_temp
4 drwxr-x---  2 root       gitlab-www 4096 Aug 22 09:54 conf
4 drwx------  2 gitlab-www root       4096 Aug 22 09:48 fastcgi_temp
0 lrwxrwxrwx  1 root       root         21 Aug 22 09:48 logs -> /var/log/gitlab/nginx
4 -rw-r--r--  1 root       root          6 Aug 22 09:48 nginx.pid
4 drwx------  2 gitlab-www root       4096 Aug 22 09:48 proxy_cache
4 drwx------  2 gitlab-www root       4096 Aug 22 09:48 proxy_temp
4 drwx------  2 gitlab-www root       4096 Aug 22 09:48 scgi_temp
4 drwx------  2 gitlab-www root       4096 Aug 22 09:48 uwsgi_temp

　　

[root@test nginx]# cat conf/nginx.conf
# This file is managed by gitlab-ctl. Manual changes will be
# erased! To change the contents below, edit /etc/gitlab/gitlab.rb
# and run `sudo gitlab-ctl reconfigure`.

user gitlab-www gitlab-www;
worker_processes 2;
error_log stderr;
pid nginx.pid;

daemon off;

events {
  worker_connections 10240;
}

http {
  log_format gitlab_access '$remote_addr - $remote_user [$time_local] "$request_method $filtered_request_uri $server_protocol" $status $body_bytes_sent "$filtered_http_referer" "$http_user_agent"';
  log_format gitlab_mattermost_access '$remote_addr - $remote_user [$time_local] "$request_method $filtered_request_uri $server_protocol" $status $body_bytes_sent "$filtered_http_referer" "$http_user_agent"';

  server_names_hash_bucket_size 64;

  sendfile on;
  tcp_nopush on;
  tcp_nodelay on;

  keepalive_timeout 65;

  gzip on;
  gzip_http_version 1.0;
  gzip_comp_level 2;
  gzip_proxied any;
  gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript application/json;

  include /opt/gitlab/embedded/conf/mime.types;

  proxy_cache_path proxy_cache keys_zone=gitlab:10m max_size=1g levels=1:2;
  proxy_cache gitlab;

  map $http_upgrade $connection_upgrade {
      default upgrade;
      ''      close;
  }

  # Remove private_token from the request URI
  # In:  /foo?private_token=unfiltered&authenticity_token=unfiltered&rss_token=unfiltered&...
  # Out: /foo?private_token=[FILTERED]&authenticity_token=unfiltered&rss_token=unfiltered&...
  map $request_uri $temp_request_uri_1 {
    default $request_uri;
    ~(?i)^(?<start>.*)(?<temp>[\?&]private[\-_]token)=[^&]*(?<rest>.*)$ "$start$temp=[FILTERED]$rest";
  }

  # Remove authenticity_token from the request URI
  # In:  /foo?private_token=[FILTERED]&authenticity_token=unfiltered&rss_token=unfiltered&...
  # Out: /foo?private_token=[FILTERED]&authenticity_token=[FILTERED]&rss_token=unfiltered&...
  map $temp_request_uri_1 $temp_request_uri_2 {
    default $temp_request_uri_1;
    ~(?i)^(?<start>.*)(?<temp>[\?&]authenticity[\-_]token)=[^&]*(?<rest>.*)$ "$start$temp=[FILTERED]$rest";
  }

  # Remove rss_token from the request URI
  # In:  /foo?private_token=[FILTERED]&authenticity_token=[FILTERED]&rss_token=unfiltered&...
  # Out: /foo?private_token=[FILTERED]&authenticity_token=[FILTERED]&rss_token=[FILTERED]&...
  map $temp_request_uri_2 $filtered_request_uri {
    default $temp_request_uri_2;
    ~(?i)^(?<start>.*)(?<temp>[\?&]rss[\-_]token)=[^&]*(?<rest>.*)$ "$start$temp=[FILTERED]$rest";
  }

  # A version of the referer without the query string
  map $http_referer $filtered_http_referer {
    default $http_referer;
    ~^(?<temp>.*)\? $temp;
  }

  include /var/opt/gitlab/nginx/conf/gitlab-http.conf;

  include /var/opt/gitlab/nginx/conf/nginx-status.conf;

}
[root@test nginx]#

　　

[root@test nginx]# cat conf/gitlab-http.conf
# This file is managed by gitlab-ctl. Manual changes will be
# erased! To change the contents below, edit /etc/gitlab/gitlab.rb
# and run `sudo gitlab-ctl reconfigure`.

## GitLab
## Modified from https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/support/nginx/gitlab-ssl & https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/support/nginx/gitlab
##
## Lines starting with two hashes (##) are comments with information.
## Lines starting with one hash (#) are configuration parameters that can be uncommented.
##
##################################
##        CHUNKED TRANSFER      ##
##################################
##
## It is a known issue that Git-over-HTTP requires chunked transfer encoding [0]
## which is not supported by Nginx < 1.3.9 [1]. As a result, pushing a large object
## with Git (i.e. a single large file) can lead to a 411 error. In theory you can get
## around this by tweaking this configuration file and either:
## - installing an old version of Nginx with the chunkin module [2] compiled in, or
## - using a newer version of Nginx.
##
## At the time of writing we do not know if either of these theoretical solutions works.
## As a workaround users can use Git over SSH to push large files.
##
## [0] https://git.kernel.org/cgit/git/git.git/tree/Documentation/technical/http-protocol.txt#n99
## [1] https://github.com/agentzh/chunkin-nginx-module#status
## [2] https://github.com/agentzh/chunkin-nginx-module
##
###################################
##         configuration         ##
###################################

upstream gitlab-workhorse {
  server unix:/var/opt/gitlab/gitlab-workhorse/socket;
}

server {
  listen *:18021;

  server_name code.baimacloud.com;
  server_tokens off; ## Don't show the nginx version number, a security best practice

  ## Increase this if you want to upload large attachments
  ## Or if you want to accept large git objects over http
  client_max_body_size 0;

  ## Real IP Module Config
  ## http://nginx.org/en/docs/http/ngx_http_realip_module.html

  ## HSTS Config
  ## https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/
  add_header Strict-Transport-Security "max-age=31536000";

  ## Individual nginx logs for this GitLab vhost
  access_log  /var/log/gitlab/nginx/gitlab_access.log gitlab_access;
  error_log   /var/log/gitlab/nginx/gitlab_error.log;

  if ($http_host = "") {
    set $http_host_with_default "code.baimacloud.com:18021";
  }

  if ($http_host != "") {
    set $http_host_with_default $http_host;
  }

  gzip on;
  gzip_static on;
  gzip_comp_level 2;
  gzip_http_version 1.1;
  gzip_vary on;
  gzip_disable "msie6";
  gzip_min_length 10240;
  gzip_proxied no-cache no-store private expired auth;
  gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/json application/xml application/rss+xml;

  ## https://github.com/gitlabhq/gitlabhq/issues/694
  ## Some requests take more than 30 seconds.
  proxy_read_timeout      3600;
  proxy_connect_timeout   300;
  proxy_redirect          off;
  proxy_http_version 1.1;

  proxy_set_header Host $http_host_with_default;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection $connection_upgrade;
  proxy_set_header X-Forwarded-Proto http;

  location ~ (\.git/gitlab-lfs/objects|\.git/info/lfs/objects/batch$) {
    proxy_cache off;
    proxy_pass http://gitlab-workhorse;
    proxy_request_buffering off;
  }

  location / {
    proxy_cache off;
    proxy_pass  http://gitlab-workhorse;
  }

  location /assets {
    proxy_cache gitlab;
    proxy_pass  http://gitlab-workhorse;
  }

  error_page 404 /404.html;
  error_page 500 /500.html;
  error_page 502 /502.html;
  location ~ ^/(404|500|502)(-custom)?\.html$ {
    root /opt/gitlab/embedded/service/gitlab-rails/public;
    internal;
  }

}
[root@test nginx]# cat conf/nginx-status.conf
server  {
    listen *:8060;
    server_name localhost;
    location /nginx_status {
      stub_status on;
      server_tokens off;
      access_log off;
      allow 127.0.0.1;
      deny all;
    }
}
[root@test nginx]#

　　查gitlab的配置文件

cat /etc/gitlab/gitlab.rb

 881 ################################################################################
 882 ## GitLab Web server
 883 ##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#using-a-non-bundled-web-server
 884 ################################################################################
 885
 886 ##! When bundled nginx is disabled we need to add the external webserver user to
 887 ##! the GitLab webserver group.
 888 # web_server['external_users'] = []
 889 # web_server['username'] = 'gitlab-www'
 890 # web_server['group'] = 'gitlab-www'
 891 # web_server['uid'] = nil
 892 # web_server['gid'] = nil
 893 # web_server['shell'] = '/bin/false'
 894 # web_server['home'] = '/var/opt/gitlab/nginx'
 895
 896 ################################################################################
 897 ## GitLab NGINX
 898 ##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html
 899 ################################################################################
 900
 901 # nginx['enable'] = true
 902 # nginx['client_max_body_size'] = '250m'
 903 # nginx['redirect_http_to_https'] = false
 904 # nginx['redirect_http_to_https_port'] = 80
 905
 906 ##! Most root CA's are included by default
 907 # nginx['ssl_client_certificate'] = "/etc/gitlab/ssl/ca.crt"
 908
 909 ##! enable/disable 2-way SSL client authentication
 910 # nginx['ssl_verify_client'] = "off"
 911
 912 ##! if ssl_verify_client on, verification depth in the client certificates chain
 913 # nginx['ssl_verify_depth'] = "1"
 914
 915 # nginx['ssl_certificate'] = "/etc/gitlab/ssl/#{node['fqdn']}.crt"
 916 # nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/#{node['fqdn']}.key"
 917 # nginx['ssl_ciphers'] = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
 918 # nginx['ssl_prefer_server_ciphers'] = "on"
 919
 920 ##! **Recommended by: https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
 921 ##!                   https://cipherli.st/**
 922 # nginx['ssl_protocols'] = "TLSv1.1 TLSv1.2"
 923
 924 ##! **Recommended in: https://nginx.org/en/docs/http/ngx_http_ssl_module.html**
 925 # nginx['ssl_session_cache'] = "builtin:1000  shared:SSL:10m"
 926
 927 ##! **Default according to https://nginx.org/en/docs/http/ngx_http_ssl_module.html**
 928 # nginx['ssl_session_timeout'] = "5m"
 929
 930 # nginx['ssl_dhparam'] = nil # Path to dhparams.pem, eg. /etc/gitlab/ssl/dhparams.pem
 931 # nginx['listen_addresses'] = ['*', '[::]']
 932

　　

 931 # nginx['listen_addresses'] = ['*', '[::]']
 932
 933 ##! **Defaults to forcing web browsers to always communicate using only HTTPS**
 934 ##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-http-strict-transport-security
 935 # nginx['hsts_max_age'] = 31536000
 936 # nginx['hsts_include_subdomains'] = false
 937
 938 ##! **Docs: http://nginx.org/en/docs/http/ngx_http_gzip_module.html**
 939 # nginx['gzip_enabled'] = true
 940
 941 ##! **Override only if you use a reverse proxy**
 942 ##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-the-nginx-listen-port
 943 # nginx['listen_port'] = nil
 946 ##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#supporting-proxied-ssl
 947 # nginx['listen_https'] = nil
 948
 949 # nginx['custom_gitlab_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n"
 950 # nginx['custom_nginx_config'] = "include /etc/nginx/conf.d/example.conf;"
 951 # nginx['proxy_read_timeout'] = 3600
 952 # nginx['proxy_connect_timeout'] = 300
 953 # nginx['proxy_set_headers'] = {
 954 #  "Host" => "$http_host_with_default",
 955 #  "X-Real-IP" => "$remote_addr",
 956 #  "X-Forwarded-For" => "$proxy_add_x_forwarded_for",
 957 #  "X-Forwarded-Proto" => "https",
 958 #  "X-Forwarded-Ssl" => "on",
 959 #  "Upgrade" => "$http_upgrade",
 960 #  "Connection" => "$connection_upgrade"
 961 # }
 962 # nginx['proxy_cache_path'] = 'proxy_cache keys_zone=gitlab:10m max_size=1g levels=1:2'
 963 # nginx['proxy_cache'] = 'gitlab'
 964 # nginx['http2_enabled'] = true
 965 # nginx['real_ip_trusted_addresses'] = []
 966 # nginx['real_ip_header'] = nil
 967 # nginx['real_ip_recursive'] = nil
 968 # nginx['custom_error_pages'] = {
 969 #   '404' => {
 970 #     'title' => 'Example title',
 971 #     'header' => 'Example header',
 972 #     'message' => 'Example message'
 973 #   }
 974 # }
 975
 976 ### Advanced settings
 977 # nginx['dir'] = "/var/opt/gitlab/nginx"
 978 # nginx['log_directory'] = "/var/log/gitlab/nginx"
 979 # nginx['worker_processes'] = 4
 980 # nginx['worker_connections'] = 10240
 981 # nginx['log_format'] = '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"'
 982 # nginx['sendfile'] = 'on'
 983 # nginx['tcp_nopush'] = 'on'
 984 # nginx['tcp_nodelay'] = 'on'
 985 # nginx['gzip'] = "on"
 986 # nginx['gzip_http_version'] = "1.0"
 987 # nginx['gzip_comp_level'] = "2"
 988 # nginx['gzip_proxied'] = "any"
 989 # nginx['gzip_types'] = [ "text/plain", "text/css", "application/x-javascript", "text/xml", "application/xml", "application/xml+rss", "text/javascript", "ap     plication/json" ]
 990 # nginx['keepalive_timeout'] = 65
 991 # nginx['cache_max_size'] = '5000m'
 992 # nginx['server_names_hash_bucket_size'] = 64
 993
 994 ### Nginx status
 995 # nginx['status'] = {
 996 #  "enable" => true,
 997 #  "listen_addresses" => ["127.0.0.1"],
 998 #  "fqdn" => "dev.example.com",
 999 #  "port" => 9999,
1000 #  "options" => {
1001 #    "stub_status" => "on", # Turn on stats
1002 #    "server_tokens" => "off", # Don't show the version of NGINX
1003 #    "access_log" => "off", # Disable logs for stats
1004 #    "allow" => "127.0.0.1", # Only allow access from localhost
1005 #    "deny" => "all" # Deny access to anyone else
1006 #  }
1007 # }

　　

https://gitlab.com/gitlab-org/gitlab-workhorse/blob/master/README.md

Quick facts (how does Workhorse work)

Workhorse can handle some requests without involving Rails at all:
for example, Javascript files and CSS files are served straight
from disk.
Workhorse can modify responses sent by Rails: for example if you use
send_file in Rails then gitlab-workhorse will open the file on
disk and send its contents as the response body to the client.
Workhorse can take over requests after asking permission from Rails.
Example: handling git clone.
Workhorse can modify requests before passing them to Rails. Example:
when handling a Git LFS upload Workhorse first asks permission from
Rails, then it stores the request body in a tempfile, then it sends
a modified request containing the tempfile path to Rails.
Workhorse can manage long-lived WebSocket connections for Rails.
Example: handling the terminal websocket for environments.
Workhorse does not connect to Postgres, only to Rails and (optionally) Redis.
We assume that all requests that reach Workhorse pass through an
upstream proxy such as NGINX or Apache first.
Workhorse does not accept HTTPS connections.
Workhorse does not clean up idle client connections.
We assume that all requests to Rails pass through Workhorse.

https://forum.gitlab.com/t/gitlab-cant-access-outside-local-ip/2246

yum install iptraf-ng -y

iptraf-ng 查端口

外网请求是否送达

送达后的处理

【GitLab】CentOS安装GitLab最佳实践 - CSDN博客 https://blog.csdn.net/diandianxiyu_geek/article/details/51483715