GitLab Documentation

GitLab Pages administration for source installations

This is the documentation for configuring a GitLab Pages when you have installed GitLab from source and not using the Omnibus packages.

You are encouraged to read the Omnibus documentation as it provides some invaluable information to the configuration of GitLab Pages. Please proceed to read it before going forward with this guide.

We also highly recommend that you use the Omnibus GitLab packages, as we optimize them specifically for GitLab, and we will take care of upgrading GitLab Pages to the latest supported version.

Overview

Read the Omnibus overview section.

Prerequisites

Before proceeding with the Pages configuration, you will need to:

  1. Have a separate domain under which the GitLab Pages will be served. In this document we assume that to be example.io.
  2. Configure a wildcard DNS record.
  3. (Optional) Have a wildcard certificate for that domain if you decide to serve Pages under HTTPS.
  4. (Optional but recommended) Enable Shared runners so that your users don't have to bring their own.

DNS configuration

GitLab Pages expect to run on their own virtual host. In your DNS server/provider you need to add a wildcard DNS A record pointing to the host that GitLab runs. For example, an entry would look like this:

*.example.io. 1800 IN A 1.1.1.1

where example.io is the domain under which GitLab Pages will be served and 1.1.1.1 is the IP address of your GitLab instance.

Note: You should not use the GitLab domain to serve user pages. For more information see the security section.

Configuration

Depending on your needs, you can set up GitLab Pages in 4 different ways. The following options are listed from the easiest setup to the most advanced one. The absolute minimum requirement is to set up the wildcard DNS since that is needed in all configurations.

Wildcard domains

Requirements:


URL scheme: http://page.example.io

This is the minimum setup that you can use Pages with. It is the base for all other setups as described below. Nginx will proxy all requests to the daemon. The Pages daemon doesn't listen to the outside world.

  1. Install the Pages daemon:

    cd /home/git
    sudo -u git -H git clone https://gitlab.com/gitlab-org/gitlab-pages.git
    cd gitlab-pages
    sudo -u git -H git checkout v0.2.4
    sudo -u git -H make
    
  2. Go to the GitLab installation directory:

     cd /home/git/gitlab
    
  3. Edit gitlab.yml and under the pages setting, set enabled to true and the host to the FQDN under which GitLab Pages will be served:

     ## GitLab Pages
     pages:
       enabled: true
       # The location where pages are stored (default: shared/pages).
       # path: shared/pages
    
       host: example.io
       port: 80
       https: false
    
  4. Copy the gitlab-pages-ssl Nginx configuration file:

    sudo cp lib/support/nginx/gitlab-pages-ssl /etc/nginx/sites-available/gitlab-pages-ssl.conf
    sudo ln -sf /etc/nginx/sites-{available,enabled}/gitlab-pages-ssl.conf
    

    Replace gitlab-pages-ssl with gitlab-pages if you are not using SSL.

  5. Restart NGINX

  6. Restart GitLab

Wildcard domains with TLS support

Requirements:


URL scheme: https://page.example.io

Nginx will proxy all requests to the daemon. Pages daemon doesn't listen to the outside world.

  1. Install the Pages daemon:

    cd /home/git
    sudo -u git -H git clone https://gitlab.com/gitlab-org/gitlab-pages.git
    cd gitlab-pages
    sudo -u git -H git checkout v0.2.4
    sudo -u git -H make
    
  2. In gitlab.yml, set the port to 443 and https to true:

     ## GitLab Pages
     pages:
       enabled: true
       # The location where pages are stored (default: shared/pages).
       # path: shared/pages
    
       host: example.io
       port: 443
       https: true
    
  3. Copy the gitlab-pages-ssl Nginx configuration file:

    sudo cp lib/support/nginx/gitlab-pages-ssl /etc/nginx/sites-available/gitlab-pages-ssl.conf
    sudo ln -sf /etc/nginx/sites-{available,enabled}/gitlab-pages-ssl.conf
    

    Replace gitlab-pages-ssl with gitlab-pages if you are not using SSL.

  4. Restart NGINX

  5. Restart GitLab

Advanced configuration

In addition to the wildcard domains, you can also have the option to configure GitLab Pages to work with custom domains. Again, there are two options here: support custom domains with and without TLS certificates. The easiest setup is that without TLS certificates.

Custom domains

Requirements:


URL scheme: http://page.example.io and http://domain.com

In that case, the pages daemon is running, Nginx still proxies requests to the daemon but the daemon is also able to receive requests from the outside world. Custom domains are supported, but no TLS.

  1. Install the Pages daemon:

    cd /home/git
    sudo -u git -H git clone https://gitlab.com/gitlab-org/gitlab-pages.git
    cd gitlab-pages
    sudo -u git -H git checkout v0.2.4
    sudo -u git -H make
    
  2. Edit gitlab.yml to look like the example below. You need to change the host to the FQDN under which GitLab Pages will be served. Set external_http to the secondary IP on which the pages daemon will listen for connections:

     pages:
       enabled: true
       # The location where pages are stored (default: shared/pages).
       # path: shared/pages
    
       host: example.io
       port: 80
       https: false
    
       external_http: 1.1.1.2:80
    
  3. Edit /etc/default/gitlab and set gitlab_pages_enabled to true in order to enable the pages daemon. In gitlab_pages_options the -pages-domain and -listen-http must match the host and external_http settings that you set above respectively:

    gitlab_pages_enabled=true
    gitlab_pages_options="-pages-domain example.io -pages-root $app_root/shared/pages -listen-proxy 127.0.0.1:8090 -listen-http 1.1.1.2:80"
    
  4. Copy the gitlab-pages-ssl Nginx configuration file:

    sudo cp lib/support/nginx/gitlab-pages-ssl /etc/nginx/sites-available/gitlab-pages-ssl.conf
    sudo ln -sf /etc/nginx/sites-{available,enabled}/gitlab-pages-ssl.conf
    

    Replace gitlab-pages-ssl with gitlab-pages if you are not using SSL.

  5. Edit all GitLab related configs in /etc/nginx/site-available/ and replace 0.0.0.0 with 1.1.1.1, where 1.1.1.1 the primary IP where GitLab listens to.

  6. Restart NGINX

  7. Restart GitLab

Custom domains with TLS support

Requirements:


URL scheme: https://page.example.io and https://domain.com

In that case, the pages daemon is running, Nginx still proxies requests to the daemon but the daemon is also able to receive requests from the outside world. Custom domains and TLS are supported.

  1. Install the Pages daemon:

    cd /home/git
    sudo -u git -H git clone https://gitlab.com/gitlab-org/gitlab-pages.git
    cd gitlab-pages
    sudo -u git -H git checkout v0.2.4
    sudo -u git -H make
    
  2. Edit gitlab.yml to look like the example below. You need to change the host to the FQDN under which GitLab Pages will be served. Set external_http and external_https to the secondary IP on which the pages daemon will listen for connections:

     ## GitLab Pages
     pages:
       enabled: true
       # The location where pages are stored (default: shared/pages).
       # path: shared/pages
    
       host: example.io
       port: 443
       https: true
    
       external_http: 1.1.1.2:80
       external_https: 1.1.1.2:443
    
  3. Edit /etc/default/gitlab and set gitlab_pages_enabled to true in order to enable the pages daemon. In gitlab_pages_options the -pages-domain, -listen-http and -listen-https must match the host, external_http and external_https settings that you set above respectively. The -root-cert and -root-key settings are the wildcard TLS certificates of the example.io domain:

    gitlab_pages_enabled=true
    gitlab_pages_options="-pages-domain example.io -pages-root $app_root/shared/pages -listen-proxy 127.0.0.1:8090 -listen-http 1.1.1.2:80 -listen-https 1.1.1.2:443 -root-cert /path/to/example.io.crt -root-key /path/to/example.io.key
    
  4. Copy the gitlab-pages-ssl Nginx configuration file:

    sudo cp lib/support/nginx/gitlab-pages-ssl /etc/nginx/sites-available/gitlab-pages-ssl.conf
    sudo ln -sf /etc/nginx/sites-{available,enabled}/gitlab-pages-ssl.conf
    

    Replace gitlab-pages-ssl with gitlab-pages if you are not using SSL.

  5. Edit all GitLab related configs in /etc/nginx/site-available/ and replace 0.0.0.0 with 1.1.1.1, where 1.1.1.1 the primary IP where GitLab listens to.

  6. Restart NGINX

  7. Restart GitLab

Change storage path

Follow the steps below to change the default path where GitLab Pages' contents are stored.

  1. Pages are stored by default in /var/opt/gitlab/gitlab-rails/shared/pages. If you wish to store them in another location you must set it up in /etc/gitlab/gitlab.rb:

     gitlab_rails['pages_path'] = "/mnt/storage/pages"
    
  2. Reconfigure GitLab

NGINX caveats

Note: The following information applies only for installations from source.

Be extra careful when setting up the domain name in the NGINX config. You must not remove the backslashes.

If your GitLab pages domain is example.io, replace:

server_name ~^.*\.YOUR_GITLAB_PAGES\.DOMAIN$;

with:

server_name ~^.*\.example\.io$;

If you are using a subdomain, make sure to escape all dots (.) except from the first one with a backslash (). For example pages.example.io would be:

server_name ~^.*\.pages\.example\.io$;

Change storage path

Follow the steps below to change the default path where GitLab Pages' contents are stored.

  1. Pages are stored by default in /home/git/gitlab/shared/pages. If you wish to store them in another location you must set it up in gitlab.yml under the pages section:

     pages:
       enabled: true
       # The location where pages are stored (default: shared/pages).
       path: /mnt/storage/pages
    
  2. Restart GitLab

Set maximum Pages size

The maximum size of the unpacked archive per project can be configured in the Admin area under the Application settings in the Maximum size of pages (MB). The default is 100MB.

Backup

Pages are part of the regular backup so there is nothing to configure.

Security

You should strongly consider running GitLab pages under a different hostname than GitLab to prevent XSS attacks.