It’s been a painful month battling with this and I’m too tired to document everything thoroughly, so I’ll just throw this out there:
# "Note this config assumes unicorn is listening on default port 8080 and # gitlab-workhorse is listening on port 8181." Alias /lab "/opt/gitlab/embedded/service/gitlab-rails/public" <Directory /opt/gitlab/embedded/service/gitlab-rails/public> Include conf-available/geoblock-non-fi.conf Options -MultiViews #DirectoryIndex disabled </Directory> <Location /lab> Include conf-available/geoblock-non-fi.conf ErrorDocument 404 /404.html ErrorDocument 422 /422.html ErrorDocument 500 /500.html ErrorDocument 502 /502.html ErrorDocument 503 /503.html RequestHeader set X-Forwarded-Proto https Header set Strict-Transport-Security: "max-age=15768000;includeSubdomains" ProxyPass "http://127.0.0.1:8181/lab" ProxyPassReverse "http://127.0.0.1:8181/lab" </Location>
You also obviously need to either out-comment “
Include conf-available/geoblock-non-fi.conf” or add your own geoblocking rules in the file it references.