I am using an nginx as a reverse proxy for my gitlab. When accessing the gitlab via this proxy, I experience frequent logouts. Obviously gitlab is not able to maintain/identfiy the session reliably. When accessing gitlab directly (I use a VPN to access the gitlab directly then via plain http) this problem does not occur. Does anybody have an idea, why this could happen? Here is my nginx config for gitlab
server {
listen 443;
listen [::]:443;
server_name gitlab.company.de;
client_max_body_size 0;
include /etc/nginx/ssl.conf;
include /etc/nginx/hsts.conf;
location / {
client_max_body_size 0;
gzip off;
# following line added after penetration test from Nicklas
add_header Set-Cookie "Path=/; HttpOnly; Secure";
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://10.10.90.10;
}
}
