[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fiPlzqfwQVxdqgX-8LZplnJmDG_vqx3nL3RBjSUplq-g":3},{"id":4,"title":5,"teaser":6,"body":7,"slug":8,"date":9,"coverImage":10,"tags":15},"9e45ac11-9347-4cf2-a257-7b8df9d1f344","Setting Up GitLab Subdomain Redirects with SSL","","\u003Cp>This guide shows how to configure multiple subdomains for your GitLab instance, with automatic redirects and SSL certificates. You will end up with both \u003Ccode>gitlab.example.com\u003C\u002Fcode> and \u003Ccode>git.example.com\u003C\u002Fcode> working, with the latter redirecting to the former.\u003C\u002Fp>\u003Ch2>Prerequisites\u003C\u002Fh2>\u003Cul>\u003Cli>GitLab Omnibus installation\u003C\u002Fli>\u003Cli>Two DNS records pointing to your server (gitlab.example.com and git.example.com)\u003C\u002Fli>\u003Cli>Certbot installed for SSL certificates\u003C\u002Fli>\u003Cli>Root access to your server\u003C\u002Fli>\u003C\u002Ful>\u003Ch2>Step 1: Get SSL Certificates\u003C\u002Fh2>\u003Cp>First, obtain certificates for both domains:\u003C\u002Fp>\u003Cpre>\u003Ccode class=\"language-plaintext\"># Stop GitLab nginx temporarily\nsudo gitlab-ctl stop nginx\n\n# Get certificates for both domains\nsudo certbot certonly --standalone -d gitlab.example.com -d git.example.com\n\n# Start nginx back up\nsudo gitlab-ctl start nginx\u003C\u002Fcode>\u003C\u002Fpre>\u003Cdiv class=\"note\">\u003Cstrong>Rate Limits:\u003C\u002Fstrong> Let's Encrypt has rate limits. If you hit them, wait for the reset time shown in the error message.\u003C\u002Fdiv>\u003Ch2>Step 2: Configure GitLab\u003C\u002Fh2>\u003Cp>Edit your GitLab configuration file:\u003C\u002Fp>\u003Cpre>\u003Ccode class=\"language-plaintext\">sudo nano \u002Fetc\u002Fgitlab\u002Fgitlab.rb\u003C\u002Fcode>\u003C\u002Fpre>\u003Cp>Add this configuration:\u003C\u002Fp>\u003Cpre>\u003Ccode class=\"language-plaintext\">external_url 'https:\u002F\u002Fgitlab.example.com'\nletsencrypt['enable'] = false  # Using manual certs\nnginx['ssl_certificate'] = \"\u002Fetc\u002Fletsencrypt\u002Flive\u002Fgitlab.example.com\u002Ffullchain.pem\"\nnginx['ssl_certificate_key'] = \"\u002Fetc\u002Fletsencrypt\u002Flive\u002Fgitlab.example.com\u002Fprivkey.pem\"\nnginx['redirect_http_to_https'] = true\n\n# HTTPS redirect for git.example.com\nnginx['custom_nginx_config'] = \"\nserver {\n  listen 443 ssl;\n  server_name git.example.com;\n  ssl_certificate \u002Fetc\u002Fletsencrypt\u002Flive\u002Fgitlab.example.com\u002Ffullchain.pem;\n  ssl_certificate_key \u002Fetc\u002Fletsencrypt\u002Flive\u002Fgitlab.example.com\u002Fprivkey.pem;\n  return 301 https:\u002F\u002Fgitlab.example.com\\$request_uri;\n}\n\nserver {\n  listen 80;\n  server_name git.example.com;\n  return 301 https:\u002F\u002Fgitlab.example.com\\$request_uri;\n}\n\"\u003C\u002Fcode>\u003C\u002Fpre>\u003Ch2>Step 3: Apply Configuration\u003C\u002Fh2>\u003Cpre>\u003Ccode class=\"language-plaintext\"># Reconfigure GitLab\nsudo gitlab-ctl reconfigure\n\n# Check status\nsudo gitlab-ctl status\u003C\u002Fcode>\u003C\u002Fpre>\u003Ch2>Step 4: Set Up Auto-Renewal\u003C\u002Fh2>\u003Cp>Configure certificate auto-renewal to work with GitLab:\u003C\u002Fp>\u003Cpre>\u003Ccode class=\"language-plaintext\"># Edit renewal configuration\nsudo nano \u002Fetc\u002Fletsencrypt\u002Frenewal\u002Fgitlab.example.com.conf\u003C\u002Fcode>\u003C\u002Fpre>\u003Cp>Add these lines at the bottom:\u003C\u002Fp>\u003Cpre>\u003Ccode class=\"language-plaintext\">pre_hook = gitlab-ctl stop nginx\npost_hook = gitlab-ctl start nginx\u003C\u002Fcode>\u003C\u002Fpre>\u003Cp>Add renewal to crontab:\u003C\u002Fp>\u003Cpre>\u003Ccode class=\"language-plaintext\">sudo crontab -e\u003C\u002Fcode>\u003C\u002Fpre>\u003Cp>Add this line:\u003C\u002Fp>\u003Cpre>\u003Ccode class=\"language-plaintext\">0 12 * * * \u002Fusr\u002Fbin\u002Fcertbot renew --quiet\u003C\u002Fcode>\u003C\u002Fpre>\u003Ch2>Step 5: Test Everything\u003C\u002Fh2>\u003Cp>Verify your setup works:\u003C\u002Fp>\u003Cpre>\u003Ccode class=\"language-plaintext\"># Test HTTP redirects to HTTPS\ncurl -I http:\u002F\u002Fgitlab.example.com\ncurl -I http:\u002F\u002Fgit.example.com\n\n# Test HTTPS works\ncurl -I https:\u002F\u002Fgitlab.example.com\ncurl -I https:\u002F\u002Fgit.example.com\n\n# Test certificate renewal\nsudo certbot renew --dry-run\u003C\u002Fcode>\u003C\u002Fpre>\u003Cdiv class=\"warning\">\u003Cp>\u003Cstrong>Expected Results:\u003C\u002Fstrong>\u003C\u002Fp>\u003Cul>\u003Cli>HTTP requests → 301 redirect to HTTPS\u003C\u002Fli>\u003Cli>git.example.com → 301 redirect to gitlab.example.com\u003C\u002Fli>\u003Cli>gitlab.example.com → 302 redirect to login page\u003C\u002Fli>\u003Cli>Renewal test should succeed\u003C\u002Fli>\u003C\u002Ful>\u003C\u002Fdiv>\u003Ch2>What You Get\u003C\u002Fh2>\u003Cul>\u003Cli>\u003Cstrong>Flexibility:\u003C\u002Fstrong> Users can access GitLab using either domain name\u003C\u002Fli>\u003Cli>\u003Cstrong>Security:\u003C\u002Fstrong> All traffic automatically redirected to HTTPS\u003C\u002Fli>\u003Cli>\u003Cstrong>Consistency:\u003C\u002Fstrong> Everything ends up at your primary domain\u003C\u002Fli>\u003Cli>\u003Cstrong>Automation:\u003C\u002Fstrong> Certificates renew automatically\u003C\u002Fli>\u003C\u002Ful>\u003Cp>Both \u003Ccode>gitlab.example.com\u003C\u002Fcode> and \u003Ccode>git.example.com\u003C\u002Fcode> now work seamlessly, with the shorter git subdomain redirecting to your main GitLab instance. Perfect for accommodating different user preferences while maintaining a single primary URL.\u003C\u002Fp>\u003Cfooter style=\"border-top:1px solid #eee;color:#666;font-size:0.9em;margin-top:40px;padding-top:20px;\">\u003Cp>Remember to replace \u003Ccode>example.com\u003C\u002Fcode> with your actual domain throughout the configuration.\u003C\u002Fp>\u003C\u002Ffooter>","setting-gitlab-subdomain-redirects-ssl","2025-09-23T22:55:19+00:00",{"id":11,"url":12,"alt":5,"width":13,"height":14},"76e636ab-197a-4ad9-94c9-a32c39eceaee","\u002Fsites\u002Fdefault\u002Ffiles\u002F2025-09\u002FGitLab-CI.png",1024,521,[]]