configure NGINX for GITLAB_BUILTIN_KAS

th-2021 · kkimurak · commit 2fedac7c21ed · 2025-10-24T18:33:07.000+09:00
Add kas location to assets/runtime/config/nginx/gitlab(-ssl) config

KAS location is affected by GITLAB_RELATIVE_URL_ROOT
so add update process to assets/runtime/functions
diff --git a/assets/runtime/config/nginx/gitlab b/assets/runtime/config/nginx/gitlab
@@ -84,6 +84,54 @@ server {
     proxy_pass http://gitlab-workhorse;
   }
 
+  #start-builtin-kas
+  location {{GITLAB_RELATIVE_URL_ROOT}}/-/kubernetes-agent/ {
+    client_max_body_size 0;
+    gzip off;
+
+    ## https://github.com/gitlabhq/gitlabhq/issues/694
+    ## Some requests take more than 30 seconds.
+    proxy_read_timeout      300;
+    proxy_connect_timeout   300;
+    proxy_redirect          off;
+    proxy_buffering         {{NGINX_PROXY_BUFFERING}};
+
+    proxy_http_version 1.1;
+
+    proxy_set_header    Host                $http_host;
+    proxy_set_header    X-Real-IP           $remote_addr;
+    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
+    proxy_set_header    X-Forwarded-Proto   {{NGINX_X_FORWARDED_PROTO}};
+    proxy_set_header    Upgrade             $http_upgrade;
+    proxy_set_header    Connection          $connection_upgrade_gitlab;
+
+    proxy_pass http://127.0.0.1:8150;
+  }
+
+  location {{GITLAB_RELATIVE_URL_ROOT}}/-/kubernetes-agent/k8s-proxy/ {
+    client_max_body_size 0;
+    gzip off;
+
+    ## https://github.com/gitlabhq/gitlabhq/issues/694
+    ## Some requests take more than 30 seconds.
+    proxy_read_timeout      300;
+    proxy_connect_timeout   300;
+    proxy_redirect          off;
+    proxy_buffering         {{NGINX_PROXY_BUFFERING}};
+
+    proxy_http_version 1.1;
+
+    proxy_set_header    Host                $http_host;
+    proxy_set_header    X-Real-IP           $remote_addr;
+    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
+    proxy_set_header    X-Forwarded-Proto   {{NGINX_X_FORWARDED_PROTO}};
+    proxy_set_header    Upgrade             $http_upgrade;
+    proxy_set_header    Connection          $connection_upgrade_gitlab;
+
+    proxy_pass http://127.0.0.1:8154;
+  }
+  #end-builtin-kas
+
   error_page 404 /404.html;
   error_page 422 /422.html;
   error_page 500 /500.html;
diff --git a/assets/runtime/config/nginx/gitlab-ssl b/assets/runtime/config/nginx/gitlab-ssl
@@ -131,6 +131,54 @@ server {
     proxy_pass http://gitlab-workhorse;
   }
 
+  #start-builtin-kas
+  location {{GITLAB_RELATIVE_URL_ROOT}}/-/kubernetes-agent/ {
+    client_max_body_size 0;
+    gzip off;
+
+    ## https://github.com/gitlabhq/gitlabhq/issues/694
+    ## Some requests take more than 30 seconds.
+    proxy_read_timeout      300;
+    proxy_connect_timeout   300;
+    proxy_redirect          off;
+    proxy_buffering         {{NGINX_PROXY_BUFFERING}};
+
+    proxy_http_version 1.1;
+
+    proxy_set_header    Host                $http_host;
+    proxy_set_header    X-Real-IP           $remote_addr;
+    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
+    proxy_set_header    X-Forwarded-Proto   {{NGINX_X_FORWARDED_PROTO}};
+    proxy_set_header    Upgrade             $http_upgrade;
+    proxy_set_header    Connection          $connection_upgrade_gitlab;
+
+    proxy_pass http://127.0.0.1:8150;
+  }
+
+  location {{GITLAB_RELATIVE_URL_ROOT}}/-/kubernetes-agent/k8s-proxy/ {
+    client_max_body_size 0;
+    gzip off;
+
+    ## https://github.com/gitlabhq/gitlabhq/issues/694
+    ## Some requests take more than 30 seconds.
+    proxy_read_timeout      300;
+    proxy_connect_timeout   300;
+    proxy_redirect          off;
+    proxy_buffering         {{NGINX_PROXY_BUFFERING}};
+
+    proxy_http_version 1.1;
+
+    proxy_set_header    Host                $http_host;
+    proxy_set_header    X-Real-IP           $remote_addr;
+    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
+    proxy_set_header    X-Forwarded-Proto   {{NGINX_X_FORWARDED_PROTO}};
+    proxy_set_header    Upgrade             $http_upgrade;
+    proxy_set_header    Connection          $connection_upgrade_gitlab;
+
+    proxy_pass http://127.0.0.1:8154;
+  }
+  #end-builtin-kas
+
   error_page 404 /404.html;
   error_page 422 /422.html;
   error_page 500 /500.html;
diff --git a/assets/runtime/functions b/assets/runtime/functions
@@ -1599,12 +1599,19 @@ nginx_configure_gitlab_real_ip() {
 
 nginx_configure_gitlab() {
   echo "Configuring nginx::gitlab..."
+  if [[ ! ${GITLAB_AGENT_BUILTIN_KAS_ENABLED} == true ]]; then
+    sed -i "/#start-builtin-kas/,/#end-builtin-kas/d" ${GITLAB_NGINX_CONFIG}
+  else
+    sed -i "/#start-builtin-kas/d" ${GITLAB_NGINX_CONFIG}
+    sed -i "/#end-builtin-kas/d" ${GITLAB_NGINX_CONFIG}
+  fi
   update_template ${GITLAB_NGINX_CONFIG} \
     GITLAB_HOME \
     GITLAB_INSTALL_DIR \
     GITLAB_LOG_DIR \
     GITLAB_HOST \
     GITLAB_PORT \
+    GITLAB_RELATIVE_URL_ROOT \
     NGINX_PROXY_BUFFERING \
     NGINX_ACCEL_BUFFERING \
     NGINX_X_FORWARDED_PROTO \
