gitlab 同时开启http和https

nano /etc/gitlab/gitlab.rb

...
external_url 'https://xxx.xxx'
...

cp /var/opt/gitlab/nginx/conf/gitlab-https.conf /var/opt/gitlab/nginx/conf/gitlab-http.conf

...
listen *:443 ssl http2; -> listen *:80;
...
## Strong SSL Security
## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/
# ssl_certificate /etc/gitlab/ssl/xxx.xxx.crt; #注释掉
# ssl_certificate_key /etc/gitlab/ssl/xxx.xxx.key; #注释掉

# GitLab needs backwards compatible ciphers to retain compatibility with Java IDEs
# ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384'; #注释掉
# ssl_protocols  TLSv1.2 TLSv1.3;  #注释掉
# ssl_prefer_server_ciphers off; #注释掉
# ssl_session_cache  shared:SSL:10m; #注释掉
# ssl_session_tickets off; #注释掉
# ssl_session_timeout  1d; #注释掉
...
proxy_set_header Host $http_host_with_default;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
# proxy_set_header X-Forwarded-Ssl on; #注释掉
# proxy_set_header X-Forwarded-Proto https; #注释掉
...

...
# nginx['custom_gitlab_server_config'] = "location ^~ /foo-namespace/bar-project/raw/ {\n deny all;\n}\n"
nginx['custom_nginx_config'] = "include /var/opt/gitlab/nginx/conf/gitlab-http.conf;"
# nginx['proxy_read_timeout'] = 3600
...