[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

Gitlab self-host on V3 onion

I’m using Qubes 4.0.

I’ve successfully setup hidden services on it a number of times.

If I try Gitlab’s install script in a Whonix VM I don’t get any response in the browser when I to access the site via the ****.onion or via 127.0.0.1 within the host. I do not see any errors in the install process. But I had to force it to think it was in Debian to get it to install.

If I run Gitlab’s install script in Debian 10 VM it works and I can access gitlab in Firefox via 127.0.0.1. But I cannot access via ****.onion

My question is whether I can setup a Debian 10 VM to serve a website/ssh via a whonix gateway VM using a ****.onion address?

The steps that I can’t execute in the Debian VM would be to create:
/rw/config/whonix_firewall.d/50_user.conf with the EXTERNAL_OPEN_PORTS setting

and then execute whonix_firewall

My other option is to try install Gitlab from scratch in a Whonix VM, but that looks like A LOT of steps and not sure it will work.

So wondering if there’s an easier option to get the Debian VM to serve the website over whonix gateway?

Thanks for any advice.

Accessing localhost using Tor Browser:
https://www.whonix.org/wiki/Tor_Browser#Local_Connections

Try “normal / easy” first https://www.whonix.org/wiki/Onion_Services

Since gitlab (I didn’t look into it much) seems to use nging
https://docs.gitlab.com/ee/install/installation.html#9-nginx
you need to know basics of that web server anyhow. Once nginx is functional, I don’t see why gitlab would not work. Seems like a “normal webapp” that also works with nginx.

You probably have to look at /etc/nginx/sites-available/gitlab and somewhat understand to check if it is alright. Basic (not meaning easy) nginx configuration tasks.

The host? If server software is running inside Whonix-Workstation it is expected that it won’t be accessible from the host operating system.

Not needed since Debian doesn’t have Whonix firewall.

Hey Patrick,
Thanks for always being so responsive with offers of support.

After your suggestion of looking into nginx I realized things looked different in Whonix than Debian, but that was my fault because I had set up nginx in the template I was using for Whonix. So I started with a fresh Whonix template and Gitlab is now responding via Tor Browser.

One followup question out of curiosity. Are you saying that the Debian template should work to serve a website via sys-whonix without any additional setup? Because mine did not want to connect over Tor.

Thanks again for the suggestions.

sorry, meant the whonix-workstation hosting gitlab, not the host OS. With my pre-installed nginx setup I was not getting anything at 127.0.0.1 within whonix-workstation on firefox. But as I said, a fresh whonix template fixed it.

Glad that’s sorted.

I haven’t tested that but I don’t see why not as long as internal IPs are correctly configured (custom-workstation network configuration and Whonix-Gateway Tor configuration). You can see this as “A VM running nginx which is connected to another VM thorugh internal LAN to another VM running Tor”.

Interesting, thanks. I’ll post results if I play with more.

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]