This might be simple, but it took me hours to figure out the full solution, so I put it here for your reference.
Suppose your internal gitlab host has IP or URL
$GitHost, then set environment variables below:
GO111MODULE="on" GONOPROXY="$GitHost" GONOSUMDB="$GitHost"
And configure git as:
git config --global url."git@$GitHost:".insteadOf "https://$GitHost/"
When parsing a package import path, say
your.internal.git.host/package, Go would first try
https://your.internal.git.host/package. This would be caught by the git URL conversion rule, becoming
firstname.lastname@example.org/package, which is serviceable by gitlab via SSH (You should have your SSH keys configured). The “NOPROXY” and “NOSUMDB” tells Go don’t try to access through proxies(defined by
GOPROXY) and don’t verify checksum from a global database(defined by
Somehow the still-ugly part is package names should be ended with
.git, as defined by gitlab, but I think this is acceptable.