Login/Register
Gitlab 8 with nginx proxy can't download a zip, clone a public repo as guest, can't build in CI either
Asked Answered
Solved nginxgitlabgitlab-cigitlab-8
O

4

14

I think all 3 problems are related to the same issue, so I'm going to put all of them here.

Gitlab itself is working, I even managed to update it from 8.2.2 to 8.2.3. I can create projects, push my code, pull it, reclone it when I have the proper ssh key, etc.

BUT:

  1. I can't download the code as zip file, got a JSON instead:

{"RepoPath":"/var/opt/gitlab/git-data/repositories/me/myrepo.git", "ArchivePrefix": "...

  1. People can't clone my public repo (empty repository error).

  2. CI can't build my tests:

warning: You have cloned an empty repository. Checking out 12345 as develop... fatal: reference is not a tree : 123456789mycommithash987654321

ERROR: Build failed with: exit status 1

NB: I Translated error messages from French ones.

I suppose the problem is in my Nginx configuration, but there is so much documentation I'm not sure which one is the good one: the ones with the workhorse, the ones when I have to change gitlab.rb's gitlab_git_http_server, etc.

My configuration is following:

  • Gitlab 8.2.3
  • Ubuntu Trusty (14.04)
  • Nginx 1.8

My gitlab is hosted on a subdomain using SLL so I added a Nginx proxy

/etc/gitlab/gitlab.rb:

external_url 'https://gitlab.mydomain.com'
nginx['listen_addresses'] = ['127.0.0.1', "[::1]"]
nginx['listen_port'] = 8080 
nginx['listen_https'] = false

/etc/nginx/site_enabled/gitlab:

server {
  listen *:80 default_server;
  listen [::]:80 ipv6only=on default_server;
  server_name gitlab.mydomain.com;
  return 301 https://$server_name$request_uri;

  access_log  /var/log/nginx/gitlab_access.log;
  error_log   /var/log/nginx/gitlab_error.log;
}

server{
  # listen 443 ssl;
  listen 0.0.0.0:443 ssl default_server;
  listen [::]:443 ipv6only=on ssl default_server; 
  server_name gitlab.mydomain.com;
  server_tokens off;

  location /{
    proxy_pass http://localhost:8080;
    proxy_redirect off;
    proxy_set_header    Host                $http_host;
    proxy_set_header    X-Real-IP           $remote_addr;
    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto   $scheme;
  }

  location ~ ^/(assets)/ {
    root /opt/gitlab/embedded/service/gitlab-rails/public;
    gzip_static on; # to serve pre-gzipped version
    expires max;
    add_header Cache-Control public;
  }

  client_max_body_size 250m;

  # ...
  # A lot a of SSL stuff (HSTS, OCSP, dhparam, etc)
  # ...

  access_log  /var/log/nginx/gitlab_access.log;
  error_log   /var/log/nginx/gitlab_error.log;
  
  error_page 502 /502.html;

UPDATE :

Just upgraded Gilab to 8.3.0.

Git a 502 now.

Applying : https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/update/8.2-to-8.3.md.

We'll see.

UPDATE 2:

Did not finish instructions after all, stop everything and restarting everything twice (Gitlab and Nginx) Finally managed to get the thing working.

Still same problems with CI/Zip/PublicCloning tough.

UPDATE 3:

Just update to 8.2.3 apt-get update apt-get install gitlab-ce

502.

restart nginx gitlab-ctl restart

gitlab-rake gitlab:app:check

Checking GitLab ...

Git configured with autocrlf=input? ... yes
Database config exists? ... yes
Database is SQLite ... no
All migrations up? ... yes
Database contains orphaned GroupMembers? ... no
GitLab config exists? ... yes
GitLab config outdated? ... no
Log directory writable? ... yes
Tmp directory writable? ... yes
Uploads directory setup correctly? ... yes
Init script exists? ... skipped (omnibus-gitlab has no init script)
Init script up-to-date? ... skipped (omnibus-gitlab has no init script)
projects have namespace: ... 

Redis version >= 2.8.0? ... yes
Ruby version >= 2.1.0 ? ... yes (2.1.7)
Your git bin path is "/opt/gitlab/embedded/bin/git"
Git version >= 1.7.10 ? ... yes (2.6.1)
Active users: 2

Checking GitLab ... Finished

If someone can lead me to the proper documentation or changes to be made that would be awesome.

Oratorical answered 17/12, 2015 at 18:46 Comment(4)
Nothing works so far, just fed up with this. Deleted all, ann went back to basic config ...Oratorical
Are you trying to use the bundled nginx that comes with gitlab omnibus or one that you installed and configured by yourself?Turtle
both. bundled nginx with gitlab and my own nginx I installed with passenger as a reverse proxy. Right now I was able to make to CI clone the repo. Still issue with zip, but once other issues with git user not able to bundle I'l provide a wider answer.Oratorical
Hi @gdurelle, did you succeed to make http proxing working as expected now ? I have the exact same issue (http clone, http downloads, CI clones, CI fetchs). Here is my personal config: #31763341Pentode
O
1

A beggining but not all of it:

I mistakenly made Gitlab's nginx listen to 8080 port. When it's already the port used by Gitlab's Unicorn.

Changing it to 8081 made the CI better responding. Still have to solve git user right (or better, use docker) but that's not a direct issue of what matters here...

UPDATE: Complete Solution - ACLs

Seems git and gitlab-runner users that are created during install process do have enough rights.

First: Create a real home for each : /home/gitlab-runner, /home/git with proper ssh authorized_keys, and rbenv + ruby installs.

Then: vim /etc/passwd and change there home directory for the new home, where they have full rights. Now my builds are green !

Oratorical answered 11/1, 2016 at 10:28 Comment(0)
A
2

It looks as though downloading of ZIP-Files is now handled by the gitlab-workhorse.

For that there's some extra stuff in the nginx-configfile. You might want to have a look at https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/support/nginx/gitlab where there is a section 

upstream gitlab-workhorse {
  server unix:/home/git/gitlab/tmp/sockets/gitlab-workhorse.socket fail_timeout=0;
}

and a 

proxy_pass http://gitlab-workhorse;

at the end of the configuration.

I'm currently digging into the same issue and will report back, when I've solved it.

Agnella answered 5/1, 2016 at 14:43 Comment(0)
L
1

take a look at https://gist.github.com/sameersbn/becd1c976c3dc4866ef8 it seems that there is a option 'gzip' that can been turn off.

gzip                    off;

at line 53.

Leader answered 27/12, 2015 at 13:53 Comment(1)
This does not changes a thing. But thanks for trying.Oratorical
A
1

The update documentation is missing an item: it renames gitlab-git-http-server to gitlab-workhorse in nginx configuration, but it partially misses /etc/default/gitlab. Replace all occurrences of gitlab-git-http-server with gitlab-workhorse there as well, especially the socket in gitlab_workhorse_options.

Something like

sed -i -e 's/gitlab-git-http-server/gitlab-workhorse/g' /etc/default/gitlab
Argos answered 8/1, 2016 at 17:32 Comment(0)
O
1

A beggining but not all of it:

I mistakenly made Gitlab's nginx listen to 8080 port. When it's already the port used by Gitlab's Unicorn.

Changing it to 8081 made the CI better responding. Still have to solve git user right (or better, use docker) but that's not a direct issue of what matters here...

UPDATE: Complete Solution - ACLs

Seems git and gitlab-runner users that are created during install process do have enough rights.

First: Create a real home for each : /home/gitlab-runner, /home/git with proper ssh authorized_keys, and rbenv + ruby installs.

Then: vim /etc/passwd and change there home directory for the new home, where they have full rights. Now my builds are green !

Oratorical answered 11/1, 2016 at 10:28 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.