尝试安装gitlab 6-5-stable,但有403 Forbidden

时间:2014-02-07 18:37:26

标签: ruby apache gitlab centos6

我遵循了所有安装过程,但是当我尝试访问url gitlab时,错误显示“403您无权访问/在此服务器上。”

捆绑exec rake gitlab:env:info RAILS_ENV = production 

System information
System: CentOS release 6.5 (Final)
Current User: root
Using RVM: yes
RVM Version: 1.21.7
Ruby Version: 1.9.3p448
Gem Version: 1.8.25
Bundler Version:1.3.5
Rake Version: 10.1.0

GitLab information
Version: 6.5.1
Revision: 2ffa03a
Directory: /home/git/gitlab
DB Adapter: mysql2
URL: http://git.intranet.ecore.com.br
HTTP Clone URL: http://git.intranet.ecore.com.br/some-project.git
SSH Clone URL: git@git.intranet.ecore.com.br:some-project.git
Using LDAP: yes
Using Omniauth: no

GitLab Shell
Version: 1.8.0
Repositories: /home/git/repositories/
Hooks: /home/git/gitlab-shell/hooks/
Git: /usr/bin/git

捆绑exec rake gitlab:检查RAILS_ENV =生产

Checking Environment ...

Git configured for git user? ... yes
Has python2? ... yes
python2 is supported version? ... yes

Checking Environment ... Finished

Checking GitLab Shell ...

GitLab Shell version >= 1.7.9 ? ... OK (1.8.0)
Repo base directory exists? ... yes
Repo base directory is a symlink? ... no
Repo base owned by git:git? ... yes
Repo base access is drwxrws---? ... yes
update hook up-to-date? ... yes
update hooks in repos are links: ... can't check, you have no projects
Running /home/git/gitlab-shell/bin/check
/usr/local/rvm/gems/ruby-1.9.3-p448/gems/bundler-1.3.5/lib/bundler/runtime.rb:216: warning: Insecure world writable dir /home/git/gitlab/vendor/bundle/ruby/1.9.1/bin in PATH, mode 042777
Check GitLab API access: FAILED. code: 403
gitlab-shell self-check failed
  Try fixing it:
  Make sure GitLab is running;
  Check the gitlab-shell configuration file:
  sudo -u git -H editor /home/git/gitlab-shell/config.yml
  Please fix the error above and rerun the checks.

Checking GitLab Shell ... Finished

Checking Sidekiq ...

Running? ... yes
Number of Sidekiq processes ... 1

Checking Sidekiq ... Finished

Checking LDAP ...

LDAP users with access to your GitLab server (only showing the first 100 results)
rake aborted!
SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3 read server hello A
/home/git/gitlab/vendor/bundle/ruby/1.9.1/gems/net-ldap-0.3.1/lib/net/ldap.rb:1132:in `connect'
/home/git/gitlab/vendor/bundle/ruby/1.9.1/gems/net-ldap-0.3.1/lib/net/ldap.rb:1132:in `wrap_with_ssl'
/home/git/gitlab/vendor/bundle/ruby/1.9.1/gems/net-ldap-0.3.1/lib/net/ldap.rb:1169:in `setup_encryption'
/home/git/gitlab/vendor/bundle/ruby/1.9.1/gems/net-ldap-0.3.1/lib/net/ldap.rb:1116:in `initialize'
/home/git/gitlab/vendor/bundle/ruby/1.9.1/gems/net-ldap-0.3.1/lib/net/ldap.rb:634:in `new'
/home/git/gitlab/vendor/bundle/ruby/1.9.1/gems/net-ldap-0.3.1/lib/net/ldap.rb:634:in `search'
/home/git/gitlab/vendor/bundle/ruby/1.9.1/gems/net-ldap-0.3.1/lib/net/ldap.rb:1044:in `search_root_dse'
/home/git/gitlab/vendor/bundle/ruby/1.9.1/gems/net-ldap-0.3.1/lib/net/ldap.rb:1095:in `paged_searches_supported?'
/home/git/gitlab/vendor/bundle/ruby/1.9.1/gems/net-ldap-0.3.1/lib/net/ldap.rb:619:in `search'
/home/git/gitlab/lib/tasks/gitlab/check.rake:702:in `print_users'
/home/git/gitlab/lib/tasks/gitlab/check.rake:692:in `block (3 levels) in <top (required)>'
Tasks: TOP => gitlab:check => gitlab:ldap:check
(See full trace by running task with --trace)

2 个答案:

答案 0 :(得分:0)

warning: Insecure world writable dir /home/git/gitlab/vendor/bundle/ruby/1.9.1/bin in PATH, mode 042777

似乎您的权限过于开放存在一些问题。通过转到/home/git/gitlab/并运行:

来解决此问题
  • find . -type f -print0 | xargs -0 chmod 644(所有文件644递归)
  • find . -type d -print0 | xargs -0 chmod 755(所有目录755递归)
  • sudo -u git -H chmod o-rwx config/database.yml(数据库的额外安全性)

如果不是这样,那么可能是它的SELinux。您可以通过暂时禁用它来快速检查:

setenforce 0

如果403错误消失,请将其启用(setenforce 1)并在SELinux部分查看here如何使其正常工作。

答案 1 :(得分:0)

尽管执行了以下错误:

bundle exec rake gitlab:check RAILS_ENV=production

问题在于Nginx配置,下面是我意识到的配置:

upstream gitlab {
  server unix:/home/git/gitlab/tmp/sockets/gitlab.socket;
}

server {
  #  listen *:80 default_server;         # e.g., listen 192.168.1.1:80; In most cases *:80 is a good idea
  server_name git.intranet.ecore.com.br;     # e.g., server_name source.example.com;
  server_tokens off;     # don't show the version number, a security best practice
  root /home/git/gitlab/public;

  # individual nginx logs for this gitlab vhost
  access_log  /var/log/nginx/gitlab_access.log;
  error_log   /var/log/nginx/gitlab_error.log;

  location / {
    # serve static files from defined root folder;.
    # @gitlab is a named location for the upstream fallback, see below
    try_files $uri $uri/index.html $uri.html @gitlab;
  }

  # if a file, which is not found in the root folder is requested,
  # then the proxy pass the request to the upsteam (gitlab unicorn)
  location @gitlab {
    proxy_read_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
    proxy_connect_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
    proxy_redirect     off;

    proxy_set_header   X-Forwarded-Proto $scheme;
    proxy_set_header   Host              $http_host;
    proxy_set_header   X-Real-IP         $remote_addr;

    proxy_pass http://gitlab;
  }
}
相关问题
最新问题