我的域名(Ubuntu)设置了GitLab CE,而http不能正常工作,但ssh效果很好。
git clone git@gitlab.mydomain.com:anshad/test.git有效。
git clone http://gitlab.mydomain.com/anshad/test.git无效。
Cloning into 'test'...
Username for 'http://gitlab.mydomain.com': anshad
Password for 'http://anshad@gitlab.mydomain.com':
fatal: unable to access 'http://gitlab.mydomain.com/anshad/test.git/': The requested URL returned error: 500
sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production说
System information
System: Ubuntu 16.04
Current User: git
Using RVM: no
Ruby Version: 2.3.1p112
Gem Version: 2.5.1
Bundler Version:1.13.6
Rake Version: 10.5.0
Sidekiq Version:4.2.1
GitLab information
Version: 8.14.0-pre
Revision: 358e814
Directory: /home/git/gitlab
DB Adapter: postgresql
URL: http://gitlab.mydomain.com
HTTP Clone URL: http://gitlab.mydomain.com/some-group/some-project.git
SSH Clone URL: git@gitlab.mydomain.com:some-group/some-project.git
Using LDAP: no
Using Omniauth: no
GitLab Shell
Version: 4.0.0
Repository storage paths:
- default: /home/git/repositories/
Hooks: /home/git/gitlab-shell/hooks/
Git: /usr/bin/git
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production说
Checking GitLab Shell ...
GitLab Shell version >= 4.0.0 ? ... OK (4.0.0)
Repo base directory exists?
default... yes
Repo storage directories are symlinks?
default... no
Repo paths owned by git:git?
default... yes
Repo paths access is drwxrws---?
default... yes
hooks directories in repos are links: ...
Anshad Vattapoyil / test ... repository is empty
Running /home/git/gitlab-shell/bin/check
Check GitLab API access: OK
Access to /home/git/.ssh/authorized_keys: OK
Send ping to redis server: OK
gitlab-shell self-check successful
Checking GitLab Shell ... Finished
Checking Sidekiq ...
Running? ... yes
Number of Sidekiq processes ... 1
Checking Sidekiq ... Finished
Checking Reply by email ...
Reply by email is disabled in config/gitlab.yml
Checking Reply by email ... Finished
Checking LDAP ...
LDAP is disabled in config/gitlab.yml
Checking LDAP ... Finished
Checking GitLab ...
Git configured with autocrlf=input? ... yes
Database config exists? ... yes
All migrations up? ... yes
Database contains orphaned GroupMembers? ... no
GitLab config exists? ... yes
GitLab config outdated? ... no
Log directory writable? ... yes
Tmp directory writable? ... yes
Uploads directory setup correctly? ... yes
Init script exists? ... yes
Init script up-to-date? ... yes
projects have namespace: ...
Anshad Vattapoyil / test ... yes
Redis version >= 2.8.0? ... yes
Ruby version >= 2.1.0 ? ... yes (2.3.1)
Your git bin path is "/usr/bin/git"
Git version >= 2.7.3 ? ... yes (2.7.4)
Active users: 1
Checking GitLab ... Finished
域的Apache虚拟主机配置
<VirtualHost *:80>
ServerAdmin anshad@mydomain.com
ServerName gitlab.mydomain.com
ServerAlias www.gitlab.mydomain.com
ServerSignature Off
ProxyPreserveHost On
AllowEncodedSlashes NoDecode
<Location />
Require all granted
ProxyPassReverse http://localhost:8080
ProxyPassReverse http://gitlab.mydomain.com/
</Location>
RewriteEngine on
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
RewriteCond %{REQUEST_URI} ^/uploads/.*
RewriteRule .* http://127.0.0.1:8080%{REQUEST_URI} [P,QSA,NE]
DocumentRoot /home/git/gitlab/public
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
ErrorLog /var/log/apache2/gitlab_error.log
CustomLog /var/log/apache2/gitlab_forwarded.log common_forwarded
CustomLog /var/log/apache2/gitlab_access.log combined env=!dontlog
CustomLog /var/log/apache2/gitlab.log combined
</VirtualHost>
配置/home/git/gitlab/config/gitlab.yml
production: &base
gitlab:
host: gitlab.mydomain.com
port: 80
https: false
trusted_proxies:
email_from: noreply@mydomain.com
email_display_name: GitLab
email_reply_to: noreply@mydomain.com
email_subject_suffix: ''
default_projects_features:
issues: true
merge_requests: true
wiki: true
snippets: true
builds: true
container_registry: true
incoming_email:
enabled: false
address: "gitlab-incoming+%{key}@gmail.com"
user: "gitlab-incoming@gmail.com"
password: "[REDACTED]"
host: "imap.gmail.com"
port: 993
ssl: true
start_tls: false
mailbox: "inbox"
artifacts:
enabled: true
lfs:
enabled: true
gravatar:
cron_jobs:
stuck_ci_builds_worker:
cron: "0 0 * * *"
expire_build_artifacts_worker:
cron: "50 * * * *"
repository_check_worker:
cron: "20 * * * *"
admin_email_worker:
cron: "0 0 * * 0"
repository_archive_cache_worker:
cron: "0 * * * *"
registry:
gitlab_ci:
ldap:
enabled: false
servers:
main:
label: 'LDAP'
host: '_your_ldap_server'
port: 389
uid: 'sAMAccountName'
method: 'plain' # "tls" or "ssl" or "plain"
bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
password: '_the_password_of_the_bind_user'
timeout: 10
active_directory: true
allow_username_or_email_login: false
block_auto_created_users: false
base: ''
user_filter: ''
attributes:
username: ['uid', 'userid', 'sAMAccountName']
email: ['mail', 'email', 'userPrincipalName']
name: 'cn'
first_name: 'givenName'
last_name: 'sn'
omniauth:
enabled: false
allow_single_sign_on: ["saml"]
block_auto_created_users: true
auto_link_ldap_user: false
auto_link_saml_user: false
external_providers: []
providers:
shared:
satellites:
path: /home/git/gitlab-satellites/
repositories:
storages: # You must have at least a `default` storage path.
default: /home/git/repositories/
backup:
path: "tmp/backups"
gitlab_shell:
path: /home/git/gitlab-shell/
hooks_path: /home/git/gitlab-shell/hooks/
upload_pack: true
receive_pack: true
git:
bin_path: /usr/bin/git
max_size: 20971520 # 20.megabytes
timeout: 10
extra:
rack_attack:
git_basic_auth:
在/home/git/gitlab/unicorn.rb,我有
worker_processes 4
working_directory "/home/git/gitlab" # available in 0.94.0+
listen "/home/git/gitlab/tmp/sockets/gitlab.socket", :backlog => 1024
listen "127.0.0.1:8080", :tcp_nopush => true
production.log只说这个
Started POST "/ci/api/v1/builds/register.json" for 35.154.26.24 at 2016-11-19 08:16:45 +0000
Started GET "/anshad/test.git/info/refs?service=git-upload-pack" for 137.97.204.60 at 2016-11-19 08:16:47 +0000
Processing by Projects::GitHttpController#info_refs as */*
Parameters: {"service"=>"git-upload-pack", "namespace_id"=>"anshad", "project_id"=>"test.git"}
Filter chain halted as :authenticate_user rendered or redirected
Completed 401 Unauthorized in 23ms (Views: 0.3ms | ActiveRecord: 1.6ms)
Started POST "/ci/api/v1/builds/register.json" for 35.154.26.24 at 2016-11-19 08:16:48 +0000
Started POST "/ci/api/v1/builds/register.json" for 35.154.26.24 at 2016-11-19 08:16:51 +0000
Started POST "/ci/api/v1/builds/register.json" for 35.154.26.24 at 2016-11-19 08:16:54 +0000
Started GET "/anshad/test.git/info/refs?service=git-upload-pack" for 137.97.204.60 at 2016-11-19 08:16:56 +0000
Processing by Projects::GitHttpController#info_refs as */*
Parameters: {"service"=>"git-upload-pack", "namespace_id"=>"anshad", "project_id"=>"test.git"}
Filter chain halted as :authenticate_user rendered or redirected
Completed 401 Unauthorized in 25ms (Views: 0.3ms | ActiveRecord: 2.2ms)
Started GET "/anshad/test.git/info/refs?service=git-upload-pack" for 137.97.204.60 at 2016-11-19 08:16:57 +0000
Processing by Projects::GitHttpController#info_refs as */*
Parameters: {"service"=>"git-upload-pack", "namespace_id"=>"anshad", "project_id"=>"test.git"}
Completed 500 Internal Server Error in 98ms (ActiveRecord: 3.1ms)
JWT::DecodeError (Nil JSON web token):
lib/gitlab/workhorse.rb:120:in `verify_api_request!'
app/controllers/projects/git_http_client_controller.rb:154:in `verify_workhorse_api!'
lib/gitlab/request_profiler/middleware.rb:15:in `call'
lib/gitlab/middleware/go.rb:16:in `call'
Started POST "/ci/api/v1/builds/register.json" for 35.154.26.24 at 2016-11-19 08:16:57 +0000
答案 0 :(得分:2)
重要的是要注意,这个引用的系统是从源代码构建的,支持的nginx被Apache替换(gitlab没有正式支持)。
这是交易 - 在我的系统上的标准nginx配置中,我可以看到这个
upstream gitlab-workhorse {
server unix:/var/opt/gitlab/gitlab-workhorse/socket;
}
proxy_pass http://gitlab-workhorse;
这意味着 - 它正在使用套接字。不是网络端口。如果我试着看看主力甚至是在网络上听 - 我会发现它不是。
ps -ef|grep -i workhorse
lsof -p pid
不会显示由workhorse pid打开的任何网络端口。那么也许apache配置不正确?它应该使用socket而不是port?
答案 1 :(得分:0)
首先,仔细检查您的gitlab workhorse版本以及它是否与您当前的GitLab安装兼容。
在您参考的所有GitLab问题中,对22484的评论似乎最有希望:
在我的情况下,workhorse的日志显示访问
时出错./.gitlab_workhorse_secret经过一番挖掘后,解决方法是将以下内容添加到
/etc/systemd/system/gitlab-workhorse.service中的主力启动命令行中:
-secretPath /home/git/gitlab/.gitlab_workhorse_secret
作为参考,现在是完整的
ExecStart:
ExecStart=/home/git/gitlab/bin/daemon_with_pidfile /home/git/gitlab/tmp/pids/gitlab-workhorse.pid \
/home/git/gitlab-workhorse/gitlab-workhorse -listenUmask 0 -listenNetwork unix \
-listenAddr /home/git/gitlab/tmp/sockets/gitlab-workhorse.socket \
-authBackend http://127.0.0.1:8080 -authSocket /home/git/gitlab/tmp/sockets/gitlab.socket \
-documentRoot /home/git/gitlab/public -secretPath /home/git/gitlab/.gitlab_workhorse_secret \
>> /home/git/gitlab/log/gitlab-workhorse.log 2>&1
另一种可能性是:
在我的情况下,500错误是由
/etc/gitlab/gitlab.rb中的错误nginx配置引起的。
如果我在nginx之前有“之前”的东西,就像我的案例haproxy一样。我忽略了这个事实。它在NGiNX settings中描述。
在我的案例中,haproxy将后端发送到8081,现在正在监听nginx(最初我设置了8080 - 默认的独角兽服务) -
我只能用haproxy配置gitlab,没有nginx层。
所以在我的配置中很重要
nginx['listen_port'] = 8081
nginx['listen_https'] = false
请注意,这两个问题都适用于NGiNX(有one when Apache2 is used)
还提到了403(许可被拒绝)错误:
总结了这些结论我们能够通过启用HTTPS和SSH克隆解决403问题;我们只启用了SSH克隆,这似乎导致了问题。这可以通过转到
来更改https:///admin/application_settings并仔细检查Enabled Git access protocols
但还有更多:
查看默认文件,看起来与升级存在某种混淆以及默认值应该是什么。
使用默认配置文件示例(init.d和nginx),gitlab-workhorse将侦听Unix套接字而不是IP:端口。
Nginx示例配置文件确实有一些用于Unix套接字的行,但代理传递转到一个地址。我想第一次设置gitlab我需要将我的nginx配置指向Unicorn端口绑定,因为它是我在启动gitlab服务时在netstat获取设置中看到的唯一端口。
查看详情
如果您向Unicorn发送git clone请求,您将收到500错误 我要做的就是改变gitlab-workhorse来听我的回顾地址并在那里指向Nginx。通过克隆清除了我的HTTP 500错误 请点击A Brief History of GitLab Workhorse