应用错误收集

描述

前几天我安装了GitLab，它似乎运行得很好，但是当我今天尝试连接时，它会打印出502错误（需要很长时间才能加载）。

!!正如我上面所说，它与禁用的防火墙完美配合：）

代码：

gitlab-ctl tail

输出：

2017-09-04_09:18:29.94177 2017/09/04 11:18:29 error: GET "/": badgateway: failed after 30s: dial tcp [::1]:8081: getsockopt: connection refused
2017-09-04_09:18:29.94187 git.myurl.com @ - - [2017-09-04 11:17:59.940389308 +0200 CEST] "GET / HTTP/1.1" 502 2925 "" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36" 30.001060
2017-09-04_09:18:30.27682 2017/09/04 11:18:30 Send static file "/opt/gitlab/embedded/service/gitlab-rails/public/favicon.ico" ("") for GET "/favicon.ico"
2017-09-04_09:18:30.27712 git.myurl.com @ - - [2017-09-04 11:18:30.276480568 +0200 CEST] "GET /favicon.ico HTTP/1.1" 200 5430 "https://git.myurl.com/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36" 0.000454

已经尝试

经过尝试和研究后，我发现它与禁用的防火墙完美配合，所以我查找了所需的端口并允许它们通过

ufw allow "rule"

现在这是我的开放端口：

ufw status

输出：

Status: active
To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere                      
Apache Full                ALLOW       Anywhere                  
3306                       ALLOW       Anywhere                  
Dovecot IMAP               ALLOW       Anywhere                  
Postfix                    ALLOW       Anywhere                  
Postfix SMTPS              ALLOW       Anywhere                  
Postfix Submission         ALLOW       Anywhere                  
Dovecot Secure IMAP        ALLOW       Anywhere                  
8080                       ALLOW       Anywhere                  
9987/udp                   ALLOW       Anywhere                  
1194                       ALLOW       Anywhere                  
80                         ALLOW       Anywhere                  
443                        ALLOW       Anywhere                  
1194/udp                   ALLOW       Anywhere                  
8443                       ALLOW       Anywhere                  
122                        ALLOW       Anywhere                  
123/udp                    ALLOW       Anywhere                  
161/udp                    ALLOW       Anywhere                  
22                         ALLOW       Anywhere                  
8081                       ALLOW       Anywhere                  
OpenSSH (v6)               ALLOW       Anywhere (v6)             
Apache Full (v6)           ALLOW       Anywhere (v6)             
3306 (v6)                  ALLOW       Anywhere (v6)             
Dovecot IMAP (v6)          ALLOW       Anywhere (v6)             
Postfix (v6)               ALLOW       Anywhere (v6)             
Postfix SMTPS (v6)         ALLOW       Anywhere (v6)             
Postfix Submission (v6)    ALLOW       Anywhere (v6)             
Dovecot Secure IMAP (v6)   ALLOW       Anywhere (v6)             
8080 (v6)                  ALLOW       Anywhere (v6)             
9987/udp (v6)              ALLOW       Anywhere (v6)             
1194 (v6)                  ALLOW       Anywhere (v6)             
80 (v6)                    ALLOW       Anywhere (v6)             
443 (v6)                   ALLOW       Anywhere (v6)             
1194/udp (v6)              ALLOW       Anywhere (v6)             
8443 (v6)                  ALLOW       Anywhere (v6)             
122 (v6)                   ALLOW       Anywhere (v6)             
123/udp (v6)               ALLOW       Anywhere (v6)             
161/udp (v6)               ALLOW       Anywhere (v6)             
22 (v6)                    ALLOW       Anywhere (v6)             
8081 (v6)                  ALLOW       Anywhere (v6)

我现在尝试了一些事情，但我不知道为什么它不会工作。

gitlab-ctl reconfigure

工作得很好（已经10次了）。

我也多次重启服务器（我每次都可以连接到gitlab，但只能禁用ufw）

gitlab-ctl status

输出：

run: gitaly: (pid 1385) 2506s; run: log: (pid 1383) 2506s
run: gitlab-monitor: (pid 1403) 2506s; run: log: (pid 1401) 2506s
run: gitlab-workhorse: (pid 1386) 2506s; run: log: (pid 1384) 2506s
run: logrotate: (pid 1400) 2506s; run: log: (pid 1399) 2506s
run: node-exporter: (pid 1409) 2506s; run: log: (pid 1408) 2506s
run: postgres-exporter: (pid 1410) 2506s; run: log: (pid 1402) 2506s
run: postgresql: (pid 1391) 2506s; run: log: (pid 1389) 2506s
run: prometheus: (pid 1407) 2506s; run: log: (pid 1406) 2506s
run: redis: (pid 1387) 2506s; run: log: (pid 1382) 2506s
run: redis-exporter: (pid 1405) 2506s; run: log: (pid 1404) 2506s
run: sidekiq: (pid 1396) 2506s; run: log: (pid 1395) 2506s
run: unicorn: (pid 1390) 2506s; run: log: (pid 1388) 2506s

我的配置

代码：

grep "^[^#;]" /etc/gitlab/gitlab.rb

输出：

external_url 'https://git.myurl.com'
unicorn['port'] = 8081
gitlab_git_http_server['auth_backend'] = "http://localhost:8081"
web_server['external_users'] = ['www-data']
nginx['enable'] = false
gitlab_rails['internal_api_url'] = 'https://git.myurl.com'

ufw的奇怪行为

也许很重要，不知道

当我安装openvpn时，我必须将内容添加到/etc/ufw/before.rules

代码：

less /etc/ufw/before.rules

输出（仅相关的东西）：

# START OPENVPN RULES
# NAT table rule
*nat
:POSTROUTING ACCEPT [0:0] 
# Allow traffic from OpenVPN client to wlp11s0 (change to the interface 
you discovered!)
-A POSTROUTING -s 10.8.0.0/8 -o ens3 -j MASQUERADE
COMMIT
# END OPENVPN RULES

当我做的时候

ufw reload

输出：

ERROR: problem running ufw-init
Bad argument `*nat'
Error occurred at line: 21
Try `iptables-restore -h' or 'iptables-restore --help' for more 
information.

Problem running '/etc/ufw/before.rules'

但是当我跑步时

ufw enable

之后，它可以运行，防火墙在此之后处于活动状态

Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup

因为这是我在stackoverflow上问过的第一个问题（是的，我知道如何谷歌，从来没有自己开始一个线程;））我希望我提供了足够的信息（如果不是只是告诉我），有人找到时间到帮助我，

提前谢谢你，

保

编辑：当我在before.rules中注释掉OpenVPN规则时，它可以正常工作

在before.rules中ucommenting openvpn规则解决了这个问题，我虽然想知道如何在没有制动gitlab的情况下启用伪装

使用启用的防火墙无法访问GitLab（操作系统：Ubuntu 16.04）

描述

已经尝试

我的配置

ufw的奇怪行为

1 个答案: