当我尝试git push -u origin master到我的存储库时,我得到400 Bad Request。
我故意用<取代。 最近从gitlab-ee非捆绑的nginx,并通过网络浏览器验证了gitlab位置的可访问性。
我也尝试将git remote-url设置为https://gitlab.<mysite>.com/<user>/project.git,同样的事情发生了。
尝试git push时出错
remote: 400 Bad Request: missing required Host header
fatal: unable to access 'https://oauth2:<myawesometoken>.site.com/<user>/project.git/': The requested URL returned error: 400
nginx配置
upstream gitlab {
server unix:/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket;
}
upstream gitlab-workhorse {
server unix://var/opt/gitlab/gitlab-workhorse/socket fail_timeout=0;
#server unix:/home/git/gitlab/tmp/sockets/gitlab-workhorse.socketfail_timeout=0;
}
map $http_upgrade $connection_upgrade_gitlab {
default upgrade;
'' close;
}
log_format gitlab_access $remote_addr - $remote_user [$time_local]"$request_method $gitlab_filtere$
map $request_uri $gitlab_temp_request_uri_1 {
default $request_uri;
~(?i)^(?<start>.*)(?<temp>[\?&]private[\-_]token)=[^&]*(?<rest>.*)$"$start$temp=[FILTERED]$rest";
}
map $gitlab_temp_request_uri_1 $gitlab_temp_request_uri_2 {
default $gitlab_temp_request_uri_1;
~(?i)^(?<start>.*)(?<temp>[\?&]authenticity[\-_]token)=[^&]*(?<rest>.*)$"$start$temp=[FILTERED]$$
}
map $gitlab_temp_request_uri_2 $gitlab_filtered_request_uri {
default $gitlab_temp_request_uri_2;
~(?i)^(?<start>.*)(?<temp>[\?&]rss[\-_]token)=[^&]*(?<rest>.*)$"$start$temp=[FILTERED]$rest";
}
map $http_referer $gitlab_filtered_http_referer {
default $http_referer;
~^(?<temp>.*)\? $temp;
}
server {
server_name gitlab.<mysite>.com www.gitlab.<mysite>.com;
server_tokens off;
root /opt/gitlab/embedded/service/gitlab-rails/public;
real_ip_header X-Real-IP;
real_ip_recursive off;
access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;
passenger_ruby /opt/gitlab/embedded/bin/ruby;
passenger_env_var PATH "/opt/gitlab/bin:/opt/gitlab/embedded/bin:/usr/local/bin:/usr/bin:/bin";
passenger_user git;
passenger_group git;
passenger_enabled on;
passenger_min_instances 1;
location @gitlab-workhorse {
## https://github.com/gitlabhq/gitlabhq/issues/694
## Some requests take more than 30 seconds.
proxy_read_timeout 3600;
proxy_connect_timeout 300;
proxy_redirect off;
# Do not buffer Git HTTP responses
proxy_buffering off;
proxy_set_header Host $http_host_with_default;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://gitlab-workhorse;
## The following settings only work with NGINX 1.7.11 or newer
#
## Pass chunked request bodies to gitlab-workhorse as-is
# proxy_request_buffering off;
proxy_http_version 1.1;
}
location ~ ^/(assets)/ {
root /opt/gitlab/embedded/service/gitlab-rails/public;
gzip_static on; # to serve pre-gzipped version
expires max;
add_header Cache-Control public;
}
location / {
client_max_body_size 0;
gzip off;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade_gitlab;
proxy_pass http://gitlab;
}
error_page 404 /404.html;
error_page 422 /422.html;
error_page 500 /500.html;
error_page 502 /502.html;
error_page 503 /503.html;
location ~ ^/(404|422|500|502|503)\.html$ {
# Location to the Gitlab's public directory,
# for Omnibus this would be: /opt/gitlab/embedded/service/gitlab-rails/public.
root /home/git/gitlab/public;
internal;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/gitlab.<mysite>.com/fullchain.pem; # managed by Certb$
ssl_certificate_key /etc/letsencrypt/live/gitlab.<mysite>.com/privkey.pem; # managed by Cer$
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
listen 80;
server_name www.gitlab.<mysite>.com gitlab.<mysite>.com;
return 301 https://$host$request_uri;
if ($host = www.gitlab.<mysite>.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = gitlab.<mysite>.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
}
gitlab.rb config
external_url 'https://gitlab.<mysite>.com'
nginx['enable'] = false
web_server['external_users'] = ['www-data']
gitlab_rails['trusted_proxies'] = [ '<serverIp>/24']
答案 0 :(得分:3)
所以我通过仔细观察GitLab文档来弄清楚: https://docs.gitlab.com/omnibus/settings/nginx.html#vhost-server-block
我忽略了这两个设置。这是在主服务器块内。
# For protocol upgrades from HTTP/1.0 to HTTP/1.1 we need to provide Host header if its missing
if ($http_host = "") {
# use one of values defined in server_name
set $http_host_with_default "git.example.com";
}
if ($http_host != "") {
set $http_host_with_default $http_host;
}
此外,我从client_max_body_size中删除了location / { ... }并将其放在父作用域中。
最后,我将gitlab_rails['internal_api_url'] = 'https://gitlab.<mysite>.com'添加到gitlab.rb配置文件中。
现在一切正常。