我已经找到了造成此问题的原因,这是位置限制,但我不明白或了解原因。这只是常规的层压块和图案,可以在global/restrictions.conf中找到:
# Directives to send expires headers and turn off 404 error logging.
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off;
log_not_found off;
expires max;
}
有趣的部分是:不是使筛选后的文件抛出404的属性。IT本身就是位置块:
# Directives to send expires headers and turn off 404 error logging.
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {}
有任何线索吗?这样的位置块如何抛出404错误?
我的意思是,该块甚至没有任何语句并引起了问题。
如果有人能让我变得更聪明,那会很好。
问题(在找到您可以在此处阅读的内容之前)
尝试在Gitlab上(在浏览器中)访问存储库的映像时获取404。
我以前曾推过它,想知道所有内容是否存在,甚至RAW都能正常工作。但是当涉及到图像时,我仅收到以下网址的404响应:
https://git.example.tld/yyy/editor/raw/master/data/images/logo.png首先,我认为映像不会在远程仓库中退出,但是我已经将存储库克隆到了本地计算机的另一个位置,并且看到所有映像仍然存在并且可以在那里工作。
什么可能导致此问题?
我查看了github-rails和github-workhorse日志文件以查找错误消息。但是,希望他们能收到404的事实还没有被解雇。
我做了什么?
我已经在 Debian 9.9(拉伸)上安装了 Gitlab CE(v11.10.4),其中还包括了 nginx(最新)已安装。安装是通过
apt进行的,并且设置了所有内容,如您在本期的“详细信息”部分所看到的。问题历史记录::
nginx配置中的变量问题(已解决)
通过将
proxy_set_header Upgrade $http_upgrade;替换为proxy_set_header Connection "upgrade";来解决。访问页面时仅获得404。(已解决)
在注释掉nginx配置的最后一部分并将
root放入其父范围后修复。没有用于FontIcons的CSS (已解决)
修正后
proxy_set_header Connection "upgrade";头像上传未显示(已解决)
上传正常,文件位于机器的正确路径上。找到了issue并解决了。但是
gitlab-rake gitlab:app:check之后指责我,并向我介绍了新的更改权限的命令。但是从那以后它仍然有效。即使清除了gitlab:cache后,也要重新配置并重新启动。- 您在StackExchange上打开的当前问题(未解决)
详细信息
输出:
gitlab-rake gitlab:app:checkChecking GitLab App ... Git configured correctly? ... yes Database config exists? ... yes All migrations up? ... yes Database contains orphaned GroupMembers? ... no GitLab config exists? ... yes GitLab config up to date? ... yes Log directory writable? ... yes Tmp directory writable? ... yes Uploads directory exists? ... yes Uploads directory has correct permissions? ... yes Uploads directory tmp has correct permissions? ... yes Init script exists? ... skipped (omnibus-gitlab has no init script) Init script up-to-date? ... skipped (omnibus-gitlab has no init script) Projects have namespace: ... xxx / test ... yes yyy / editor ... yes Redis version >= 2.8.0? ... yes Ruby version >= 2.5.3 ? ... yes (2.5.3) Git version >= 2.18.0 ? ... yes (2.18.1) Git user has default SSH configuration? ... yes Active users: ... 1 Checking GitLab App ... Finished过滤后的输出:
top307 www-data 20 0 513156 40256 26804 S 0,0 0,7 0:30.73 php-fpm7.1 413 www-data 20 0 513140 40688 27252 S 0,0 0,7 0:28.48 php-fpm7.1 11135 www-data 20 0 513092 40084 26676 S 0,0 0,7 0:04.41 php-fpm7.1 13560 gitlab-+ 20 0 423008 17964 11820 S 0,0 0,3 0:00.35 alertmanager 13576 git 20 0 387328 12172 8776 S 0,0 0,2 0:00.05 gitaly-wrapper 13582 git 20 0 642608 34836 15232 S 0,0 0,6 0:00.99 gitaly 13598 git 20 0 449980 33260 8140 S 0,0 0,5 0:08.78 gitlab-mon 13600 git 20 0 1290172 63492 14852 S 0,0 1,0 0:02.20 ruby 13603 git 20 0 1300416 63924 14844 S 0,0 1,0 0:02.19 ruby 13610 git 20 0 414056 21572 13616 S 0,0 0,4 0:00.12 gitlab-workhors 13628 root 20 0 4276 756 688 S 0,0 0,0 0:00.00 gitlab-logrotat 13634 gitlab-+ 20 0 114272 15040 8976 S 0,0 0,2 0:00.30 node_exporter 13640 gitlab-+ 20 0 243644 14928 9088 S 0,0 0,2 0:00.26 postgres_export 13725 gitlab-+ 20 0 1629984 66220 64368 S 0,0 1,1 0:00.11 postgres 13729 gitlab-+ 20 0 1630120 4092 2240 S 0,0 0,1 0:00.00 postgres 13730 gitlab-+ 20 0 1629984 15692 13836 S 0,0 0,3 0:00.05 postgres 13731 gitlab-+ 20 0 1630120 4092 2240 S 0,0 0,1 0:00.00 postgres 13732 gitlab-+ 20 0 1630532 7180 5104 S 0,0 0,1 0:00.00 postgres 13733 gitlab-+ 20 0 33136 4916 2944 S 0,0 0,1 0:00.05 postgres 13736 gitlab-+ 20 0 704836 171360 29448 S 0,0 2,8 0:05.83 prometheus 13747 gitlab-+ 20 0 41460 5944 2720 S 0,0 0,1 0:01.80 redis-server 13751 gitlab-+ 20 0 254264 13716 7444 S 0,0 0,2 0:00.18 redis_exporter 13759 git 20 0 967164 440912 18244 S 0,0 7,2 0:27.27 bundle 13772 git 20 0 18100 3000 2568 S 0,0 0,0 0:00.15 gitlab-unicorn- 13790 git 20 0 704956 416880 16824 S 0,0 6,8 0:23.84 bundle 13796 gitlab-+ 20 0 1641188 25504 21076 S 0,0 0,4 0:00.25 postgres 13797 gitlab-+ 20 0 1639636 21296 17984 S 0,0 0,3 0:00.10 postgres 13798 gitlab-+ 20 0 1640376 23264 19936 S 0,0 0,4 0:00.16 postgres 13799 gitlab-+ 20 0 1640088 22644 19012 S 0,0 0,4 0:00.25 postgres 13868 git 20 0 861932 426076 13332 S 0,0 7,0 0:01.80 bundle 13871 git 20 0 864092 424720 15004 S 0,0 6,9 0:02.88 bundle 13874 git 20 0 864348 421884 15052 S 0,0 6,9 0:02.71 bundle 13883 gitlab-+ 20 0 1641836 28584 23760 S 0,0 0,5 0:00.12 postgres 13931 gitlab-+ 20 0 1641568 25860 21784 S 0,0 0,4 0:00.06 postgres 14040 gitlab-+ 20 0 1641548 27436 22908 S 0,0 0,4 0:00.10 postgres 14399 gitlab-+ 20 0 1640044 23452 19968 S 0,0 0,4 0:00.01 postgres 14823 gitlab-+ 20 0 1640084 20868 17608 S 0,0 0,3 0:00.01 postgres 14871 git 20 0 4184 648 588 S 0,0 0,0 0:00.00 sleep 16004 root 20 0 161400 2544 52 S 0,0 0,0 0:00.00 nginx 16005 www-data 20 0 161944 8744 5428 S 0,0 0,1 0:03.45 nginx 16006 www-data 20 0 161884 8484 5412 S 0,0 0,1 0:01.63 nginx 16851 mysql 20 0 1932868 123616 19356 S 0,0 2,0 2:06.78 mysqld 20095 root 20 0 508136 53216 44844 S 0,0 0,9 0:39.46 php-fpm7.1配置
文件:
passwd(仅相关部分)git : x : 1000 : 1000 : ,,, : /var/opt/gitlab : /bin/sh gitlab-www : x : 999 : 998 : : /var/opt/gitlab/nginx : /bin/false gitlab-redis : x : 998 : 997 : : /var/opt/gitlab/redis : /bin/false gitlab-psql : x : 997 : 996 : : /var/opt/gitlab/postgresql : /bin/sh gitlab-prometheus : x : 996 : 995 : : /var/opt/gitlab/prometheus : /bin/sh www-data : x : 33 : 33 : www-data : /var/www : /usr/sbin/nologinGitlab配置:
gitlab.rb### GitLab configuration settings external_url 'https://git.example.tld' nginx['enable'] = false web_server['external_users'] = ['www-data'] gitlab_rails['gitlab_default_projects_features_builds'] = falseNginx VHost配置:
gitlab.confupstream gitlab-workhorse { server unix:/var/opt/gitlab/gitlab-workhorse/socket; } server { listen 80; server_name git.exmaple.tld; location ~ .well-known/acme-challenge/ { root /var/www/letsencrypt; default_type text/plain; } location / { return 301 https://git.exmaple.tld$request_uri; } } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name git.exmaple.tld; access_log /var/log/gitlab_access.log; error_log /var/log/gitlab_error.log warn; root /opt/gitlab/embedded/service/gitlab-rails/public; ssl on; ssl_certificate /etc/letsencrypt/live/git.exmaple.tld/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/git.exmaple.tld/privkey.pem; # managed by Certbot # include global/secure_ssl.conf; # CHANGED: Unknown File include global/restrictions.conf; client_max_body_size 250M; index index.php; # Additional rules go here. location / { client_max_body_size 0; ## If you use HTTPS make sure you disable gzip compression ## to be safe against BREACH attack. ## https://github.com/gitlabhq/gitlabhq/issues/694 ## Some requests take more than 30 seconds. proxy_read_timeout 3600; proxy_connect_timeout 300; proxy_redirect off; proxy_http_version 1.1; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Ssl on; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header Upgrade $http_upgrade; # proxy_set_header Connection "upgrade"; proxy_set_header X-Forwarded-Proto https; proxy_pass http://gitlab-workhorse; } error_page 404 /404.html; error_page 422 /422.html; error_page 500 /500.html; error_page 502 /502.html; # CHANGE: Comment out because run everytimes into 404. # Copied root parameter into parent configuration-scope. # # location ~ ^/(404|422|500|502)(-custom)?\.html$ { # root /opt/gitlab/embedded/service/gitlab-rails/public; # internal; # } }
已更新(2019-05-21)
Nginx限制配置:
# # Bad referrer 404 filer # if ($bad_referer) { # return 444; # } # Global restrictions configuration file. # Designed to be included in any server {} block. location = /favicon.ico { log_not_found off; access_log off; } location = /robots.txt { allow all; log_not_found off; access_log off; } # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban) location ~ /\. { deny all; } # Deny access to any files with a .php extension in the uploads directory # Works in sub-directory installs and also in multisite network # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban) location ~* /(?:uploads|files)/.*\.php$ { deny all; } # Directives to send expires headers and turn off 404 error logging. location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ { access_log off; log_not_found off; expires max; }