【发布时间】:2018-03-03 11:14:26
【问题描述】:
我在运行 Ubuntu 16.04 的 v-server 上安装了 gitlab-ce,并将 apache 作为网络服务器。在 git.example.com 下安装 gitlab 工作正常,我可以通过 http 设置我的用户。
我正在这个服务器上运行我的 example.com 网站,cloud.example.com 下的 nextcloud 实例和 git.example.com 下的 gitlab,我决定使用letsencrypt。
为 example.com 和 cloud.example.com 安装letsencrypt 工作正常。我使用Gitlab Recipes 进行配置,但它不能正常工作。当我尝试在 http://git.example.com 下访问 gitlab 时,重定向到 https://git.example.com 确实有效,但 https 部分将我重定向到 http://example.com,我不知道为什么。
这是服务器响应
Request URL:https://git.example.com/
Request Method:GET
Status Code:302 Found
Remote Address:*:443
Referrer Policy:no-referrer-when-downgrade
HTTP/1.1 302 Found
Date: Sat, 03 Mar 2018 10:36:24 GMT
Server: Apache/2.4.18 (Ubuntu)
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Location: http://example.com
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Request-Id: bdfffb7e-1c89-4308-be13-5c35a64f31f3
X-Runtime: 0.010298
X-Ua-Compatible: IE=edge
X-Xss-Protection: 1; mode=block
Content-Length: 90
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
这些是我的 apache 配置文件:
<VirtualHost git.example.com:80>
ServerName git.example.com
DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public/
ServerSignature Off
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteCond %{SERVER_NAME} =git.example.com
RewriteCond %{REQUEST_URI} !^/.well-known/.*
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]
</VirtualHost>
SSL
<IfModule mod_ssl.c>
<VirtualHost git.example.com:443>
SSLEngine on
SSLCipherSuite SSLv3:TLSv1:+HIGH:!SSLv2:!MD5:!MEDIUM:!LOW:!EXP:!ADH:!eNULL:!aNULL
SSLCertificateFile /etc/letsencrypt/live/git.example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/git.example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
ServerName git.example.com
ServerSignature Off
ProxyPreserveHost On
ProxyPass / https://localhost:8181/
ProxyPassReverse / https://git.example.com:8181/
# http://doc.gitlab.com/ce/api/projects.html#get-single-project
AllowEncodedSlashes NoDecode
<Location />
# Apache 2.2
Order allow,deny
Allow from all
# New authorization commands for apache 2.4 and up
# http://httpd.apache.org/docs/2.4/upgrading.html#access
Require all granted
ProxyPassReverse http://127.0.0.1:8181
ProxyPassReverse http://git.example.com/
</Location>
<Directory /opt/gitlab/embedded/service/gitlab-rails/public/>
Require all granted
</Directory>
# needed for downloading attachments
DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public/
RewriteEngine on
# Apache equivalent of nginx try files
RewriteCond %{DOCUMENT_ROOT}/{REQUEST_FILENAME} !-f [OR]
RewriteCond %{REQUEST_URI} ^/uploads/.* [OR]
RewriteCond %{REQUEST_URI} !/\.well-known/.*
RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
RequestHeader set Host "git.example.com"
RequestHeader set X-Forwarded-Ssl on
# RequestHeader set X-Forwarded-For %<span class="pl-s1"><span class="p1- pse">{</span>REMOTE_ADDR<span class="ps1-pse">}</span></span>e
RequestHeader set X_FORWARDED_PROTO 'https'
#Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
ErrorDocument 404 /404.html
ErrorDocument 422 /422.html
ErrorDocument 500 /500.html
ErrorDocument 502 /502.html
ErrorDocument 503 /503.html
# It is assumed that the log directory is in /var/log/httpd.
# For Debian distributions you might want to change this to
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
</IfModule>
在 production.log 中我发现了这个
Started GET "/" for 93.200.218.17 at 2018-03-03 11:34:31 +0100
Processing by RootController#index as HTML
Redirected to http://example.com
Filter chain halted as :redirect_unlogged_user rendered or redirected
Completed 302 Found in 4ms (ActiveRecord: 0.0ms)
但是到目前为止,搜索这个并没有帮助我。我猜有某种循环,其中 apache 决定 root 到 domain.net 但我找不到它的来源。
如果有人知道在哪里查找错误或可以查看我的配置有什么问题,我将不胜感激。
回答
curl -v http://127.0.0.1:8181
曾经:
> GET / HTTP/1.1
> Host: 127.0.0.1:8181
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 302 Found
< Cache-Control: no-cache
< Content-Type: text/html; charset=utf-8
< Date: Mon, 05 Mar 2018 09:58:40 GMT
< Location: http://example.com
< X-Content-Type-Options: nosniff
< X-Frame-Options: DENY
< X-Request-Id: 17cb8d7d-918f-4d72-95ca-f6262e7537b2
< X-Runtime: 0.015595
< X-Ua-Compatible: IE=edge
< X-Xss-Protection: 1; mode=block
< Content-Length: 90
<
* Connection #0 to host 127.0.0.1 left intact
更新 1
我检查了端口 8181 上的重定向,但我只得到了这个:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
gitlab-wo 312 git 3u IPv4 188680 0t0 TCP localhost:8181 (LISTEN)
所以我认为Gitlab本身存在一些配置错误
【问题讨论】:
-
这些答案可能会有所帮助stackoverflow.com/q/19456129/1145196
-
我不明白这个答案的哪一部分可能对我有帮助。您能否更具体地说明哪一部分可能是我的问题的答案?谢谢。
-
也许您的 GitLab 配置了错误的主机名? (这可能会导致此类重定向)
-
我查过了。每个配置中的主机名都是 git.example.com。 Ans 也在 gitlab.rb 中
-
直接在实例shell中尝试
curl -v http://127.0.0.1:8181会有什么反应?
标签: apache gitlab subdomain ubuntu-16.04 lets-encrypt