【问题标题】:Gitlab ce on ubuntu 16.04 with letsencrypt on subdomainubuntu 16.04 上的 Gitlab ce,子域上带有letsencrypt
【发布时间】:2018-03-03 11:14:26
【问题描述】:

我在运行 Ubuntu 16.04 的 v-server 上安装了 gitlab-ce,并将 apache 作为网络服务器。在 git.example.com 下安装 gitlab 工作正常,我可以通过 http 设置我的用户。

我正在这个服务器上运行我的 example.com 网站,cloud.example.com 下的 nextcloud 实例和 git.example.com 下的 gitlab,我决定使用letsencrypt。

为 example.com 和 cloud.example.com 安装letsencrypt 工作正常。我使用Gitlab Recipes 进行配置,但它不能正常工作。当我尝试在 http://git.example.com 下访问 gitlab 时,重定向到 https://git.example.com 确实有效,但 https 部分将我重定向到 http://example.com,我不知道为什么。

这是服务器响应

Request URL:https://git.example.com/
Request Method:GET
Status Code:302 Found
Remote Address:*:443
Referrer Policy:no-referrer-when-downgrade
HTTP/1.1 302 Found
Date: Sat, 03 Mar 2018 10:36:24 GMT
Server: Apache/2.4.18 (Ubuntu)
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Location: http://example.com
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Request-Id: bdfffb7e-1c89-4308-be13-5c35a64f31f3
X-Runtime: 0.010298
X-Ua-Compatible: IE=edge
X-Xss-Protection: 1; mode=block
Content-Length: 90
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive

这些是我的 apache 配置文件:

<VirtualHost git.example.com:80>
  ServerName git.example.com
  DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public/
  ServerSignature Off

  RewriteEngine on
  RewriteCond %{HTTPS} !=on
  RewriteCond %{SERVER_NAME} =git.example.com
  RewriteCond %{REQUEST_URI} !^/.well-known/.*
  RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]

</VirtualHost>

SSL

<IfModule mod_ssl.c>
<VirtualHost git.example.com:443>
    SSLEngine on
    SSLCipherSuite    SSLv3:TLSv1:+HIGH:!SSLv2:!MD5:!MEDIUM:!LOW:!EXP:!ADH:!eNULL:!aNULL
    SSLCertificateFile /etc/letsencrypt/live/git.example.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/git.example.com/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf

    ServerName git.example.com
    ServerSignature Off
    ProxyPreserveHost On
    ProxyPass / https://localhost:8181/
    ProxyPassReverse / https://git.example.com:8181/

    # http://doc.gitlab.com/ce/api/projects.html#get-single-project
    AllowEncodedSlashes NoDecode

    <Location />
        # Apache 2.2
        Order allow,deny
        Allow from all

        # New authorization commands for apache 2.4 and up
        # http://httpd.apache.org/docs/2.4/upgrading.html#access
        Require all granted
        ProxyPassReverse http://127.0.0.1:8181
        ProxyPassReverse http://git.example.com/
    </Location>

    <Directory /opt/gitlab/embedded/service/gitlab-rails/public/>
       Require all granted
    </Directory>

    # needed for downloading attachments
    DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public/

    RewriteEngine on

    # Apache equivalent of nginx try files
    RewriteCond %{DOCUMENT_ROOT}/{REQUEST_FILENAME} !-f [OR]
    RewriteCond %{REQUEST_URI} ^/uploads/.* [OR]
    RewriteCond %{REQUEST_URI} !/\.well-known/.*
    RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]

    RequestHeader set Host "git.example.com"
    RequestHeader set X-Forwarded-Ssl on
#    RequestHeader set X-Forwarded-For %<span class="pl-s1"><span class="p1-    pse">{</span>REMOTE_ADDR<span class="ps1-pse">}</span></span>e  
    RequestHeader set X_FORWARDED_PROTO 'https'

    #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
    ErrorDocument 404 /404.html
    ErrorDocument 422 /422.html
    ErrorDocument 500 /500.html
    ErrorDocument 502 /502.html
    ErrorDocument 503 /503.html

    # It is assumed that the log directory is in /var/log/httpd.
    # For Debian distributions you might want to change this to
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>
</IfModule>

在 production.log 中我发现了这个

Started GET "/" for 93.200.218.17 at 2018-03-03 11:34:31 +0100
Processing by RootController#index as HTML
Redirected to http://example.com
Filter chain halted as :redirect_unlogged_user rendered or redirected
Completed 302 Found in 4ms (ActiveRecord: 0.0ms)

但是到目前为止,搜索这个并没有帮助我。我猜有某种循环,其中 apache 决定 root 到 domain.net 但我找不到它的来源。

如果有人知道在哪里查找错误或可以查看我的配置有什么问题,我将不胜感激。

回答

curl -v http://127.0.0.1:8181

曾经:

> GET / HTTP/1.1
> Host: 127.0.0.1:8181
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 302 Found
< Cache-Control: no-cache
< Content-Type: text/html; charset=utf-8
< Date: Mon, 05 Mar 2018 09:58:40 GMT
< Location: http://example.com
< X-Content-Type-Options: nosniff
< X-Frame-Options: DENY
< X-Request-Id: 17cb8d7d-918f-4d72-95ca-f6262e7537b2
< X-Runtime: 0.015595
< X-Ua-Compatible: IE=edge
< X-Xss-Protection: 1; mode=block
< Content-Length: 90
<
* Connection #0 to host 127.0.0.1 left intact

更新 1

我检查了端口 8181 上的重定向,但我只得到了这个:

COMMAND   PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
gitlab-wo 312  git    3u  IPv4 188680      0t0  TCP localhost:8181 (LISTEN)

所以我认为Gitlab本身存在一些配置错误

【问题讨论】:

  • 这些答案可能会有所帮助stackoverflow.com/q/19456129/1145196
  • 我不明白这个答案的哪一部分可能对我有帮助。您能否更具体地说明哪一部分可能是我的问题的答案?谢谢。
  • 也许您的 GitLab 配置了错误的主机名? (这可能会导致此类重定向)
  • 我查过了。每个配置中的主机名都是 git.example.com。 Ans 也在 gitlab.rb 中
  • 直接在实例shell中尝试curl -v http://127.0.0.1:8181会有什么反应?

标签: apache gitlab subdomain ubuntu-16.04 lets-encrypt


【解决方案1】:

解决方案我在https://serverfault.com/questions/721698/gitlab-redirects-to-other-page 找到了一个提示,这确实是问题所在......

gitlab 本身的设置错误。登录限制得到了http://git.example.com,所以我必须使用直接链接 git.example.com/users/sign_in 登录并更改我的设置。现在它正在工作。

感谢 Dusan Bajic。

加法

还有一个问题是,“主页 URL”的设置被设置为我的主域。我不得不将其更改为https://git.example.com。一个我刚刚忘记的简单设置

【讨论】:

    猜你喜欢
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2017-11-28
    • 1970-01-01
    • 2016-11-26
    • 1970-01-01
    • 1970-01-01
    相关资源
    最近更新 更多