尝试安装 gitlab 6-5-stable，但有 403 Forbidden答案

【问题标题】：Try install gitlab 6-5-stable, but have a 403 Forbidden尝试安装 gitlab 6-5-stable，但有 403 Forbidden
【发布时间】：2017-04-03 14:29:09
【问题描述】：

我遵循了所有的安装过程，但是当我尝试访问 gitlab 的 url 时出现错误显示“403 您无权访问此服务器上的 /。”

bundle exec rake gitlab:env:info RAILS_ENV=production

System information
System: CentOS release 6.5 (Final)
Current User: root
Using RVM: yes
RVM Version: 1.21.7
Ruby Version: 1.9.3p448
Gem Version: 1.8.25
Bundler Version:1.3.5
Rake Version: 10.1.0

GitLab information
Version: 6.5.1
Revision: 2ffa03a
Directory: /home/git/gitlab
DB Adapter: mysql2
URL: http://git.intranet.ecore.com.br
HTTP Clone URL: http://git.intranet.ecore.com.br/some-project.git
SSH Clone URL: git@git.intranet.ecore.com.br:some-project.git
Using LDAP: yes
Using Omniauth: no

GitLab Shell
Version: 1.8.0
Repositories: /home/git/repositories/
Hooks: /home/git/gitlab-shell/hooks/
Git: /usr/bin/git

bundle exec rake gitlab:check RAILS_ENV=production

Checking Environment ...

Git configured for git user? ... yes
Has python2? ... yes
python2 is supported version? ... yes

Checking Environment ... Finished

Checking GitLab Shell ...

GitLab Shell version >= 1.7.9 ? ... OK (1.8.0)
Repo base directory exists? ... yes
Repo base directory is a symlink? ... no
Repo base owned by git:git? ... yes
Repo base access is drwxrws---? ... yes
update hook up-to-date? ... yes
update hooks in repos are links: ... can't check, you have no projects
Running /home/git/gitlab-shell/bin/check
/usr/local/rvm/gems/ruby-1.9.3-p448/gems/bundler-1.3.5/lib/bundler/runtime.rb:216: warning: Insecure world writable dir /home/git/gitlab/vendor/bundle/ruby/1.9.1/bin in PATH, mode 042777
Check GitLab API access: FAILED. code: 403
gitlab-shell self-check failed
  Try fixing it:
  Make sure GitLab is running;
  Check the gitlab-shell configuration file:
  sudo -u git -H editor /home/git/gitlab-shell/config.yml
  Please fix the error above and rerun the checks.

Checking GitLab Shell ... Finished

Checking Sidekiq ...

Running? ... yes
Number of Sidekiq processes ... 1

Checking Sidekiq ... Finished

Checking LDAP ...

LDAP users with access to your GitLab server (only showing the first 100 results)
rake aborted!
SSL_connect SYSCALL returned=5 errno=0 state=SSLv2/v3 read server hello A
/home/git/gitlab/vendor/bundle/ruby/1.9.1/gems/net-ldap-0.3.1/lib/net/ldap.rb:1132:in `connect'
/home/git/gitlab/vendor/bundle/ruby/1.9.1/gems/net-ldap-0.3.1/lib/net/ldap.rb:1132:in `wrap_with_ssl'
/home/git/gitlab/vendor/bundle/ruby/1.9.1/gems/net-ldap-0.3.1/lib/net/ldap.rb:1169:in `setup_encryption'
/home/git/gitlab/vendor/bundle/ruby/1.9.1/gems/net-ldap-0.3.1/lib/net/ldap.rb:1116:in `initialize'
/home/git/gitlab/vendor/bundle/ruby/1.9.1/gems/net-ldap-0.3.1/lib/net/ldap.rb:634:in `new'
/home/git/gitlab/vendor/bundle/ruby/1.9.1/gems/net-ldap-0.3.1/lib/net/ldap.rb:634:in `search'
/home/git/gitlab/vendor/bundle/ruby/1.9.1/gems/net-ldap-0.3.1/lib/net/ldap.rb:1044:in `search_root_dse'
/home/git/gitlab/vendor/bundle/ruby/1.9.1/gems/net-ldap-0.3.1/lib/net/ldap.rb:1095:in `paged_searches_supported?'
/home/git/gitlab/vendor/bundle/ruby/1.9.1/gems/net-ldap-0.3.1/lib/net/ldap.rb:619:in `search'
/home/git/gitlab/lib/tasks/gitlab/check.rake:702:in `print_users'
/home/git/gitlab/lib/tasks/gitlab/check.rake:692:in `block (3 levels) in <top (required)>'
Tasks: TOP => gitlab:check => gitlab:ldap:check
(See full trace by running task with --trace)

【问题讨论】：

Git configured for git user? ... no Try fixing it: sudo -u git -H git config --global user.name "GitLab" sudo -u git -H git config --global user.email "gitlab@hpsdev01.intranet.ecore.com.br" For more information see: doc/install/installation.md in section "GitLab" Please fix the error above and rerun the checks.你需要为git用户配置git。
所有命令均由 git 用户执行

标签： ruby apache gitlab centos6

【解决方案1】：

warning: Insecure world writable dir /home/git/gitlab/vendor/bundle/ruby/1.9.1/bin in PATH, mode 042777

您的权限似乎太开放了一些问题。通过转到/home/git/gitlab/ 并运行来解决此问题：

find . -type f -print0 | xargs -0 chmod 644（递归所有文件 644）
find . -type d -print0 | xargs -0 chmod 755（递归所有目录755）
sudo -u git -H chmod o-rwx config/database.yml（数据库的额外安全性）

如果不是这样，那么可能是它的 SELinux。您可以通过暂时禁用它来快速检查：

setenforce 0

如果 403 错误消失，则将其重新启用 (setenforce 1)，并在 SELinux 部分查看here 如何使其工作。

【讨论】：

【解决方案2】：

尽管执行时显示错误：

bundle exec rake gitlab:check RAILS_ENV=production

问题出在 Nginx 配置中，下面是我实现的配置：

upstream gitlab {
  server unix:/home/git/gitlab/tmp/sockets/gitlab.socket;
}

server {
  #  listen *:80 default_server;         # e.g., listen 192.168.1.1:80; In most cases *:80 is a good idea
  server_name git.intranet.ecore.com.br;     # e.g., server_name source.example.com;
  server_tokens off;     # don't show the version number, a security best practice
  root /home/git/gitlab/public;

  # individual nginx logs for this gitlab vhost
  access_log  /var/log/nginx/gitlab_access.log;
  error_log   /var/log/nginx/gitlab_error.log;

  location / {
    # serve static files from defined root folder;.
    # @gitlab is a named location for the upstream fallback, see below
    try_files $uri $uri/index.html $uri.html @gitlab;
  }

  # if a file, which is not found in the root folder is requested,
  # then the proxy pass the request to the upsteam (gitlab unicorn)
  location @gitlab {
    proxy_read_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
    proxy_connect_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
    proxy_redirect     off;

    proxy_set_header   X-Forwarded-Proto $scheme;
    proxy_set_header   Host              $http_host;
    proxy_set_header   X-Real-IP         $remote_addr;

    proxy_pass http://gitlab;
  }
}

【讨论】：