Omnibus GitLab and Plesk 17 onyx using SSL

How to Use GitLab Self-managed
1

Hello,

I just installed gitlab on my ubuntu 16 server, running plesk 17 onyx.

I use a letsencrypt SSL certificate.

I followed few tutorials:

  1. Install gitlab omnibus: https://about.gitlab.com/downloads/#ubuntu1604
  2. Confige for using with subdomain: http://stackoverflow.com/questions/24684434/installing-gitlab-on-vps-running-parallels-plesk
  3. use SSL: http://www.nullalo.com/en/install-and-configure-gitlab-with-plesk-12-on-centos-6/2/

Now when I call my domain, I get this error in my errorlog: 2477#0: *2475 directory index of “/var/www/vhosts/subDomainName/” is forbidden - nginx error

In my browser I only see 403- Forbidden. - nginx

When I try to call: myDomain.tld/index.php It tells me “File not found” - No 404.html errorpage by gitlab

When I call myDomain.tld/404.html or myDomain.tld/deploy.html - I get the correct html page, what I can find and edit in this folder: /opt/gitlab/embedded/service/gitlab-rails/public

Please, can somebody help me with this problem?

I think it is not a big problem anymore, but I do not know where to look for it. I have tried many instructions to follow.

Thank you very much.

2

Update: When I call myDomain.tld/notExistingFile.hml I can sign up and log in. When I am logged in, I just get 404 error page.

3

In my thread you wrote that you are getting a “Too many redirects”-error. Did you tried to delete the cookies? I once had similar issues and deleting the cookies fixed the problem.

If this does not do the trick, please provide us with your full nginx vhost config (you may change your domain name :smile:)…

Best regards,

seschi98

4

Hello.

I deleted my Cookies, no difference.

Also I try to use gitlab as subdomain od my domain (gitlab.domain.tld).
I created symlinks in /etc/gitlab/ssl to my certificates. My SSL Certificate works fine, for m domain and for my subdomain and for gitlab.
gitlab.domain.tld.crt => /opt/psa/var/modules/letsencrypt/etc/archive/gitlab.domain.tld/cert1.pem
gitlab.domain.tld.key => /opt/psa/var/modules/letsencrypt/etc/archive/gitlab.domain.tld/privkey1.pem

When I calles gitlab.domain.tld/notExistingFile.html
It redirected me to login (gitlab.domain.tld/users/sign_in)
So I was already able to create my administrator account,
also set the password for it.
After Login I received only 404 error pages.
Then I opend the site in another browser, see login page.
After success Login I received only 404 error pages.

For a few days I have tried many things and advice.
But I’m just coming from one mistake to another.
I can not remember with which configuration I at least could log on.
Acctually I get this error: 502 Bad Gateway - nginx

Here is my current configuration:

/etc/gitlab/gitlab.rb

external_url 'https://gitlab.domain.tld'
gitlab_rails['gitlab_shell_ssh_port'] = 22 
web_server['external_users'] = ['Plesk web Hosting Access User']
nginx['enable'] = false 
nginx['redirect_http_to_https'] = true 
nginx['listen_https'] = false

/etc/nginx/conf.d/gitlab.conf

upstream gitlab {
    # for omnibus installation
    server unix:/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket;
}

In Plesk

Plesk => Domain => Apache & nginx Settings => Common Apache settings, everything is set to default
Plesk => Domain => Apache & nginx Settings => Restrict the ability to follow symbolic links is not checked
Plesk => Domain => Apache & nginx Settings => Proxy mode is checked
Plesk => Domain => Apache & nginx Settings => Additional nginx directives
location ~ / {
# for omnibus installation
root /opt/gitlab/embedded/service/gitlab-rails/public;
try_files $uri $uri/index.html $uri.html @gitlab;
}

    # if a file, which is not found in the root folder is requested,
    # then the proxy pass the request to the upsteam (gitlab unicorn)
    location @gitlab {
        proxy_read_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
        proxy_connect_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
        proxy_redirect     off;

        proxy_set_header   X-Forwarded-Proto $scheme;
        proxy_set_header   Host              $http_host;
        proxy_set_header   X-Real-IP         $remote_addr;

        proxy_pass http://gitlab;

    }

And thank you very much, you are the first who try to help me.

5

Have you tried this http://www.nullalo.com/en/install-and-configure-gitlab-with-plesk-12-on-centos-6/?

6

Hello axil.
I am really very grateful that you took the time. And try to help.

I think I’ve done everything exactly as it should be made for Gitlab 8.2.X.

I started today again with the complete configuration, just with this link from you, but still got the error:

“403 GET / HTTP/2.0 - nginx SSL/TLS access”
“817#0: *1 directory index of “/var/www/vhosts/subdomain.domin,tld/gitlab/” is forbidden”

Since these changes I can not sign up. I am referred to the error page 502…

But thank you very very much for your help. Maybe we can solve this in the next days.

My current configuration, I only replaced here my domain by domain.subdomain.tld, anything else is 1:1 as here:

/etc/nginx/conf.d/gitlab.conf

upstream gitlab {
  server unix:/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket fail_timeout=0;
}
 
upstream gitlab-workhorse {
  server localhost:8181;
}

/etc/gitlab.gitlab.rb

external_url 'https://subdomain.domain.tld'
nginx['enable'] = false
ci_nginx['enable'] = false
nginx['listen_https'] = false 
nginx['redirect_http_to_https'] = true
nginx['ssl_certificate'] = "/etc/gitlab/ssl/subdomain.domain.tld.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/subdomain.domain.tld.key"

gitlab_workhorse['listen_network'] = "tcp"
gitlab_workhorse['listen_addr'] = "localhost:8181"

gitlab_rails['gitlab_shell_ssh_port'] = 22

Additional directives in Plesk nginx:

location /uploads/ {
	## If you use HTTPS make sure you disable gzip compression
	## to be safe against BREACH attack.
	# gzip off;

	proxy_read_timeout      300;
	proxy_connect_timeout   300;
	proxy_redirect          off;

	proxy_set_header    Host                $http_host;
	proxy_set_header    X-Real-IP           $remote_addr;
	proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
	proxy_set_header    X-Forwarded-Proto   $scheme;
	proxy_set_header    X-Frame-Options     SAMEORIGIN;

	proxy_pass http://gitlab;
}

location @gitlab {
	## If you use HTTPS make sure you disable gzip compression
	## to be safe against BREACH attack.
	# gzip off;

	proxy_read_timeout      300;
	proxy_connect_timeout   300;
	proxy_redirect          off;

	proxy_set_header    Host                $http_host;
	proxy_set_header    X-Real-IP           $remote_addr;
	proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
	proxy_set_header    X-Forwarded-Proto   $scheme;
	proxy_set_header    X-Frame-Options     SAMEORIGIN;

	proxy_pass http://gitlab;
}

location ~ ^/[\w\.-]+/[\w\.-]+/gitlab-lfs/objects {
	client_max_body_size 0;
	error_page 418 = @gitlab-workhorse;
	return 418;
}

location ~ ^/[\w\.-]+/[\w\.-]+/(info/refs|git-upload-pack|git-receive-pack)$ {
	client_max_body_size 0;
	error_page 418 = @gitlab-workhorse;
	return 418;
}

location ~ ^/[\w\.-]+/[\w\.-]+/repository/archive {
	client_max_body_size 0;
	error_page 418 = @gitlab-workhorse;
	return 418;
}

location ~ ^/api/v3/projects/.*/repository/archive {
	client_max_body_size 0;
	error_page 418 = @gitlab-workhorse;
	return 418;
}

location ~ ^/[\w\.-]+/[\w\.-]+/builds/download {
	client_max_body_size 0;
	error_page 418 = @gitlab-workhorse;
	return 418;
}

location ~ /ci/api/v1/builds/[0-9]+/artifacts {
	client_max_body_size 0;
	error_page 418 = @gitlab-workhorse;
	return 418;
}

location @gitlab-workhorse {
	client_max_body_size 0;
	## If you use HTTPS make sure you disable gzip compression
	## to be safe against BREACH attack.
	# gzip off;

	proxy_read_timeout      300;
	proxy_connect_timeout   300;
	proxy_redirect          off;

	proxy_buffering off;

	# The following settings only work with NGINX 1.7.11 or newer
	#
	# # Pass chunked request bodies to gitlab-workhorse as-is
	# proxy_request_buffering off;
	# proxy_http_version 1.1;

	proxy_set_header    Host                $http_host;
	proxy_set_header    X-Real-IP           $remote_addr;
	proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
	proxy_set_header    X-Forwarded-Proto   $scheme;

	proxy_pass http://gitlab-workhorse;
}

location ~ ^/(assets)/ {
	root /opt/gitlab/embedded/service/gitlab-rails/public;
	gzip_static on; # to serve pre-gzipped version
	expires max;
	add_header Cache-Control public;
}

location ~ / {
	root /opt/gitlab/embedded/service/gitlab-rails/public;
	try_files $uri $uri/index.html $uri.html @gitlab;
}

error_page 502 /502.html;
8

I found the solution. The error occurred because Plesk PHP support was enabled for my virtual host. I disabled the PHP support in the PHP settings. After that, everything worked fine.

2 Likes
9

Wow, thanks! I really struggled to find any errors - This just saved my day!

1 Like