502 error when accessing Gitlab Pages deployed links or artifacts

I currently get a 502 error when trying to access any of my Gitlab Pages links that are deployed, and the artifacts created by my runner once the pipeline is created also give this 502 error. I expect the Pages links to work and the artifacts also accessible.

We are currently implementing a self-managed Gitlab service running inside a zero-trust network. I have two instances, Instance A running Gitlab EE 16.7.3 which will be hosting my Gitlab setup, and Instance B running the same AMI which is my Gitlab Pages configuration.

Configuration

Main gitlab.rb file:

external_url ‘https://gitlab.example.ztna’

gitlab_rails[‘monitoring_whitelist’] = [‘127.0.0.0/8’, ‘10.0.0.0/8’]

postgresql[‘enable’] = false

gitlab_rails[‘db_adapter’] = “postgresql”
gitlab_rails[‘db_encoding’] = “unicode”
gitlab_rails[‘db_database’] = “DB_NAME”
gitlab_rails[‘db_username’] = “DB_USERNAME”
gitlab_rails[‘db_password’] = “DB_PASSWORD”
gitlab_rails[‘db_host’] = “DB_HOST.REGION.rds.amazonaws.com”

redis[‘enable’] = false

gitlab_rails[‘redis_host’] = “REDIS_HOST.REGION.cache.amazonaws.com”
gitlab_rails[‘redis_port’] = REDIS_PORT

git_data_dirs({
“default” => { “path” => “/mnt/nfs/gitlab-data” }
})

gitlab_pages[‘enable’] = false
gitlab_pages[‘access_control’] = true
pages_external_url “http://pages.example.ztna”

gitlab_pages[“namespace_in_path”] = true

Pages gitlab.rb file:

external_url ‘http://pages.example.ztna’
pages_external_url “http://pages.example.ztna”
gitlab_rails[‘pages_path’] = “/mnt/nfs/gitlab-data/pages”

gitlab_pages[‘gitlab_server’] = “https://gitlab.example.ztna”
gitlab_pages[‘access_control’] = true

gitlab_pages[“namespace_in_path”] = true

postgresql[‘enable’] = false
redis[‘enable’] = false
prometheus[‘enable’] = false
unicorn[‘enable’] = false
sidekiq[‘enable’] = false
gitlab_workhorse[‘enable’] = false
gitaly[‘enable’] = false
alertmanager[‘enable’] = false
node_exporter[‘enable’] = false
gitlab_rails[‘auto_migrate’] = false

Any help would be much appreciated.

An update:

I have reconfigured both instances with just HTTP and starting very barebones so I can pinpoint the error. I can access the artifact uploaded, a very simple HTML test page:

Accessable via: http://GITLAB_PAGES_IP/root/-/pagesproject2/-/jobs/1/artifacts/public/index.html

image1000×616 7.04 KB

However when accessing the generated pages link (http://GITLAB_PAGES_IP/pagesproject2-root-33805350bbe11398dcc147666c3ce5cb4e0424152a9f) I get an nginx 404 error:

image3236×944 85.7 KB

My Gitlab Pages logs shows as:

==> /var/log/gitlab/gitlab-pages/current <==
{“error”:“permission denied”,“level”:“error”,“msg”:“requested filepath "/var/opt/gitlab/gitlab-rails/shared/pages/@hashed/d4/73/d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35/pages_deployments/1/artifacts.zip" not in allowed paths: "/mnt/nfs/gitlab-data/pages"”,“time”:“2024-05-06T14:11:28Z”}
{“archive_url”:“file:///var/opt/gitlab/gitlab-rails/shared/pages/@hashed/d4/73/d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35/pages_deployments/1/artifacts.zip”,“error”:“httprange: new resource 403: "403 Forbidden"”,“level”:“info”,“msg”:“read zip archive request failed”,“time”:“2024-05-06T14:11:28Z”}
{“correlation_id”:“01HX73XJ715M4TY10SJ38N35VB”,“error”:“httprange: new resource 403: "403 Forbidden"”,“host”:“root.GITLAB_PAGES_IP”,“level”:“error”,“msg”:“vfs.Root”,“path”:“/pagesproject2”,“time”:“2024-05-06T14:11:28Z”}
{“content_type”:“text/html; charset=utf-8”,“correlation_id”:“01HX73XJ715M4TY10SJ38N35VB”,“duration_ms”:196,“host”:“root.100.112.232.193”,“level”:“info”,“method”:“GET”,“msg”:“access”,“pages_https”:false,“proto”:“HTTP/1.1”,“referrer”:“”,“remote_addr”:“MY_IP”,“remote_ip”:“MY_IP”,“status”:500,“system”:“http”,“time”:“2024-05-06T14:11:28Z”,“ttfb_ms”:196,“uri”:“/pagesproject2”,“user_agent”:“Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36”,“written_bytes”:2905}

File permissions also seem fine:

sudo ls -l /mnt/nfs/gitlab-data/pages
total 24
drwxr-xr-x 5 git git 6144 May 3 12:26 @hashed
-rw------- 1 git git 19222 May 3 10:57 gitlab-secrets.json