I’ve installed Gitlab via apt-get a while ago and everything was working
until I had to reinstall it a few days ago (because I was accidentally deleting some files on /opt).
For reinstalling I used:
gitlab-ctl stop
systemctl stop gitlab-runsvdir.service
ps aux | grep postgre
# (check if there are any postgres processes; shouldn’t be)
apt-get purge gitlab-ce
rm -rf /opt/gitlab/ /var/opt/gitlab /etc/gitlab
reboot
apt-get install gitlab-ce
After the installation I cannot clone or push to/from gitlab either with ssh or https.
I can connect via ssh to the server, but I get to a sh shell like it is configured at /etc/passwd.
There is not welcome message like it should be. I’ve seen the command in the authorized_keys file of user gits home and it seems like its not executed.
I also have access to the webinterface with my internal configured sub-domain (i am disguising it here in the text).
Cloning via ssh gives the following output (URLs were copied from the webinterface):
git clone git@git.myhost.de:Prophet/neu.git
Klone nach ‘neu’ …
fatal: ‘Prophet/neu.git’ does not appear to be a git repository
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Cloning via https:
git clone https://git.myhost.de/Prophet/neu.git
Klone nach ‘neu’ …
fatal: unable to access ‘https://git.myhost.de/Prophet/neu.git/’: gnutls_handshake() failed: Key usage violation in certificate has been detected.
I think both problems have different sources, because im using gitlab behind nginx as a reversed proxy.
I tried to fix the https error with changing the ssl ciphers, but its not fixing the problem.
As I said in the beginning, i was using these configuration before the reinstallation and at least ssh was working with cloning/pulling!
I’m wondering what these warnings/errors from gitlab-shell mean… (at the end)
These are my configs:
- System information
- System: Debian 8.9
- Current User: git
- Using RVM: no
- Ruby Version: 2.3.5p376
- Gem Version: 2.6.13
- Bundler Version:1.13.7
- Rake Version: 12.0.0
- Redis Version: 3.2.5
- Git Version: 2.13.5
- Sidekiq Version:5.0.4
- Go Version: unknown
- GitLab information
- Version: 10.0.3
- Revision: 8895150
- Directory: /opt/gitlab/embedded/service/gitlab-rails
- DB Adapter: postgresql
- URL: https://git.myhost.de
- HTTP Clone URL: https://git.myhost.de/some-group/some-project.git
- SSH Clone URL: git@git.myhost.de:some-group/some-project.git
- Using LDAP: no
- Using Omniauth: no
- GitLab Shell
- Version: 5.9.0
- Repository storage paths:
-
- default: /var/opt/gitlab/git-data/repositories
- Hooks: /opt/gitlab/embedded/service/gitlab-shell/hooks
- Git: /opt/gitlab/embedded/bin/git
nginx host:
- server {
-
listen 80;
-
server_name git.myhost.de;
-
return 301 https://$http_host$request_uri;
- }
- upstream gitlab-workhorse {
- server unix:/var/opt/gitlab/gitlab-workhorse/socket fail_timeout=0;
- }
- server {
-
listen 443 ssl http2;
-
server_name git.myhost.de;
-
ssl on;
-
ssl_certificate /etc/ssl/self-signed/git-cert-chain.pem;
-
ssl_certificate_key /etc/ssl/self-signed/git-key.pem;
-
# sendet Browser den Befehl die naechsten 365 Tage nur noch https zu nutzen, also keine http Anfragen beim Server mehr
-
add_header Strict-Transport-Security "max-age=31536000; preload";
- root /opt/gitlab/embedded/service/gitlab-rails/public;
-
GitLab needs backwards compatible ciphers to retain compatibility with Java IDEs
-
ssl_ciphers “ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4”;
- ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA;
-
See app/controllers/application_controller.rb for headers set
-
Individual nginx logs for this GitLab vhost
- access_log /var/log/nginx/gitlab_access.log;
- error_log /var/log/nginx/gitlab_error.log;
- location / {
-
client_max_body_size 0;
-
gzip off;
-
## https://github.com/gitlabhq/gitlabhq/issues/694
-
## Some requests take more than 30 seconds.
-
proxy_read_timeout 300;
-
proxy_connect_timeout 300;
-
proxy_redirect off;
-
proxy_http_version 1.1;
-
proxy_set_header Host $http_host;
-
proxy_set_header X-Real-IP $remote_addr;
-
proxy_set_header X-Forwarded-Ssl on;
-
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-
proxy_set_header X-Forwarded-Proto $scheme;
-
proxy_pass http://127.0.0.1:60994;
- }
- }
/etc/gitlab/gitlab.rb
- ##! https://docs.gitlab.com/omnibus/settings/configuration.html#configuring-the-external-url-for-gitlab
- external_url ‘https://git.myhost.de’
- ################################################################################
-
gitlab-shell
- ################################################################################
- gitlab_shell[‘http_settings’] = { user: ‘username’, password: ‘password’, ca_file: ‘/etc/ssl/cert.pem’, ca_path: ‘/etc/pki/tls/certs’, self_signed_cert: true}
- ################################################################################
-
GitLab Nginx
- ##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html
- ################################################################################
- nginx[‘ssl_certificate’] = “/etc/ssl/self-signed/git-cert-chain.pem”
- nginx[‘ssl_certificate_key’] = “/etc/ssl/self-signed/git-key.pem”
-
nginx[‘ssl_ciphers’] = “ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256”
-
nginx[‘ssl_prefer_server_ciphers’] = “on”
-
nginx[‘ssl_dhparam’] = nil # Path to dhparams.pem, eg. /etc/gitlab/ssl/dhparams.pem
- nginx[‘listen_addresses’] = [‘127.0.0.1’]
- ##! Override only if you use a reverse proxy
- ##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-the-nginx-listen-port
- nginx[‘listen_port’] = 60994
- ##! Override only if your reverse proxy internally communicates over HTTP
- ##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#supporting-proxied-ssl
- nginx[‘listen_https’] = false
- nginx[‘proxy_set_headers’] = {
- “X-Forwarded-Proto” => “https”,
- “X-Forwarded-Ssl” => “on”,
- }
-
Nginx status
- nginx[‘status’] = {
- “enable” => false,
- }
gitlab-rake gitlab:check RAILS_ENV=production
- Checking GitLab Shell …
- GitLab Shell version >= 5.9.0 ? … OK (5.9.0)
- Repo base directory exists?
- default… yes
- Repo storage directories are symlinks?
- default… no
- Repo paths owned by git:root, or git:git?
- default… yes
- Repo paths access is drwxrws—?
- default… yes
- hooks directories in repos are links: …
- USER / neu … repository is empty
- Running /opt/gitlab/embedded/service/gitlab-shell/bin/check
- Check GitLab API access: OK
- Redis available via internal API: OK
- Access to /var/opt/gitlab/.ssh/authorized_keys: OK
- gitlab-shell self-check successful
- Checking GitLab Shell … Finished
- Checking Sidekiq …
- Running? … yes
- Number of Sidekiq processes … 1
- Checking Sidekiq … Finished
- Reply by email is disabled in config/gitlab.yml
- Checking LDAP …
- LDAP is disabled in config/gitlab.yml
- Checking LDAP … Finished
- Checking GitLab …
- Git configured correctly? … yes
- Database config exists? … yes
- All migrations up? … yes
- Database contains orphaned GroupMembers? … no
- GitLab config exists? … yes
- GitLab config up to date? … yes
- Log directory writable? … yes
- Tmp directory writable? … yes
- Uploads directory exists? … yes
- Uploads directory has correct permissions? … yes
- Uploads directory tmp has correct permissions? … yes
- Init script exists? … skipped (omnibus-gitlab has no init script)
- Init script up-to-date? … skipped (omnibus-gitlab has no init script)
- Projects have namespace: …
- USER / neu … yes
- Redis version >= 2.8.0? … yes
- Ruby version >= 2.3.3 ? … yes (2.3.5)
- Git version >= 2.7.3 ? … yes (2.13.5)
- Git user has default SSH configuration? … yes
- Active users: … 1
- Checking GitLab … Finished
/var/log/gitlab/gitlab-shell/gitlab-shell.log
- I, [2017-10-16T00:20:58.307056 #31131] INFO – : GET http://127.0.0.1:8080/api/v4/internal/check 0.00074
- W, [2017-10-16T00:25:49.541894 #8668] WARN – : Failed to connect to internal API <GET
- http://127.0.0.1:8080/api/v4/internal/check>: #<Net::ReadTimeout: Net::ReadTimeout>
- I, [2017-10-16T00:25:49.542106 #8668] INFO – : GET http://127.0.0.1:8080/api/v4/internal/check 10.00903
- I, [2017-10-16T00:30:44.248335 #18784] INFO – : GET http://127.0.0.1:8080/api/v4/internal/discover?key_id= 8.97961
- E, [2017-10-16T00:30:44.248570 #18784] ERROR – : API call <GET http://127.0.0.1:8080/api/v4/internal/discover?key_id=>
- failed: 404 => <{“message”:“404 Not found”}>.
- I, [2017-10-16T00:34:21.466648 #29318] INFO – : GET http://127.0.0.1:8080/api/v4/internal/check 0.01309
- I, [2017-10-16T00:35:00.585943 #31148] INFO – : GET http://127.0.0.1:8080/api/v4/internal/check 5.01478