I’ve installed Gitlab via apt-get a while ago and everything was working
until I had to reinstall it a few days ago (because I was accidentally deleting some files on /opt).

For reinstalling I used:
gitlab-ctl stop
systemctl stop gitlab-runsvdir.service
ps aux | grep postgre # (check if there are any postgres processes; shouldn’t be)
apt-get purge gitlab-ce
rm -rf /opt/gitlab/ /var/opt/gitlab /etc/gitlab
reboot
apt-get install gitlab-ce

After the installation I cannot clone or push to/from gitlab either with ssh or https.

I can connect via ssh to the server, but I get to a sh shell like it is configured at /etc/passwd.
There is not welcome message like it should be. I’ve seen the command in the authorized_keys file of user gits home and it seems like its not executed.

I also have access to the webinterface with my internal configured sub-domain (i am disguising it here in the text).
Cloning via ssh gives the following output (URLs were copied from the webinterface):
git clone git@git.myhost.de:Prophet/neu.git

Klone nach ‘neu’ …
fatal: ‘Prophet/neu.git’ does not appear to be a git repository
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

Cloning via https:
git clone https://git.myhost.de/Prophet/neu.git

Klone nach ‘neu’ …
fatal: unable to access ‘https://git.myhost.de/Prophet/neu.git/’: gnutls_handshake() failed: Key usage violation in certificate has been detected.

I think both problems have different sources, because im using gitlab behind nginx as a reversed proxy.
I tried to fix the https error with changing the ssl ciphers, but its not fixing the problem.
As I said in the beginning, i was using these configuration before the reinstallation and at least ssh was working with cloning/pulling!

I’m wondering what these warnings/errors from gitlab-shell mean… (at the end)

These are my configs:

• System information
• System: Debian 8.9
• Current User: git
• Using RVM: no
• Ruby Version: 2.3.5p376
• Gem Version: 2.6.13
• Bundler Version:1.13.7
• Rake Version: 12.0.0
• Redis Version: 3.2.5
• Git Version: 2.13.5
• Sidekiq Version:5.0.4
• Go Version: unknown
• GitLab information
• Version: 10.0.3
• Revision: 8895150
• Directory: /opt/gitlab/embedded/service/gitlab-rails
• DB Adapter: postgresql
• URL: https://git.myhost.de
• HTTP Clone URL: https://git.myhost.de/some-group/some-project.git
• SSH Clone URL: git@git.myhost.de:some-group/some-project.git
• Using LDAP: no
• Using Omniauth: no
• GitLab Shell
• Version: 5.9.0
• Repository storage paths:
• • default: /var/opt/gitlab/git-data/repositories
• Hooks: /opt/gitlab/embedded/service/gitlab-shell/hooks
• Git: /opt/gitlab/embedded/bin/git

nginx host:

• server {

•     listen          80;
  

•     server_name git.myhost.de;
  

•     return 301 https://$http_host$request_uri;
  

• }
• upstream gitlab-workhorse {
• server unix:/var/opt/gitlab/gitlab-workhorse/socket fail_timeout=0;
• }
• server {

• listen       443 ssl http2;
  

• server_name  git.myhost.de;
  

•     ssl on;
  

•     ssl_certificate /etc/ssl/self-signed/git-cert-chain.pem;
  

•     ssl_certificate_key /etc/ssl/self-signed/git-key.pem;
  

•     # sendet Browser den Befehl die naechsten 365 Tage nur noch https zu nutzen, also keine http Anfragen beim Server mehr
  

•     add_header Strict-Transport-Security "max-age=31536000; preload";
  

• root /opt/gitlab/embedded/service/gitlab-rails/public;

• GitLab needs backwards compatible ciphers to retain compatibility with Java IDEs

• ssl_ciphers “ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4”;

• ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA;

• See app/controllers/application_controller.rb for headers set

• Individual nginx logs for this GitLab vhost

• access_log /var/log/nginx/gitlab_access.log;
• error_log /var/log/nginx/gitlab_error.log;
• location / {

• client_max_body_size 0;
  

• gzip off;
  

• ## https://github.com/gitlabhq/gitlabhq/issues/694
  

• ## Some requests take more than 30 seconds.
  

• proxy_read_timeout      300;
  

• proxy_connect_timeout   300;
  

• proxy_redirect          off;
  

• proxy_http_version 1.1;
  

• proxy_set_header    Host                $http_host;
  

• proxy_set_header    X-Real-IP           $remote_addr;
  

• proxy_set_header    X-Forwarded-Ssl     on;
  

• proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
  

• proxy_set_header    X-Forwarded-Proto   $scheme;
  

• proxy_pass http://127.0.0.1:60994;
  

• }
• }

/etc/gitlab/gitlab.rb

• ##! https://docs.gitlab.com/omnibus/settings/configuration.html#configuring-the-external-url-for-gitlab
• external_url ‘https://git.myhost.de’
• ################################################################################

• gitlab-shell

• ################################################################################
• gitlab_shell[‘http_settings’] = { user: ‘username’, password: ‘password’, ca_file: ‘/etc/ssl/cert.pem’, ca_path: ‘/etc/pki/tls/certs’, self_signed_cert: true}
• ################################################################################

• GitLab Nginx

• ##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html
• ################################################################################
• nginx[‘ssl_certificate’] = “/etc/ssl/self-signed/git-cert-chain.pem”
• nginx[‘ssl_certificate_key’] = “/etc/ssl/self-signed/git-key.pem”

• nginx[‘ssl_ciphers’] = “ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256”

• nginx[‘ssl_prefer_server_ciphers’] = “on”

• nginx[‘ssl_dhparam’] = nil # Path to dhparams.pem, eg. /etc/gitlab/ssl/dhparams.pem

• nginx[‘listen_addresses’] = [‘127.0.0.1’]
• ##! Override only if you use a reverse proxy
• ##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-the-nginx-listen-port
• nginx[‘listen_port’] = 60994
• ##! Override only if your reverse proxy internally communicates over HTTP
• ##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#supporting-proxied-ssl
• nginx[‘listen_https’] = false
• nginx[‘proxy_set_headers’] = {
• “X-Forwarded-Proto” => “https”,
• “X-Forwarded-Ssl” => “on”,
• }

• Nginx status

• nginx[‘status’] = {
• “enable” => false,
• }

gitlab-rake gitlab:check RAILS_ENV=production

• Checking GitLab Shell …
• GitLab Shell version >= 5.9.0 ? … OK (5.9.0)
• Repo base directory exists?
• default… yes
• Repo storage directories are symlinks?
• default… no
• Repo paths owned by git:root, or git:git?
• default… yes
• Repo paths access is drwxrws—?
• default… yes
• hooks directories in repos are links: …
• USER / neu … repository is empty
• Running /opt/gitlab/embedded/service/gitlab-shell/bin/check
• Check GitLab API access: OK
• Redis available via internal API: OK
• Access to /var/opt/gitlab/.ssh/authorized_keys: OK
• gitlab-shell self-check successful
• Checking GitLab Shell … Finished
• Checking Sidekiq …
• Running? … yes
• Number of Sidekiq processes … 1
• Checking Sidekiq … Finished
• Reply by email is disabled in config/gitlab.yml
• Checking LDAP …
• LDAP is disabled in config/gitlab.yml
• Checking LDAP … Finished
• Checking GitLab …
• Git configured correctly? … yes
• Database config exists? … yes
• All migrations up? … yes
• Database contains orphaned GroupMembers? … no
• GitLab config exists? … yes
• GitLab config up to date? … yes
• Log directory writable? … yes
• Tmp directory writable? … yes
• Uploads directory exists? … yes
• Uploads directory has correct permissions? … yes
• Uploads directory tmp has correct permissions? … yes
• Init script exists? … skipped (omnibus-gitlab has no init script)
• Init script up-to-date? … skipped (omnibus-gitlab has no init script)
• Projects have namespace: …
• USER / neu … yes
• Redis version >= 2.8.0? … yes
• Ruby version >= 2.3.3 ? … yes (2.3.5)
• Git version >= 2.7.3 ? … yes (2.13.5)
• Git user has default SSH configuration? … yes
• Active users: … 1
• Checking GitLab … Finished

/var/log/gitlab/gitlab-shell/gitlab-shell.log

• I, [2017-10-16T00:20:58.307056 #31131] INFO – : GET http://127.0.0.1:8080/api/v4/internal/check 0.00074
• W, [2017-10-16T00:25:49.541894 #8668] WARN – : Failed to connect to internal API <GET
• http://127.0.0.1:8080/api/v4/internal/check>: #<Net::ReadTimeout: Net::ReadTimeout>
• I, [2017-10-16T00:25:49.542106 #8668] INFO – : GET http://127.0.0.1:8080/api/v4/internal/check 10.00903
• I, [2017-10-16T00:30:44.248335 #18784] INFO – : GET http://127.0.0.1:8080/api/v4/internal/discover?key_id= 8.97961
• E, [2017-10-16T00:30:44.248570 #18784] ERROR – : API call <GET http://127.0.0.1:8080/api/v4/internal/discover?key_id=>
• failed: 404 => <{“message”:“404 Not found”}>.
• I, [2017-10-16T00:34:21.466648 #29318] INFO – : GET http://127.0.0.1:8080/api/v4/internal/check 0.01309
• I, [2017-10-16T00:35:00.585943 #31148] INFO – : GET http://127.0.0.1:8080/api/v4/internal/check 5.01478