Clone by http impossible with apache error 500 or 503

Notezik · June 6, 2018, 7:36am

Hi,
I have a common problem which is an error 500 or sometimes 503 when I try to clone a repository via http.

$ git clone https://gitlab.EXAMPLE.org/Maxime/nbodypy.git
Clonage dans 'nbodypy'...
fatal: unable to access 'https://gitlab.EXAMPLE.org/Maxime/nbodypy.git/': The requested URL returned error: 500

I’ve tried to follow some solutions found here for example: Error 500 when pull or clone but without success.

My config:

Apache gitlab.conf:

<VirtualHost *:80>
  ServerName gitlab.EXAMPLE.org
  ServerSignature Off
  
  RewriteEngine On
  RewriteCond %{HTTPS} off
  
  #RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
  RewriteRule .* unix:/var/opt/gitlab/gitlab-workhorse/socket|http://gitlab.EXAMPLE.org%{REQUEST_URI} [P,QSA,NE] # i've tried both

  RewriteCond %{SERVER_NAME} =gitlab.EXAMPLE.org
  RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

<VirtualHost *:443>   SSLEngine on
    #strong encryption ciphers only
    #see ciphers(1) http://www.openssl.org/docs/apps/ciphers.html
    SSLProtocol all -SSLv2
    SSLHonorCipherOrder on
    SSLCipherSuite "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
    Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
    SSLCompression Off
    SSLEngine On

    ServerName	gitlab.EXAMPLE.org
    ServerSignature Off
    ProxyPreserveHost On
    # Ensure that encoded slashes are not decoded but left in their encoded state.
    # http://doc.gitlab.com/ce/api/projects.html#get-single-project
    AllowEncodedSlashes NoDecode
    <Location />
	# New authorization commands for apache 2.4 and up
	# http://httpd.apache.org/docs/2.4/upgrading.html#access
	Require all granted
	#Allow forwarding to gitlab-workhorse
	ProxyPassReverse http://localhost:9191
	ProxyPassReverse http://gitlab.EXAMPLE.org/
    </Location>
    # Apache equivalent of nginx try files
    # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files
    # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab
    RewriteEngine on
    #Forward all requests to gitlab-workhorse except existing files like error documents
    RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
    RewriteCond %{REQUEST_URI} ^/uploads/.*
    RewriteRule .* http://localhost:9099%{REQUEST_URI} [P,QSA,NE]
    RequestHeader set X_FORWARDED_PROTO 'https'
    RequestHeader set X-Forwarded-Ssl on
    # needed for downloading attachments
    DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public
    #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
    ErrorDocument 404 /404.html
    ErrorDocument 422 /422.html
    ErrorDocument 500 /500.html
    ErrorDocument 502 /502.html
    ErrorDocument 503 /503.html
    # It is assumed that the log directory is in /var/log/httpd.
    # For Debian distributions you might want to change this to
    # /var/log/apache2.
    LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
    ErrorLog /var/log/apache2/gitlab_error.log
    CustomLog /var/log/apache2/gitlab_forwarded.log common_forwarded
    CustomLog /var/log/apache2/gitlab_access.log combined env=!dontlog
    CustomLog /var/log/apache2/gitlab.log combined
    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/EXAMPLE.org/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/EXAMPLE.org/privkey.pem
</VirtualHost>

gitlab.rb

external_url 'http://gitlab.EXAMPLE.org'
gitlab_workhorse['enable'] = true            
gitlab_workhorse['listen_network'] = "tcp"
gitlab_workhorse['listen_umask'] = 000    
gitlab_workhorse['listen_addr'] = "localhost:9191"    
gitlab_workhorse['dir'] = "/var/opt/gitlab/gitlab-workhorse"

user['username'] = "gitlab"
user['group'] = "gitlab"

unicorn['listen'] = 'localhost'
unicorn['port'] = 9099

web_server['external_users'] = ['www-data']#[]         
web_server['username'] = 'apache' #'gitlab-www'       
web_server['group'] = 'apache' #'gitlab-www' 

nginx['enable'] = false

Comments

I have a SSL certificate generated by letsencrypt.
I had a gitolite installation before. So I’ve changed the default user for GitLab to gitlab.
Each time Imodify the gitlab.rb, I run

$ gitlab-ctl reconfigure
$ gitlab-ctl restart

I’ve installed the omnibus distribution (gitlab-ee) on Ubuntu 17.10 with apache2 as the web server but I had to modify the source to Xenial

deb https://packages.gitlab.com/gitlab/gitlab-ee/ubuntu/ xenial main
deb-src https://packages.gitlab.com/gitlab/gitlab-ee/ubuntu/ xenial main

The clone using a ssh key works well.

Notezik · June 15, 2018, 6:46am

Someone?