Error when attempting to use yubikey on self-hosted instance

When trying to setup a yubikey on my self hosted instance, i receive the error WebAuthn::OriginVerificationError, this does not happen on the official instance at gitlab.com, or any other instance from what I can tell. I’m running GitLab inside of docker, with that running behind a nginx reverse proxy, my nginx configuration can be seen below.

upstream gitlab {
  server 127.0.0.1:8282;
}

server {
  server_name oss.lgbt;

  location / {
    proxy_pass http://gitlab;
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    client_max_body_size 0;
    proxy_redirect off;
  }

  location /bb940ab900c58f3046bb6411042f6012.html {
    root /opt/gitlab/www;
    index bb940ab900c58f3046bb6411042f6012.html;
  }

  listen 443 ssl; # managed by Certbot
  ssl_certificate /etc/letsencrypt/live/oss.lgbt/fullchain.pem; # managed by Certbot
  ssl_certificate_key /etc/letsencrypt/live/oss.lgbt/privkey.pem; # managed by Certbot
  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}


server {
  if ($host = oss.lgbt) {
    return 301 https://$host$request_uri;
  } # managed by Certbot
  listen 80;
  server_name oss.lgbt;
  return 404; # managed by Certbot
}

Figured it out, had to manually set these in my config:

external_url 'https://oss.lgbt'
nginx['listen_https'] = false
nginx['listen_port'] = 80
1 Like

hanna,

I encountered the same problem. Where exactly did you put these directives?

@johanhenselmans most likely in /etc/gitlab/gitlab.rb if using Gitlab Omnibus version.