Gitlab Omnibus NGINX Redirection bug : 404 on chrome, OK on Edge

I am having a persistent redirection/configuration bug where I get the custom ruby-generated 404 page on my omnibus gitlab private instance instead of getting into the chat system, which has both the main gitlab and also a virtual host mapped for a chat (mattermost) server. My main site is gitlab.company.com and the chat site is gitlabchat.company.com. Something strange about nginx is that it seems that the virtual host “gitlabchat” which SHOULD work everywhere, only works reliably on Microsoft Edge and IE, and no longer works on Firefox 48.0.2 on Chrome 52.

Here’s a screenshot:

You can see that the site is “DOWN” in Chrome and “UP” and working in Edge. How can this even be? Is this an nginx bug? Is this some virtual hosting glitch? Obviously a single real IP is used for both my mattermost virtual host and the main gitlab virtual host, but the actual URL I am using I would have expected to work fine. I even wonder if my choice of “gitlabchat” (which I felt was more memorable to end users than mattermost, which is a horrifically stupid and non-memorable name) is the reason why I’m in 404 hell.

One thing I’m not sure of is whether I should be using an http or https URL in gitlab.rb when I configure the mattermost URL.

 ## Url on which GitLab will be reachable.
 ## For more details on configuring external_url see:
 ## https://gitlab.com/gitlab-org/omnibus-gitlab/blob/629def0a7a26e7c2326566f0758d4a27857b52a3/README.md#configuring-the-external-url-for-gitlab
 external_url 'http://gitlab.ramsoft.biz'

Changing the above to https brings the entire product screeching to a halt. I wonder why it’s so fragile. Nothing I can think of to fix this weird glitch or even debug it.

Update; I’m studying logs and my gitlab.rb and I think it’s a weird issue related to browser caching, browser security, and self-generated semi-bogus SSL certificates.

Warren

I figured it out. It was a horrible combination of facts:

  1. Google Chrome’s developers, bless their pointy little heads, love to cache redirects. If you are changing URLs, redirections, and anything, remember to clear all Google Chrome caches with the full “Forget Everything for All of Time” settings. For good luck, sacrifice a goat.

  2. It is important if you intend to deploy mattermost and gitlab on a single server, as is done in mattermost, that you have your SSL certs set up correctly. Have a look in gitlab-ctl tail and watch for weird issues there, and sort those out FIRST.

  3. If you want http to https redirection on, turn it on. (I wanted it on.)

  4. Check after you turn that on that you have https in both the mattermost and the gitlab root URLs in gitlab.rb omnibus-config file.

  5. After making the change, check that the redirect-after-logon URLs are correct. Go to admin area. Click Applications. In System OAUTH Applications, find your mattermost site listed, and edit it. Make sure the URLs are correct. For example, using https if that’s what you want, instead of http.

Generally:

  • Any mismatch between http/https is bad.
  • Google chrome is the most unforgiving case, and latest Firefox is almost as unforgiving of mismatches
  • Edge and for some old Firefox versions, seems to just work when you mismatch http and https redirections.

ref:

Hope this helps somebody.

1 Like