Gitlab Pages 503 error when access control is enabled


We’re working with Gitlab CE version 11.8.3 and trying to enable access control for gitlab pages. I’ve updated the gitlab.rb file setting access_control to true and reconfigured gitlab. The reconfigure added an entry to the Admin UI Applications section and so far it looks like everything is set correctly. The only setting I changed here was checking the api scope (not sure if that’s necessary?).

On my project settings I’ve set Pages access control to ‘Only Project Members’. With that set I logged out and navigated to my pages URL. That redirects me to the gitlab URL for authentication. I sign on and hit Authorize. This is the point where I receive a 503 error. Here’s the error message I see in the gitlab-pages log file.

2019-04-09_17:31:38.41354 time=“2019-04-09T17:31:38Z” level=debug msg=“Fetching access token failed” error=“Post https://<gitlab_server>./oauth/token: x509: failed to load system roots and no roots provided; open /etc/ssl/ca-bundle.pem: permission denied” host=.<gitlab_pages_dns>. path="/auth?code=&state=aJgMmdz4_CZ6lgC97dRZ9g%3D%3D"

Any ideas what causes this error? I’m not sure why gitlab pages is trying to access /etc/ssl/ca-bundle.pem but that file exists and is readable. This is an internal gitlab instance that is running HTTPS with self signed certificates. The cert authority has been added to all ca bundles used by gitlab and the OS.

Thank you!

My team got this to work by changing the gitlab pages URL to a non http URL, running reconfigure, then changing it back and running reconfigure. No idea what that did but it now works.

Dealing with the same issue. Do you mean you changed pages_external_url to https:// instead of http://, then ran gitlab-ctl reconfigure, changed back to http://, then ran gitlab-ctl reconfigure again and everything now works correctly?

I was having “same” issue due to apparently same result showing 503 after authorizing request. However in my case this wasn’t related to accessing some CA file. Therefore seeing same error doesn’t have to be related to same cause. Re-configuring forth and back didn’t help in my case. But having a look into the logfile of gitlab-pages helped a lot. To see errors causing the 503 I had to enable verbose logging. In my case I was having issue documented here.