We’re working with Gitlab CE version 11.8.3 and trying to enable access control for gitlab pages. I’ve updated the gitlab.rb file setting access_control to true and reconfigured gitlab. The reconfigure added an entry to the Admin UI Applications section and so far it looks like everything is set correctly. The only setting I changed here was checking the api scope (not sure if that’s necessary?).
On my project settings I’ve set Pages access control to ‘Only Project Members’. With that set I logged out and navigated to my pages URL. That redirects me to the gitlab URL for authentication. I sign on and hit Authorize. This is the point where I receive a 503 error. Here’s the error message I see in the gitlab-pages log file.
2019-04-09_17:31:38.41354 time=“2019-04-09T17:31:38Z” level=debug msg=“Fetching access token failed” error=“Post https://<gitlab_server>./oauth/token: x509: failed to load system roots and no roots provided; open /etc/ssl/ca-bundle.pem: permission denied” host=.<gitlab_pages_dns>. path="/auth?code=
Any ideas what causes this error? I’m not sure why gitlab pages is trying to access /etc/ssl/ca-bundle.pem but that file exists and is readable. This is an internal gitlab instance that is running HTTPS with self signed certificates. The cert authority has been added to all ca bundles used by gitlab and the OS.