Gitlab-shell trying to access API through http proxy (no_proxy is set up)

I installed GitLab through deb package gitlab-ce (v8.3.4-ce.0, arch amd64) and my environment is the following:

GitLab 8.3.4
GitLab Shell 2.6.9
GitLab API v3
Ruby 2.1.7p400
Rails 4.2.4


# this file was generated by for
# the repository at
deb jessie main
deb-src jessie main

# Passenger
deb jessie main

# Dotdeb repo for Jessie

deb jessie all
deb-src jessie all


nginx version: nginx/1.8.0
built with OpenSSL 1.0.1k 8 Jan 2015
TLS SNI support enabled

configure arguments: --with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2' --with-ld-opt=-Wl,-z,relro --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/ --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_addition_module --with-http_dav_module --with-http_flv_module --with-http_geoip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_mp4_module --with-http_perl_module --with-http_random_index_module --with-http_secure_link_module --with-http_spdy_module --with-http_sub_module --with-http_xslt_module --with-mail --with-mail_ssl_module --add-module=/tmp/buildd/nginx-1.8.0/debian/modules/headers-more-nginx-module --add-module=/tmp/buildd/nginx-1.8.0/debian/modules/nginx-auth-pam --add-module=/tmp/buildd/nginx-1.8.0/debian/modules/nginx-cache-purge --add-module=/tmp/buildd/nginx-1.8.0/debian/modules/nginx-dav-ext-module --add-module=/tmp/buildd/nginx-1.8.0/debian/modules/nginx-development-kit --add-module=/tmp/buildd/nginx-1.8.0/debian/modules/nginx-echo --add-module=/tmp/buildd/nginx-1.8.0/debian/modules/ngx-fancyindex --add-module=/tmp/buildd/nginx-1.8.0/debian/modules/nginx-http-push --add-module=/tmp/buildd/nginx-1.8.0/debian/modules/nginx-lua --add-module=/tmp/buildd/nginx-1.8.0/debian/modules/nginx-upload-progress --add-module=/tmp/buildd/nginx-1.8.0/debian/modules/nginx-upstream-fair --add-module=/tmp/buildd/nginx-1.8.0/debian/modules/ngx_http_substitutions_filter_module --add-module=/tmp/buildd/nginx-1.8.0/debian/modules/passenger/src/nginx_module

Phusion Passenger:

Version: 5.0.23
Date   : 2016-01-18 12:38:59 -0300
------------- Apache processes -------------
*** WARNING: The Apache executable cannot be found.
Please set the APXS2 environment variable to your 'apxs2' executable's filename, or set the HTTPD environment variable to your 'httpd' or 'apache2' executable's filename.

--------- Nginx processes ---------
PID  PPID  VMSize    Private  Name
738  1     139.2 MB  0.5 MB   nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
739  738   139.2 MB  0.5 MB   nginx: worker process
740  738   139.5 MB  0.7 MB   nginx: worker process
741  738   139.5 MB  0.8 MB   nginx: worker process
742  738   139.2 MB  0.5 MB   nginx: worker process
### Processes: 5
### Total private dirty RSS: 3.00 MB

----- Passenger processes -----
PID  VMSize     Private   Name
682  420.9 MB   1.1 MB    Passenger watchdog
698  1242.0 MB  2.9 MB    Passenger core
709  429.3 MB   1.2 MB    Passenger ust-router
903  547.7 MB   289.3 MB  Passenger RubyApp: /opt/gitlab/embedded/service/gitlab-rails/public
### Processes: 4
### Total private dirty RSS: 294.60 MB

/etc/hosts: gitlab.local
# Proxy asi.proxy

My gitlab.rb file looks like this (grep -vi “^#” /etc/gitlab/gitlab.rb | uniq):

external_url 'http://gitlab.local'
gitlab_rails['internal_api_url'] = 'http://gitlab.local'
gitlab_rails['env'] = {
        "http_proxy"    =>      "http://<masked user:password>@asi.proxy:8080",
        "HTTP_PROXY"    =>      "http://<masked user:password>@asi.proxy:8080",
        "HTTPS_PROXY"   =>      "http://<masked user:password>@asi.proxy:8080",
        "no_proxy"      =>      ", localhost,,, *.local"
unicorn['enable'] = false
gitlab_shell['log_level'] = 'DEBUG'
web_server['external_users'] = ['www-data']
nginx['enable'] = false

I have a repo named “sinigep” created within a group called “sinigep”, and my problem is that, while trying to run git clone, I get the following error:

$ git clone git@gitlab.local:sinigep/sinigep.git
Cloning into 'sinigep'...
GitLab: API is not accessible
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

If I run “gitlab-ctl tail” before trying to run git clone, I get the following output:

==> /var/log/gitlab/gitlab-shell/gitlab-shell.log <==
D, [2016-01-18T12:47:20.856889 #26653] DEBUG -- : Performing POST http://gitlab.local/api/v3/internal/allowed
E, [2016-01-18T12:47:20.868974 #26653] ERROR -- : API call <POST http://gitlab.local/api/v3/internal/allowed> failed: 302 => <<masked html output stating access denied from proxy>>
W, [2016-01-18T12:47:20.869135 #26653]  WARN -- : gitlab-shell: Access denied for git command <git-upload-pack 'sinigep/sinigep.git'> by user with key key-2.

So basically, gitlab-shell is trying to POST to the GitLab API through the proxy, ignoring the “no_proxy” environment var set up for RAILS.

Is there a way to fix this?

Here is the selfcheck:

# gitlab-rake gitlab:check
Checking GitLab Shell ...

GitLab Shell version >= 2.6.9 ? ... OK (2.6.9)
Repo base directory exists? ... yes
Repo base directory is a symlink? ... no
Repo base owned by git:git? ... yes
Repo base access is drwxrws---? ... yes
hooks directories in repos are links: ...
sinigep / sinigep ... repository is empty
Running /opt/gitlab/embedded/service/gitlab-shell/bin/check
Check GitLab API access: FAILED. code: 302
gitlab-shell self-check failed
  Try fixing it:
  Make sure GitLab is running;
  Check the gitlab-shell configuration file:
  sudo -u git -H editor /opt/gitlab/embedded/service/gitlab-shell/config.yml
  Please fix the error above and rerun the checks.

Checking GitLab Shell ... Finished

Checking Sidekiq ...

Running? ... yes
Number of Sidekiq processes ... 1

Checking Sidekiq ... Finished

Checking Reply by email ...

Reply by email is disabled in config/gitlab.yml

Checking Reply by email ... Finished

Checking LDAP ...

LDAP is disabled in config/gitlab.yml

Checking LDAP ... Finished

Checking GitLab ...

Git configured with autocrlf=input? ... yes
Database config exists? ... yes
Database is SQLite ... no
All migrations up? ... yes
Database contains orphaned GroupMembers? ... no
GitLab config exists? ... yes
GitLab config outdated? ... no
Log directory writable? ... yes
Tmp directory writable? ... yes
Uploads directory setup correctly? ... yes
Init script exists? ... skipped (omnibus-gitlab has no init script)
Init script up-to-date? ... skipped (omnibus-gitlab has no init script)
projects have namespace: ...
sinigep / sinigep ... yes
Redis version >= 2.8.0? ... yes
Ruby version >= 2.1.0 ? ... yes (2.1.7)
Your git bin path is "/opt/gitlab/embedded/bin/git"
Git version >= 1.7.10 ? ... yes (2.6.1)
Active users: 3

Checking GitLab ... Finished

And this is the config.yml file for gitlab-shell (# grep -vi “^#” /opt/gitlab/embedded/service/gitlab-shell/config.yml | uniq)

user: git
gitlab_url: "http://gitlab.local"


repos_path: "/var/opt/gitlab/git-data/repositories"

auth_file: "/var/opt/gitlab/.ssh/authorized_keys"

  bin: /opt/gitlab/embedded/bin/redis-cli
  socket: /var/opt/gitlab/redis/redis.socket
  namespace: resque:gitlab

log_file: "/var/log/gitlab/gitlab-shell/gitlab-shell.log"

log_level: DEBUG