I want to install gitlab in my nginx server.
I follow this instruction for the install.
gitlab-ctl reconfigure give me :
There was an error running gitlab-ctl reconfigure:
letsencrypt_certificate[gitlab.domain.dev] (letsencrypt::http_authorization line 5) had an error: RuntimeError: acme_certificate[staging] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/resources/certificate.rb line 25) had an error: RuntimeError: ruby_block[create certificate for gitlab.domain.dev] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/acme/resources/certificate.rb line 108) had an error: RuntimeError: [gitlab.domain.dev] Validation failed, unable to request certificate
I use :
- Debian 8
- Nginx
- My firewall allow 443 & 80 (i have one site in http
foo.comand one in httpsdomain.dev) - I have access to sudo (or root)
apt install ca-certificates curl openssh-server postfix
I try :
- Create subdomaine
gitlab.domain.devin my dns - Create SSL cert. for this domain with certbot
- At this step the subdomain is ok
- Install gitlab whit
EXTERNAL_URL="https://gitlab.domain.dev" apt-get install gitlab-ee - At this step
gitlab.domain.devreturn nothing - I test to edit the config file (
nano /etc/gitlab/gitlab.rb) like this :
nginx['ssl_certificate'] = "/etc/letsencrypt/live/gitlab.domain.dev/fullchain.pem"
nginx['ssl_certificate_key'] = "/etc/letsencrypt/live/gitlab.domain.dev/privkey.pem"
- and run
gitlab-ctl reconfigure - and catch the error
- i try this too
I don’t understand why i said to tell gitlab to use my ssl certificates already created and how to make my subdomain give gitlab.
My nginx subdomain conf file :
# the nginx server instance
server {
server_name gitlab.domain.dev;
root /var/www/gitlab.domain.dev;
index index.html index.htm index.nginx-debian.html;
access_log /var/log/nginx/gitlab.domain.dev.log;
location / {
try_files $uri $uri/ =404;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/gitlab.domain.dev/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/gitlab.domain.dev/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = gitlab.domain.dev) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name gitlab.domain.dev;
return 404; # managed by Certbot
}
update 1
I try :
- convert
.pemfile to.keyand.crtwhit :
openssl x509 -outform der -in your-cert.pem -out your-cert.crt
openssl pkey -in privkey.pem -out foo.key
- change value of gitlab config file
nano /etc/gitlab/gitlab.rbto :
web_server['external_users'] = ['www-data']
nginx['enable'] = false
nginx['redirect_http_to_https'] = true
nginx['redirect_http_to_https_port'] = 80
nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.domain.dev.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.domain.dev.key"
- nginx subdomain conf file :
# the nginx server instance
server {
server_name gitlab.domain.dev;
root /opt/gitlab/embedded/service/gitlab-rails/public;
index index.html index.htm index.nginx-debian.html;
access_log /var/log/nginx/gitlab.domain.dev.log;
location / {
try_files $uri $uri/ =404;
}
## listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/gitlab.domain.dev/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/gitlab.domain.dev/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = gitlab.domain.dev) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
## listen [::]:80;
server_name gitlab.domain.dev;
return 404; # managed by Certbot
}
- reconfigure :
Running handlers:
Running handlers complete
Chef Client finished, 7/651 resources updated in 18 seconds
gitlab Reconfigured!
But https://gitlab.domain.dev/ give http 403…
Any help is welcome, thanks.