Installing Gitlab 16.6.2-ee in Ubuntu 20.04 and existing NGINX

jaimestuardo · December 15, 2023, 12:16pm

Hello… I have installed GitLab in Ubuntu. Its information is as follows:

System information
System: Ubuntu 20.04
Proxy: no
Current User: git
Using RVM: no
Ruby Version: 3.0.6p216
Gem Version: 3.4.21
Bundler Version:2.4.21
Rake Version: 13.0.6
Redis Version: 7.0.14
Sidekiq Version:6.5.12
Go Version: unknown

GitLab information
Version: 16.6.2-ee
Revision: fddcadf1869
Directory: /opt/gitlab/embedded/service/gitlab-rails
DB Adapter: PostgreSQL
DB Version: 13.12
URL: https://gitlab.domain.com
HTTP Clone URL: https://gitlab.domain.com/some-group/some-project.git
SSH Clone URL: git@gitlab.domainc.com:some-group/some-project.git
Elasticsearch: no
Geo: no
Using LDAP: no
Using Omniauth: yes
Omniauth Providers:

GitLab Shell
Version: 14.30.0
Repository storages:

default: unix:/var/opt/gitlab/gitaly/gitaly.socket
GitLab Shell path: /opt/gitlab/embedded/service/gitlab-shell

Gitaly

default Address: unix:/var/opt/gitlab/gitaly/gitaly.socket

default Version: 16.6.2

default Git Version: 2.42.0

The problem is that the installer does not create the NGINX virtual host so that, Let’s encrypt cannot be configured either.

I tried by setting nginx['enable'] = false in gitlab.rb but the same happens. No virtual site is created.

What can I do?

Thanks

iwalker · December 15, 2023, 12:51pm

If you use the bundled nginx included with Gitlab, then everything is configured accordingly. If you use an external nginx for some reason, then you have to configure it yourself.

Gitlab with the bundled nginx will also work with letsencrypt without problems as well.

You don’t mention how you have installed Gitlab? Omnibus installation using the rpm/deb packages? Built from source? Docker? You will need to provide a lot more information about what you have actually done and what has been configured. Suggest looking at the Gitlab installation documentation as if you follow this then it will pretty much always work. For example here: Download and install GitLab | GitLab

Letsencrypt config with Gitlab here: Configure SSL for a Linux package installation | GitLab

If you are not using the bundled nginx, then here: NGINX settings | GitLab

jaimestuardo · December 15, 2023, 2:23pm

I have installed with the package. I realized that my hosting had configured the domain in its web server. I have removed and it works that part, however, let’s encrypt cannot be activated. This error occurs when reconfiguring:

[2023-12-15T11:18:32-03:00] FATAL: RuntimeError: letsencrypt_certificate[gitlab.example.com] (letsencrypt::http_authorization line 6) had an error: RuntimeError: acme_certificate[staging] (letsencrypt::http_authorization line 43) had an error: RuntimeError: ruby_block[create certificate for gitlab.example.com] (letsencrypt::http_authorization line 110) had an error: RuntimeError: [gitlab.example.com] Validation failed, unable to request certificate, Errors: [{url: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/10063792164/qQzZmA, status: invalid, error: {“type”=>“urn:ietf:params:acme:error:unauthorized”, “detail”=>“85.31.231.191: Invalid response from http://gitlab.example.com/.well-known/acme-challenge/MkRAeyVUNWfzW0qMMvjmT2_QhtDs7r5l177jzD_TDSY: 404”, “status”=>403}} ]

I tried by setting this in the rb file:

nginx[‘redirect_http_to_https’] = false

But it did not work either. How can I solve it?

Thanks
Jaime

iwalker · December 15, 2023, 2:54pm

You shouldn’t be running any other applications or websites on your Gitlab server, Remove it.

jaimestuardo · December 18, 2023, 12:43pm

That is not the problem. The problem is about certificate. Do you know the answer?

By the way, it is not problem to have other applications. In fact, I am migrating all applications from one hosting to other. In the old Hosting, I had several applications. Gitlab was one of them.

iwalker · December 18, 2023, 3:21pm

You still haven’t provided enough configuration about your installation. If you want help, you need to provide more information about your configuration and installation. Obviously you are configuring vhosts in an external nginx on the same server where you install gitlab, but you have failed to provide that configuration to show us how it’s configured. I already said that 3 days ago in my first reply to you.

I have also marked your duplicate post for moderation to be removed. Please do not open additional posts that address the same problem that you are trying to solve here. It won’t get your problem solved any quicker. In fact all it does is create unnecessary spam on the forums.

When you finally get around to providing more configuration details with regards to the external nginx as well as how you have configured gitlab in /etc/gitlab/gitlab.rb then only will you get any replies from anyone that will be able to solve your problem. If nginx isn’t configured properly to integrate with Gitlab, then LetsEncrypt is never going to work in the first place. If you were not hosting other applications on the same server as Gitlab and using Gitlab and the internal nginx then letsencrypt would 100% work. You have digressed from this using external nginx which isn’t configured properly.

We are not mind readers. Obviously you have configured it incorrectly and I urge you to also look at the Gitlab documentation that I also linked in my initial reply here that covers the sections about Gitlab and external nginx.