Hello
I have the following issue:
I need to use openID Connect to authenticate users in an azure active directory.
The problem is: my gitlab instance does not have direct access to the internet, but has to use a https_proxy.
What is the problem/error message:
The UI throws an HTTP 500 error, when clicking on the button in order to authenticate with the openID connect provider.
The production.log is more detailed:
OpenIDConnect::Discovery::DiscoveryFailed (getaddrinfo: Name or service not known (login.microsoftonline.com:443)):
So basically the hostname of the provider can’t be resolved. Which is fine, as the gitlab host itself cannot resolve this dns entry. But our https_proxy could (tested by curling the URL).
What did I do in order to tell gitlab about our proxy?
I added this to the gitlab.rb:
gitlab_rails['env'] = {
'BUNDLE_GEMFILE' => "/data/opt/gitlab/embedded/service/gitlab-rails/Gemfile",
'PATH' => "/data/opt/gitlab/bin:/data/opt/gitlab/embedded/bin:/bin:/usr/bin",
'https_proxy' => "http://myproxy.intern:8880",
'http_proxy' => "http://myproxy.intern:8880"
}
gitaly['env'] = {
'https_proxy' => "http://myproxy.intern:8880",
'http_proxy' => "http://myproxy.intern:8880"
}
gitlab_workhorse['env'] = {
'https_proxy' => "http://myproxy.intern:8880",
'http_proxy' => "http://myproxy.intern:8880"
}
gitaly and workhorse are just tests. IMHO rails should be enough
Anyone has an idea howto tu use an openID connect provider via https_proxy?