Pages with authentication on omnibus

dren.dk · April 3, 2019, 11:38am

I’ve been trying to enable pages on my omnibus based gitlab instance and so far I’m failing.

For reference, the image I use is: gitlab/gitlab-ce:11.9.4-ce.0

According to the pages daemon the error happens when the user agent is redirected back from the gitlab server.

I’ve replaced the name of my gitlab server with gitlab.example.com and the pages domain with pages.example.com:

level=debug msg=“Fetching access token failed” error=“Post https://gitlab.example.com/oauth/token: dial tcp: lookup gitlab.example.com on [::1]:53: dial udp [::1]:53: connect: cannot assign requested address” host=project.pages.example.com path=“/auth?code=46c1f78&state=7uw%3D%3D”

My gitlab instance is running https, while pages isn’t, these are the pages related settings I have

pages_external_url "http://pages.example.com/"
gitlab_pages['enable'] = true
gitlab_pages['access_control'] = true
gitlab_pages['cert'] = nil;
gitlab_pages['log_verbose'] = true
gitlab_pages['inplace_chroot'] = true
pages_nginx['enable'] = true
pages_nginx['redirect_http_to_https'] = false
pages_nginx['listen_port'] = 81;
pages_nginx['listen_https'] = false;

After giving up I tried disabling access control by setting:

gitlab_pages['access_control'] = false

This caused pages to fail with a different error:

level=debug msg=“Authenticate request” host=project.pages.example.com path=/test/test
2019-04-03_12:01:02.78495 time=“2019-04-03T12:01:02Z” level=debug msg=“Authentication is not configured” host=project.pages.example.com path=/test/hest
“GET /test/test HTTP/1.0” 500 2905 “https://gitlab.example.com/” “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/72.0.3626.121 Chrome/72.0.3626.121 Safari/537.36” 0.000589

Has any tried setting up pages with authentication when using the omnibus docker image?

dren.dk · April 4, 2019, 6:14am

I’ve been banging my head against this problem for a while and it seems DNS resolution doesn’t fail if I manually run gitlab-pages without the parameters that cause it to switch user:

-daemon-uid=998 -daemon-gid=998 -daemon-inplace-chroot=true

If I first switch to the git user, the pages daemon also works as it’s supposed to.

I’ve read the documentation of gitlab-pages: https://gitlab.com/gitlab-org/gitlab-pages/ and it seems to indicate that running without the jail provided is a terrible idea, so I still need to find out why the process fails when inside the jail.

hero115 · October 19, 2019, 8:33pm

I am using the latest version of Gitlab CE and having exactly the same problems. 12.3.5, and even with verbose logging enabled, I could not see what the problem was or even if there was a DNS error, do you have a gitlab issue for this?

Just for additional info I am running gitlab pages behind a reverse proxy, with the listener on localhost:8090

I used to have gitlab pages working flawlessly with authorization in previous versions

tom.ghyselinck · November 21, 2019, 8:34pm

Hi,

We experience the same problem.

I think this issue is related to what we see: https://gitlab.com/gitlab-com/www-gitlab-com/issues/4746