Resolved: Whoops, something went wrong on our end after activating Gitlab Pages

Hi there,
I’m trying to enable Gitlab Pages for my self-hosted Gitlab-CE instance. What I’ve done so far:

  • Created an DNS wildcard record, pointed to the IP of the Gitlab instance.
  • Created an wildcard SSL certificate and configured Gitlab to use it.
  • Create simple pipeline to activate the pages.

Problem to solve

The problem is that, I get error 502 when I try to open that new page.

Here is what I see as an error:

Steps to reproduce

Here is the doc I followed: GitLab Pages administration | GitLab

Configuration

Here is the latest modifications I made to my gitlab.rb:

##! Define to enable GitLab Pages
pages_external_url "https://pages.gitlab.home.lan"
gitlab_pages['enable'] = true

# Custom SSL certs
gitlab_pages['ca'] = '/etc/gitlab/ssl/CA.pem'
gitlab_pages['cert'] = '/etc/gitlab/ssl/pages.gitlab.home.lan.crt'
gitlab_pages['cert_key'] = '/etc/gitlab/ssl/pages.gitlab.home.lan.key'

Versions

Please select whether options apply, and add the version information.

  • Self-managed
  • GitLab.com SaaS
  • Self-hosted Runners

Versions

root@behemoth.home.lan:/etc/gitlab# gitlab-rake gitlab:env:info

System information
System:         Ubuntu 22.04
Current User:   git
Using RVM:      no
Ruby Version:   3.1.5p253
Gem Version:    3.5.11
Bundler Version:2.5.11
Rake Version:   13.0.6
Redis Version:  7.0.15
Sidekiq Version:7.1.6
Go Version:     unknown

GitLab information
Version:        17.3.1
Revision:       20a3292b4e6
Directory:      /opt/gitlab/embedded/service/gitlab-rails
DB Adapter:     PostgreSQL
DB Version:     14.11
URL:            https://gitlab.home.lan
HTTP Clone URL: https://gitlab.home.lan/some-group/some-project.git
SSH Clone URL:  git@gitlab.home.lan:some-group/some-project.git
Using LDAP:     yes
Using Omniauth: yes
Omniauth Providers:

GitLab Shell
Version:        14.38.0
Repository storages:
- default:      unix:/var/opt/gitlab/gitaly/gitaly.socket
GitLab Shell path:              /opt/gitlab/embedded/service/gitlab-shell

Gitaly
- default Address:      unix:/var/opt/gitlab/gitaly/gitaly.socket
- default Version:      17.3.1
- default Git Version:  2.45.2
root@behemoth.home.lan:/etc/gitlab#
  • GitLab Runner, if self-hosted (Web /admin/runners or CLI gitlab-runner --version):
root@behemoth.home.lan:/etc/gitlab# gitlab-runner --version
Version:      16.3.1
Git revision: d240d5bb
Git branch:   16-3-stable
GO version:   go1.20.5
Built:        2023-09-14T23:38:16+0000
OS/Arch:      linux/amd64
root@behemoth.home.lan:/etc/gitlab#

Infrastructure-as-Code

  • Terraform/OpenTofu:
  • Ansible:

Cloud-native

  • Agent for Kubernetes (Operate > Kubernetes clusters):
  • Kubernetes (kubectl version):

In my opinion, these sections are not applicable.

Helpful resources

  1. Before opening a new topic, make sure to search for keywords in the forum search
  2. Check the GitLab Runner and GitLab projects for existing issues. If you encounter a bug, please create a bug report issue.
  3. Troubleshooting docs: GitLab Runner, self-managed GitLab instances, GitLab agent for Kubernetes, Infrastructure-as-Code.

Thanks for taking the time to be thorough in your request, it really helps! :blush:

Can you point me to any direction to solve that issue?
Thanks.

While I’m checking the logs I noticed that this comes from the pages daemon:

==> /var/log/gitlab/gitlab-pages/current <==
{"level":"info","msg":"URL: https://gitlab.com/gitlab-org/gitlab-pages","time":"2024-09-08T15:02:29+03:00"}
{"config_addr":"localhost:8090","level":"info","listen_addr":{"IP":"127.0.0.1","Port":8090,"Zone":""},"msg":"server listening on: 127.0.0.1:8090","time":"2024-09-08T15:02:29+03:00"}
{"correlation_id":"01J78RAM85XT3P1SQ719BWYCPF","error":"Get \"https://gitlab.home.lan/api/v4/internal/pages?host=administration.pages.gitlab.home.lan\": tls: failed to verify certificate: x509: certificate signed by unknown authority","host":"administration.pages.gitlab.home.lan","level":"error","msg":"could not fetch domain information from a source","path":"/page-testing","time":"2024-09-08T15:04:23+03:00"}
{"content_type":"text/html; charset=utf-8","correlation_id":"01J78RAM85XT3P1SQ719BWYCPF","duration_ms":3029,"host":"administration.pages.gitlab.home.lan","level":"info","method":"GET","msg":"access","pages_https":true,"proto":"HTTP/1.1","referrer":"","remote_addr":"172.16.16.2","remote_ip":"172.16.16.2","status":502,"system":"http","time":"2024-09-08T15:04:23+03:00","ttfb_ms":3029,"uri":"/page-testing","user_agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:130.0) Gecko/20100101 Firefox/130.0","written_bytes":2905}
{"correlation_id":"01J78RAQ934S914B9745DWXPKZ","error":"Get \"https://gitlab.home.lan/api/v4/internal/pages?host=administration.pages.gitlab.home.lan\": tls: failed to verify certificate: x509: certificate signed by unknown authority","host":"administration.pages.gitlab.home.lan","level":"error","msg":"could not fetch domain information from a source","path":"/favicon.ico","time":"2024-09-08T15:04:23+03:00"}

I’m not sure why this is happening. I expect the configuration for this to be in gitlab.rb, am I right?

No, I tried to run it without SSL, but the issue is the same.

No one?

Thanks to ChatGPT I sorted it out. The issue is that, GitLab Pages daemon is complaining about:

 tls: failed to verify certificate: x509: certificate signed by unknown authority","host":"administration.pages.gitlab.home.lan",

After added my CA.pem file to trusted-certs, everything works as expected,

root@behemoth.home.lan:/etc/gitlab# ls -la trusted-certs/
total 12
drwxr-xr-x 2 root root 4096 Sep  9 14:56 .
drwxrwxr-x 5 root root 4096 Sep  8 15:47 ..
lrwxrwxrwx 1 root root    6 Sep  9 14:56 a577ea70.0 -> CA.pem
-rw-r--r-- 1 root root 1935 Sep  9 14:56 CA.pem
root@behemoth.home.lan:/etc/gitlab#

Hope this will help to somebody.

1 Like