I have a fresh new gitlab installation (8.17.3-ce) into which I restored a backup. All appears to be working normally except for git operations over SSH. All attempts to push, pull or clone result in:
GitLab: Failed to authorize your Git request: internal API unreachable
fatal: Could not read from remote repository.
Using HTTP or HTTPS instead works fine. There are no obvious errors in the log.
Searches suggest other people have had this problem before, but I’ve not found a fix that works for my setup.
So, answering my own question, this appears to have been a combination of things:
I was using a self-signed cert. Apparently internal bits of gitlab don’t like that. I run my own CA, so making the CA cert available for checking sorted that out.
The internal_api_url in gitlab.rb needed to be set to http://127.0.0.1:8080, setting to localhost did not work despite that obviously resolving. Whether this is whatever gitlab’s resolver library is getting confused or something deeper, I do not know.
One suggestion for fixing this found via google was increasing the number of unicorn worker threads. I set it to 5, because that’s a number. It takes a while for these to be spun up and you may be bashing against a not-yet-started service when debugging.
Hopefully this will let someone a bit smarter than me come up with an actual definitive solution.
This may be related to IPv6 support. On many Linux machines with IPv6 support, localhost resolves first to ::1 (IPv6), so you may not be able to reach a service that is only listening on 127.0.0.1 IPv4.
You can run netstat -ltn | grep 8080 to see whether it is listening on IPv4, IPv6, or both.