I’ve been attempting to install a domain wildcard cert (with CA) on a GitLab server we set up (running Ubuntu 16.04) and installed with Omnibus.
I followed the directions in the following articles :
- http://stackoverflow.com/questions/39356693/enable-https-self-signed-cert-for-gitlab-community-edition-for-ominbus-installer
- http://rosscampbell.blogspot.com/2014/07/howto-configure-gitlab-7-omnibus.html
- https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md
Unfrotunately, I cannot get it to listen to port 443 or to redirect from http to https. I’ve tried multiple times, and tried everything I can think of to fix it.
I verified that the values moved over to ‘/var/opt/gitlab/gitlab-rails/etc/gitlab.yml’ after I did the gitlab-ctl reconfigure and restart.
When I try to connect (http or https) I get the following…
If I set the .rb file as such…
external_url ‘https://gitlab.mydomain.local’
nginx['redirect_http_to_https'] = true
nginx['redirect_http_to_https_port'] = 80
nginx['ssl_certificate'] = "/etc/gitlab/ssl/star_mydomain_local_cert.crt"
nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/star_mydomain_local_gitlab.key"
nginx['listen_port'] = 443
It doesn’t appear to listen to 443
root@gitlab01:/etc/gitlab# netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 15657/config.ru
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1003/sshd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1153/master
tcp6 0 0 :::22 :::* LISTEN 1003/sshd
tcp6 0 0 :::25 :::* LISTEN 1153/master
If I set the external URL to ‘https://gitlab.mydomain.local’:
It appears to listen to 443, but still cannot access (I get the following errors)
HTTP: ERR_CONNECTION_REFUSED
HTTPS: ERR_SSL_PROTOCOL_ERROR
root@gitlab01:/etc/gitlab# netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 11119/config.ru
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1003/sshd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1153/master
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 11033/nginx
tcp 0 0 0.0.0.0:8060 0.0.0.0:* LISTEN 11033/nginx
tcp6 0 0 :::22 :::* LISTEN 1003/sshd
tcp6 0 0 :::25 :::* LISTEN 1153/master