Problem to solve
I try to setup gitlab pages in my gitlab instance which is based on the docker image. Additionally, I have an external proxy (Traefik) for handling certifications for different services.
To debugging the gitlab pages, I have disabled traefik on my pages subdomain (pages.DOMAIN). But Traefik is active for the gitlab domain (gilab.DOMAIN).
The features namespace_in_path and access_control are active in my configuration. (see full docker-compose.yaml bellow)
When I try to access a *.html page which is a build artifact via http (for debugging) I get a 502 Whoops, something went wrong on our end. error. In the pages log the following sequence is shown:
{"Namespace in path":"my_username","Request host":"my_username.pages.DOMAIN:5050","Session host":null,"correlation_id":"01JCFYTQGZKP3K8GSADPDAZ3SM","host":"my_username.pages.DOMAIN:5050","level":"info","msg":"Resetting session values","path":"/-/test/-/jobs/36/artifacts/build/hello.html","state":"","time":"2024-11-12T10:31:10Z"}
{"Namespace in path":"my_username","Request host":"my_username.pages.DOMAIN:5050","Session host":null,"correlation_id":"01JCFYTQGZKP3K8GSADPDAZ3SM","host":"my_username.pages.DOMAIN:5050","level":"info","msg":"Resetting session values","path":"/-/test/-/jobs/36/artifacts/build/hello.html","state":"","time":"2024-11-12T10:31:10Z"}
{"correlation_id":"01JCFYTQGZKP3K8GSADPDAZ3SM","error":"Get \"https://gitlab.DOMAIN/api/v4/projects/my_username%2Ftest/jobs/36/artifacts/build/hello.html\": dial tcp 37.114.48.46:443: connect: connection refused","host":"my_username.pages.DOMAIN:5050","level":"error","msg":"failed to request the artifact","path":"/-/test/-/jobs/36/artifacts/build/hello.html","time":"2024-11-12T10:31:10Z"}
{"content_type":"text/html; charset=utf-8","correlation_id":"01JCFYTQGZKP3K8GSADPDAZ3SM","duration_ms":9,"host":"my_username.pages.DOMAIN:5050","level":"info","method":"GET","msg":"access","pages_https":false,"proto":"HTTP/1.1","referrer":"","remote_addr":"IP:43468","remote_ip":"IP","status":502,"system":"http","time":"2024-11-12T10:31:10Z","ttfb_ms":8,"uri":"/-/test/-/jobs/36/artifacts/build/hello.html","user_agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:132.0) Gecko/20100101 Firefox/132.0","written_bytes":2905}
{"Namespace in path":"favicon.ico","Request host":"favicon.ico.pages.DOMAIN:5050","Session host":null,"correlation_id":"01JCFYTQJCNPZ7E7EHGBP3RC90","host":"favicon.ico.pages.DOMAIN:5050","level":"info","msg":"Resetting session values","path":"","state":"","time":"2024-11-12T10:31:10Z"}
{"Namespace in path":"favicon.ico","Request host":"favicon.ico.pages.DOMAIN:5050","Session host":null,"correlation_id":"01JCFYTQJCNPZ7E7EHGBP3RC90","host":"favicon.ico.pages.DOMAIN:5050","level":"info","msg":"Resetting session values","path":"","state":"","time":"2024-11-12T10:31:10Z"}
{"Namespace in path":"favicon.ico","Request host":"favicon.ico.pages.DOMAIN:5050","Session host":null,"correlation_id":"01JCFYTQJCNPZ7E7EHGBP3RC90","host":"favicon.ico.pages.DOMAIN:5050","level":"info","msg":"Resetting session values","path":"","state":"","time":"2024-11-12T10:31:10Z"}
{"content_type":"text/html; charset=utf-8","correlation_id":"01JCFYTQJCNPZ7E7EHGBP3RC90","duration_ms":0,"host":"favicon.ico.pages.DOMAIN:5050","level":"info","method":"GET","msg":"access","pages_https":false,"proto":"HTTP/1.1","referrer":"http://pages.DOMAIN:5050/my_username/-/test/-/jobs/36/artifacts/build/hello.html","remote_addr":"IP:43468","remote_ip":"IP","status":302,"system":"http","time":"2024-11-12T10:31:10Z","ttfb_ms":0,"uri":"","user_agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:132.0) Gecko/20100101 Firefox/132.0","written_bytes":154}
{"correlation_id":"01JCFYTQJYE9AHGQH16PX85NB6","host":"projects.pages.DOMAIN:5050","level":"info","msg":"Receive OAuth authentication callback","path":"/auth","state":"_kXR9Dw6TnpH44yl3mYVvA==","time":"2024-11-12T10:31:10Z"}
{"correlation_id":"01JCFYTQJYE9AHGQH16PX85NB6","domain_query":"http://pages.DOMAIN:5050/favicon.ico","host":"projects.pages.DOMAIN:5050","level":"info","msg":"User is authenticating via domain","path":"/auth","state":"_kXR9Dw6TnpH44yl3mYVvA==","time":"2024-11-12T10:31:10Z"}
{"correlation_id":"01JCFYTQJYE9AHGQH16PX85NB6","domain_query":"http://pages.DOMAIN:5050/favicon.ico","host":"projects.pages.DOMAIN:5050","level":"info","msg":"Redirecting user to gitlab for oauth","path":"/auth","public_gitlab_server":"https://gitlab.DOMAIN","state":"_kXR9Dw6TnpH44yl3mYVvA==","time":"2024-11-12T10:31:10Z"}
{"error":"can't extract namespace from host","level":"error","msg":"while writing location header, couldn't convert URL","orig_host":"gitlab.DOMAIN","orig_path":"/oauth/authorize","pages_domain":"pages.DOMAIN","time":"2024-11-12T10:31:10Z"}
{"content_type":"text/html; charset=utf-8","correlation_id":"01JCFYTQJYE9AHGQH16PX85NB6","duration_ms":0,"host":"projects.pages.DOMAIN:5050","level":"info","method":"GET","msg":"access","pages_https":false,"proto":"HTTP/1.1","referrer":"http://pages.DOMAIN:5050/my_username/-/test/-/jobs/36/artifacts/build/hello.html","remote_addr":"IP:43468","remote_ip":"IP","status":302,"system":"http","time":"2024-11-12T10:31:10Z","ttfb_ms":0,"uri":"/auth?domain=http://pages.DOMAIN:5050/favicon.ico\u0026state=_kXR9Dw6TnpH44yl3mYVvA==","user_agent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:132.0) Gecko/20100101 Firefox/132.0","written_bytes":256}
I think there is an issue with the authentication? But I’m not sure whats the right configuration or how to debug them…
Or maybe it is a bug in the namespace_in_path configuration? Does any one have experience with it?
Configuration
This the docker-compose.yaml
services:
gitlab:
image: 'gitlab/gitlab-ce:17.5.1-ce.0'
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
deploy:
resources:
limits:
memory: 6144M
restart: always
hostname: gitlab
container_name: gitlab
networks:
- traefik
- default
environment:
GITLAB_OMNIBUS_CONFIG: |
external_url 'https://gitlab.DOMAIN'
nginx['listen_https'] = false
nginx['listen_port'] = 80
pages_external_url 'http://pages.DOMAIN:5050'
gitlab_pages['enable'] = true
gitlab_pages['access_control'] = true
gitlab_pages['namespace_in_path'] = true
gitlab_pages['internal_gitlab_server'] = 'http://localhost:8080'
pages_nginx['enable'] = false
gitlab_pages['external_http'] = ['0.0.0.0:5050']
#pages_nginx['listen_port'] = 5050
#pages_nginx['listen_https'] = false
labels:
- "traefik.enable=true"
- "traefik.http.routers.gitlab.entrypoints=http"
- "traefik.http.routers.gitlab.rule=Host(`gitlab.DOMAIN`)"
- "traefik.http.middlewares.gitlab-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.gitlab.middlewares=gitlab-https-redirect"
- "traefik.http.routers.gitlab.service=gitlab"
- "traefik.http.services.gitlab.loadbalancer.server.port=80"
- "traefik.http.routers.gitlab-secure.entrypoints=https"
- "traefik.http.routers.gitlab-secure.rule=Host(`gitlab.DOMAIN`)"
- "traefik.http.routers.gitlab-secure.tls=true"
- "traefik.http.routers.gitlab-secure.tls.certresolver=http"
- "traefik.http.routers.gitlab-secure.service=gitlab"
- "traefik.docker.network=traefik"
ports:
- '22:22'
- '5050:5050'
volumes:
- '/opt/gitlab-test/config:/etc/gitlab'
- '/opt/gitlab-test/logs:/var/log/gitlab'
- '/opt/gitlab-test/data:/var/opt/gitlab'
shm_size: '256m'
networks:
traefik:
external: true
Versions
Please add an x whether options apply, and add the version information.
- Self-managed (docker image)
Versions
- GitLab
gitlab-ce:17.5.1-ce.0