[work around found] Issues with new server

I was running Scientific Linux 6.6 with gitlab-ce-7.13.4-ce.0.el6.x86_64. My gitlab.rb file looked like:
external_url “https://my.domain:2443
nginx[‘redirect_http_to_https’] = true
nginx[‘ssl_certificate’] = “/etc/pki/tls/certs/ca.crt”
nginx[‘ssl_certificate_key’] = “/etc/pki/tls/private/ca.key”
git_data_dir “/home/git_repos”

That was it and it worked great. Until my hard drive started to die…

Now worries. I have been planning a replacement system anyway. Since I have been really struggling with the limitations of EL6 and I have a brand new system I decided to upgrade to Scientific Linux 7. Unfortunately, I have not been able to get Gitlab working with gitlab-ce-7.13.4-ce.0.el7.x86_64.

I followed the directions provided for installing Gitlab. I was able to backup my old Gitlab installation and it successfully imported into the new. I have been tweaking and tuning and still nothing. Here is my current gitlab.rb file:
sed -e '/^#/d' -e '/^/d’ /etc/gitlab/gitlab.rb
external_url ‘https://my.domain:2443
git_data_dir “/home/git_repos”
nginx[‘enable’] = true
nginx[‘redirect_http_to_https’] = true
nginx[‘redirect_http_to_https_port’] = 2443
nginx[‘ssl_certificate’] = “/etc/pki/tls/certs/ca.crt”
nginx[‘ssl_certificate_key’] = “/etc/pki/tls/private/ca.key”
nginx[‘listen_addresses’] = [“0.0.0.0”, “[::]”]

$ netstat -tupln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:2443 0.0.0.0:* LISTEN 547/nginx: master p
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 1199/unicorn master
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1110/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1246/master
tcp6 0 0 :::2443 :::* LISTEN 547/nginx: master p
tcp6 0 0 :::22 :::* LISTEN 1110/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1246/master
tcp6 0 0 :::443 :::* LISTEN 1144/httpd

$ firewall-cmd --list-all
public (default, active)
interfaces: enp2s0
sources:
services: dhcpv6-client http https ssh
ports: 2443/tcp
masquerade: no
forward-ports:
icmp-blocks:
rich rules:

But all I get is:
“Secure Connection Failed
The connection to my.domain:2443 was interrupted while the page was loading.
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.”

And in my gitlab_error.log I get:
2015/08/11 22:15:02 [error] 628#0: *8 no “ssl_certificate” is defined in server listening on SSL port while SSL handshaking, client, server: 0.0.0.0:2443

The error.log is:
2015/08/11 22:09:54 [warn] 547#0: conflicting server name “my.domain” on [::]:2443, ignored

As far as I can tell it isn’t connecting on either 80 or 2443 (even though it is listening) and the ssl configuration is exactly the same as the old server; same name, same location, same everything. :-/

I have been researching and trying different configs and I am stuck. Can anyone give me any pointers please?
Thanks!

Greetings,

Built a EL6 VM and had it working with the same configs. EL7? Nope. However, once I disabled the two lines:
nginx[‘redirect_http_to_https’] = true
nginx[‘redirect_http_to_https_port’] = 2443

It started working! So the redirect is goofy and apparently doesn’t work. Not that big of a deal. I liked the auto-redirect feature but it isn’t really necessary as my apache listens on 443 and gitlab on 2443. If I really wanted to, it isn’t hard to setup Apache to listen on 80 and either proxy or redirect to the other ports.

Glad it is working again (mostly)! :smile: