Hi Mike and others, The latest state is that the installation is indeed working except the httpS (SSL) by Let's Encrypt. For some reason the installation fails to authenticate/verify itself correctly to the Let's encrypt server. Normally this works fine, and you will get a free Let's Encrypt certificate that is used by GitLab instance. For now the instance is using a self-signed certificate (which is not ideal).
You can execute: 'gitlab-ctl reconfigure' on the VM to trigger a certificate deployment of Let's Encrypt. Maybe somebody knows why is goes wrong in this VM? More info: https://docs.gitlab.com/omnibus/settings/ssl.html Off-topic: Too bad I also hurt by wrist, so that is why I take it a bit easy now. Sorry about that, a wrist injury is taking some time to heal again. :\ Kind regards, Melroy van den Berg ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ Op dinsdag, juli 7, 2020 11:06 PM, Mike Gabriel <mike.gabr...@das-netzwerkteam.de> schreef: > HI Melroy, > > On Di 09 Jun 2020 23:01:24 CEST, Melroy van den Berg wrote: > > > Hi, > > I just discovered that GitLab tries to also set the following during > > > "sysctl -e --system" command: > > cat /etc/sysctl.d/90-omnibus-gitlab-kernel.sem.conf > > kernel.sem = 250 32000 32 262 > > And also: > > cat /etc/sysctl.d/protect-links.conf > > ################################################################### > > > > Protected links > > > > ================ > > > > == > > > > Protects against creating or following links under certain conditions > > > > ====================================================================== > > > > Debian kernels have both set to 1 (restricted) > > > > =============================================== > > > > See https://www.kernel.org/doc/Documentation/sysctl/fs.txt > > > > =========================================================== > > > > fs.protected_hardlinks = 1 > > fs.protected_symlinks = 1 > > You maybe want to change this as well in the host & container? > > I disabled the command "reload all sysctrl conf" for now in in the > GitLab > > recipes (Ruby code): > > /opt/gitlab/embedded/cookbooks/package/recipes/sysctl.rb > > As well as, I commented-out where "reload all sysctrl conf" is used in: > > /opt/gitlab/embedded/cookbooks/package/resources/gitlab_sysctl.rb > > I will create a GitLab issue or comment on an existing GitLab issue > > > regarding support LXC containers without this much hassle. > > Next issue I'm facing is regarding Let's Encrypt. But the terminal > is now > > in use by somebody else... > > Regards, > > Melroy van den Berg > > I haven't got back to your mail, I am sorry. > > Unfortunately, the host hosting gitlab.x2go.org has been taken offline by the > provide due to some NIC misconfiguration. We are investigating on that. > > I'd like to use gitlab.x2go.org starting next week for some new projects > related to X2Go. Melroy, do you think the system is already usable (once it's > online again)? > > Sorry, for having not followed up on your work, but I was really busy the > last bit of June. > > Mike > > -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- > > DAS-NETZWERKTEAM > c\o Technik- und Ökologiezentrum Eckernförde > Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde > mobile: +49 (1520) 1976 148 > landline: +49 (4351) 850 8940 > > GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 > mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de _______________________________________________ x2go-dev mailing list x2go-dev@lists.x2go.org https://lists.x2go.org/listinfo/x2go-dev
