Hi,

we had the same problems, finding no solution. The least ugly workaround we 
found in our hurry was:

gitlab-ctl reconfigure uses 
/opt/gitlab/embedded/cookbooks/gitlab/templates/default/nginx-gitlab-http.conf.erb
 
as an input to create its config files, so we simply changed that one, to 
e.g.:

# GITLAB
# Maintainer: @randx

# CHUNKED TRANSFER
# It is a known issue that Git-over-HTTP requires chunked transfer encoding 
[0] which is not
# supported by Nginx < 1.3.9 [1]. As a result, pushing a large object with 
Git (i.e. a single large file)
# can lead to a 411 error. In theory you can get around this by tweaking 
this configuration file and either
# - installing an old version of Nginx with the chunkin module [2] compiled 
in, or
# - using a newer version of Nginx.
#
# At the time of writing we do not know if either of these theoretical 
solutions works. As a workaround
# users can use Git over SSH to push large files.
#
# [0] 
https://git.kernel.org/cgit/git/git.git/tree/Documentation/technical/http-protocol.txt#n99
# [1] https://github.com/agentzh/chunkin-nginx-module#status
# [2] https://github.com/agentzh/chunkin-nginx-module

upstream gitlab {
  server unix:<%= @socket %>;
}

server {
    listen *:80;
    server_name <%= @fqdn %>;     # e.g., server_name source.example.com;
    server_tokens off;
    root /nowhere; # this doesn't have to be a valid path since we are 
redirecting, you don't have to change it.
    rewrite ^ https://$server_name$request_uri permanent;
}

#server {
#  listen *:80 default_server;         # e.g., listen 192.168.1.1:80; In 
most cases *:80 is a good idea
#  server_name <%= @fqdn %>;     # e.g., server_name source.example.com;
#  server_tokens off;     # don't show the version number, a security best 
practice
#  root /opt/gitlab/embedded/service/gitlab-rails/public;
#  
#  # Increase this if you want to upload large attachments
#  # Or if you want to accept large git objects over http
#  client_max_body_size 5m;
#
#  # individual nginx logs for this gitlab vhost
#  access_log  <%= @log_directory %>/gitlab_access.log;
#  error_log   <%= @log_directory %>/gitlab_error.log;
#
#  location / {
#    # serve static files from defined root folder;.
#    # @gitlab is a named location for the upstream fallback, see below
#    try_files $uri $uri/index.html $uri.html @gitlab;
#  }
#
#  # if a file, which is not found in the root folder is requested,
#  # then the proxy pass the request to the upsteam (gitlab unicorn)
#  location @gitlab {
#    proxy_read_timeout 300; # Some requests take more than 30 seconds.
#    proxy_connect_timeout 300; # Some requests take more than 30 seconds.
#    proxy_redirect     off;
#
#    proxy_set_header   X-Forwarded-Proto $scheme;
#    proxy_set_header   Host              $http_host;
#    proxy_set_header   X-Real-IP         $remote_addr;
#    proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
#
#    proxy_pass http://gitlab;
#  }
#
#  error_page 502 /502.html;
#}

server {
    listen 443 ssl;
    server_name <%= @fqdn %>;     # e.g., server_name source.example.com;
    server_tokens off;
    root /opt/gitlab/embedded/service/gitlab-rails/public;

    ssl on;
    ssl_certificate /etc/gitlab/ssl/gitlab.crt;
    ssl_certificate_key /etc/gitlab/ssl//gitlab.key;
    ssl_protocols SSLv3 TLSv1 TLSv1.2;
    ssl_ciphers AES:HIGH:!ADH:!MD5;
    ssl_prefer_server_ciphers on;

    # individual nginx logs for this gitlab vhost
    access_log  <%= @log_directory %>/gitlab_access.log;
    error_log   <%= @log_directory %>/gitlab_error.log;

    location / {
        # serve static files from defined root folder;.
        # @gitlab is a named location for the upstream fallback, see below
        try_files $uri $uri/index.html $uri.html @gitlab;
    }

    # if a file, which is not found in the root folder is requested,
    # then the proxy pass the request to the upsteam (gitlab unicorn)
    location @gitlab {
        proxy_read_timeout 300; # 
https://github.com/gitlabhq/gitlabhq/issues/694
        proxy_connect_timeout 300; # 
https://github.com/gitlabhq/gitlabhq/issues/694
        proxy_redirect off;

        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Ssl on;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        proxy_pass http://gitlab;
    }
}

then run gitlab-ctl reconfigure.

It looks like this hack is working.... Last week I ran across a patch which 
is supposed to solve this issue, but I can't find it now.

I hope that helps,
Reinhard

On Tuesday, 18 March 2014 11:38:12 UTC+1, [email protected] wrote:
>
> Hello 
>
> We installed gitlab-6.6.5_omnibus-1.el6.x86_64.rpm on a CentOS. Basic 
> config is fine, once we start to change config like 
> cat /etc/gitlab/gitlab.rb
> external_url "https://gitlab.org";
> nginx['redirect'] = "true"
> nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.crt"
> nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.key"
>
>
> and run gitlab-ctl reconfigure
>
> it still works on port 80 - but NOT https not redirecting 
>
> although it 
> gitlab-ctl show-config
> Starting Chef Client, version 11.6.0
> Compiling Cookbooks...
> {
>   "gitlab": {
>     "bootstrap": {
>     },
>     "user": {
>       "git_user_email": "[email protected] <javascript:>"
>     },
>     "redis": {
>     },
>     "gitlab-rails": {
>       "secret_token": 
> "8fbc36531d06c2ef7b58d1f18e7b165f9dd9ffcbddeefb420b0301f469f452ab65450deaf0bbf5742c3466f51bef87eeb2e14db591861e1338451087bfa77760",
>       "gitlab_host": "gitlab.org",
>       "gitlab_email_from": "[email protected] <javascript:>",
>       "gitlab_https": true,
>       "gitlab_port": 443
>     },
>     "gitlab-shell": {
>     },
>     "unicorn": {
>     },
>     "sidekiq": {
>     },
>     "nginx": {
>       "redirect": "true",
>       "ssl_certificate": "/etc/gitlab/ssl/gitlab.crt",
>       "ssl_certificate_key": "/etc/gitlab/ssl/gitlab.key"
>     },
>     "postgresql": {
>       "sql_password": 
> "9962d63d88378461274801d8b91a272236d152c86ee0a56d8f48e4353c85962189840d51fecb91107eac61c7ac91918f0045t678f"
>     }
>   }
> }
> Converging 0 resources
> Chef Client finished, 0 resources updated
>
>
>
> and all these changes can be found in the config files in the location 
> e.g. /var/opt/gitlab/nginx/etc
>
>
> Is there anything special to be considered? 
>
> anyone knows about? 
> kind regards 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"GitLab" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to