I thought that this problem arised because the rpm for centos had been built with a rather old git repo so I've rebuilt gitlab with instructions from here https://gitlab.com/gitlab-org/omnibus-gitlab/tree/03767a32d55690a54dfb3c640dbbf028202065ec
but it didn't resolve that problem - I still can't get no https with external_url "http://gitlab.local"; nginx['redirect_http_to_https'] = true nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.crt" nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.key" Any advice what should I modify? On Friday, 18 April 2014 20:48:42 UTC+11, Sytse Sijbrandij wrote: > > CentOS is supported, https will be supported in the 6.8 packages > > On Fri, Apr 18, 2014 at 10:17 AM, Александр Костырев > <[email protected] <javascript:>> wrote: > > But isn't CentOS suppored? > > I do not want to manually configure gitlab since they provided official > > omnibus packages? > > > > Did anybody find out any workaround? > > > > > > On Tuesday, 25 March 2014 17:29:51 UTC+11, Reinhard Fischer wrote: > >> > >> Hi, > >> > >> we had the same problems, finding no solution. The least ugly > workaround > >> we found in our hurry was: > >> > >> gitlab-ctl reconfigure uses > >> > /opt/gitlab/embedded/cookbooks/gitlab/templates/default/nginx-gitlab-http.conf.erb > > > >> as an input to create its config files, so we simply changed that one, > to > >> e.g.: > >> > >> # GITLAB > >> # Maintainer: @randx > >> > >> # CHUNKED TRANSFER > >> # It is a known issue that Git-over-HTTP requires chunked transfer > >> encoding [0] which is not > >> # supported by Nginx < 1.3.9 [1]. As a result, pushing a large object > with > >> Git (i.e. a single large file) > >> # can lead to a 411 error. In theory you can get around this by > tweaking > >> this configuration file and either > >> # - installing an old version of Nginx with the chunkin module [2] > >> compiled in, or > >> # - using a newer version of Nginx. > >> # > >> # At the time of writing we do not know if either of these theoretical > >> solutions works. As a workaround > >> # users can use Git over SSH to push large files. > >> # > >> # [0] > >> > https://git.kernel.org/cgit/git/git.git/tree/Documentation/technical/http-protocol.txt#n99 > > >> # [1] https://github.com/agentzh/chunkin-nginx-module#status > >> # [2] https://github.com/agentzh/chunkin-nginx-module > >> > >> upstream gitlab { > >> server unix:<%= @socket %>; > >> } > >> > >> server { > >> listen *:80; > >> server_name <%= @fqdn %>; # e.g., server_name > source.example.com; > >> server_tokens off; > >> root /nowhere; # this doesn't have to be a valid path since we are > >> redirecting, you don't have to change it. > >> rewrite ^ https://$server_name$request_uri permanent; > >> } > >> > >> #server { > >> # listen *:80 default_server; # e.g., listen 192.168.1.1:80; > In > >> most cases *:80 is a good idea > >> # server_name <%= @fqdn %>; # e.g., server_name source.example.com; > > >> # server_tokens off; # don't show the version number, a security > best > >> practice > >> # root /opt/gitlab/embedded/service/gitlab-rails/public; > >> # > >> # # Increase this if you want to upload large attachments > >> # # Or if you want to accept large git objects over http > >> # client_max_body_size 5m; > >> # > >> # # individual nginx logs for this gitlab vhost > >> # access_log <%= @log_directory %>/gitlab_access.log; > >> # error_log <%= @log_directory %>/gitlab_error.log; > >> # > >> # location / { > >> # # serve static files from defined root folder;. > >> # # @gitlab is a named location for the upstream fallback, see below > >> # try_files $uri $uri/index.html $uri.html @gitlab; > >> # } > >> # > >> # # if a file, which is not found in the root folder is requested, > >> # # then the proxy pass the request to the upsteam (gitlab unicorn) > >> # location @gitlab { > >> # proxy_read_timeout 300; # Some requests take more than 30 seconds. > >> # proxy_connect_timeout 300; # Some requests take more than 30 > seconds. > >> # proxy_redirect off; > >> # > >> # proxy_set_header X-Forwarded-Proto $scheme; > >> # proxy_set_header Host $http_host; > >> # proxy_set_header X-Real-IP $remote_addr; > >> # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > >> # > >> # proxy_pass http://gitlab; > >> # } > >> # > >> # error_page 502 /502.html; > >> #} > >> > >> server { > >> listen 443 ssl; > >> server_name <%= @fqdn %>; # e.g., server_name > source.example.com; > >> server_tokens off; > >> root /opt/gitlab/embedded/service/gitlab-rails/public; > >> > >> ssl on; > >> ssl_certificate /etc/gitlab/ssl/gitlab.crt; > >> ssl_certificate_key /etc/gitlab/ssl//gitlab.key; > >> ssl_protocols SSLv3 TLSv1 TLSv1.2; > >> ssl_ciphers AES:HIGH:!ADH:!MD5; > >> ssl_prefer_server_ciphers on; > >> > >> # individual nginx logs for this gitlab vhost > >> access_log <%= @log_directory %>/gitlab_access.log; > >> error_log <%= @log_directory %>/gitlab_error.log; > >> > >> location / { > >> # serve static files from defined root folder;. > >> # @gitlab is a named location for the upstream fallback, see > below > >> try_files $uri $uri/index.html $uri.html @gitlab; > >> } > >> > >> # if a file, which is not found in the root folder is requested, > >> # then the proxy pass the request to the upsteam (gitlab unicorn) > >> location @gitlab { > >> proxy_read_timeout 300; # > >> https://github.com/gitlabhq/gitlabhq/issues/694 > >> proxy_connect_timeout 300; # > >> https://github.com/gitlabhq/gitlabhq/issues/694 > >> proxy_redirect off; > >> > >> proxy_set_header Host $http_host; > >> proxy_set_header X-Real-IP $remote_addr; > >> proxy_set_header X-Forwarded-Ssl on; > >> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > >> proxy_set_header X-Forwarded-Proto $scheme; > >> > >> proxy_pass http://gitlab; > >> } > >> } > >> > >> then run gitlab-ctl reconfigure. > >> > >> It looks like this hack is working.... Last week I ran across a patch > >> which is supposed to solve this issue, but I can't find it now. > >> > >> I hope that helps, > >> Reinhard > >> > >> On Tuesday, 18 March 2014 11:38:12 UTC+1, [email protected] wrote: > >>> > >>> Hello > >>> > >>> We installed gitlab-6.6.5_omnibus-1.el6.x86_64.rpm on a CentOS. Basic > >>> config is fine, once we start to change config like > >>> cat /etc/gitlab/gitlab.rb > >>> external_url "https://gitlab.org"; > >>> nginx['redirect'] = "true" > >>> nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.crt" > >>> nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.key" > >>> > >>> > >>> and run gitlab-ctl reconfigure > >>> > >>> it still works on port 80 - but NOT https not redirecting > >>> > >>> although it > >>> gitlab-ctl show-config > >>> Starting Chef Client, version 11.6.0 > >>> Compiling Cookbooks... > >>> { > >>> "gitlab": { > >>> "bootstrap": { > >>> }, > >>> "user": { > >>> "git_user_email": "[email protected]" > >>> }, > >>> "redis": { > >>> }, > >>> "gitlab-rails": { > >>> "secret_token": > >>> > "8fbc36531d06c2ef7b58d1f18e7b165f9dd9ffcbddeefb420b0301f469f452ab65450deaf0bbf5742c3466f51bef87eeb2e14db591861e1338451087bfa77760", > > > >>> "gitlab_host": "gitlab.org", > >>> "gitlab_email_from": "[email protected]", > >>> "gitlab_https": true, > >>> "gitlab_port": 443 > >>> }, > >>> "gitlab-shell": { > >>> }, > >>> "unicorn": { > >>> }, > >>> "sidekiq": { > >>> }, > >>> "nginx": { > >>> "redirect": "true", > >>> "ssl_certificate": "/etc/gitlab/ssl/gitlab.crt", > >>> "ssl_certificate_key": "/etc/gitlab/ssl/gitlab.key" > >>> }, > >>> "postgresql": { > >>> "sql_password": > >>> > "9962d63d88378461274801d8b91a272236d152c86ee0a56d8f48e4353c85962189840d51fecb91107eac61c7ac91918f0045t678f" > > > >>> } > >>> } > >>> } > >>> Converging 0 resources > >>> Chef Client finished, 0 resources updated > >>> > >>> > >>> > >>> and all these changes can be found in the config files in the location > >>> e.g. /var/opt/gitlab/nginx/etc > >>> > >>> > >>> Is there anything special to be considered? > >>> > >>> anyone knows about? > >>> kind regards > >>> > > -- > > You received this message because you are subscribed to the Google > Groups > > "GitLab" group. > > To unsubscribe from this group and stop receiving emails from it, send > an > > email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "GitLab" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
