git克隆与http不工作在gitlab

我有GitLab CE设置与我的域名(Ubuntu)和git克隆与http不工作,但ssh运作良好。

git clone git@gitlab.mydomain.com:anshad/test.git作品。

git clone http://gitlab.mydomain.com/anshad/test.git不工作。

 Cloning into 'test'... Username for 'http://gitlab.mydomain.com': anshad Password for 'http://anshad@gitlab.mydomain.com': fatal: unable to access 'http://gitlab.mydomain.com/anshad/test.git/': The requested URL returned error: 500 

sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production

 System information System: Ubuntu 16.04 Current User: git Using RVM: no Ruby Version: 2.3.1p112 Gem Version: 2.5.1 Bundler Version:1.13.6 Rake Version: 10.5.0 Sidekiq Version:4.2.1 GitLab information Version: 8.14.0-pre Revision: 358e814 Directory: /home/git/gitlab DB Adapter: postgresql URL: http://gitlab.mydomain.com HTTP Clone URL: http://gitlab.mydomain.com/some-group/some-project.git SSH Clone URL: git@gitlab.mydomain.com:some-group/some-project.git Using LDAP: no Using Omniauth: no GitLab Shell Version: 4.0.0 Repository storage paths: - default: /home/git/repositories/ Hooks: /home/git/gitlab-shell/hooks/ Git: /usr/bin/git 

sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production

 Checking GitLab Shell ... GitLab Shell version >= 4.0.0 ? ... OK (4.0.0) Repo base directory exists? default... yes Repo storage directories are symlinks? default... no Repo paths owned by git:git? default... yes Repo paths access is drwxrws---? default... yes hooks directories in repos are links: ... Anshad Vattapoyil / test ... repository is empty Running /home/git/gitlab-shell/bin/check Check GitLab API access: OK Access to /home/git/.ssh/authorized_keys: OK Send ping to redis server: OK gitlab-shell self-check successful Checking GitLab Shell ... Finished Checking Sidekiq ... Running? ... yes Number of Sidekiq processes ... 1 Checking Sidekiq ... Finished Checking Reply by email ... Reply by email is disabled in config/gitlab.yml Checking Reply by email ... Finished Checking LDAP ... LDAP is disabled in config/gitlab.yml Checking LDAP ... Finished Checking GitLab ... Git configured with autocrlf=input? ... yes Database config exists? ... yes All migrations up? ... yes Database contains orphaned GroupMembers? ... no GitLab config exists? ... yes GitLab config outdated? ... no Log directory writable? ... yes Tmp directory writable? ... yes Uploads directory setup correctly? ... yes Init script exists? ... yes Init script up-to-date? ... yes projects have namespace: ... Anshad Vattapoyil / test ... yes Redis version >= 2.8.0? ... yes Ruby version >= 2.1.0 ? ... yes (2.3.1) Your git bin path is "/usr/bin/git" Git version >= 2.7.3 ? ... yes (2.7.4) Active users: 1 Checking GitLab ... Finished 

针对域的Apache虚拟主机configuration,

 <VirtualHost *:80> ServerAdmin anshad@mydomain.com ServerName gitlab.mydomain.com ServerAlias www.gitlab.mydomain.com ServerSignature Off ProxyPreserveHost On AllowEncodedSlashes NoDecode <Location /> Require all granted ProxyPassReverse http://localhost:8080 ProxyPassReverse http://gitlab.mydomain.com/ </Location> RewriteEngine on RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR] RewriteCond %{REQUEST_URI} ^/uploads/.* RewriteRule .* http://127.0.0.1:8080%{REQUEST_URI} [P,QSA,NE] DocumentRoot /home/git/gitlab/public LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded ErrorLog /var/log/apache2/gitlab_error.log CustomLog /var/log/apache2/gitlab_forwarded.log common_forwarded CustomLog /var/log/apache2/gitlab_access.log combined env=!dontlog CustomLog /var/log/apache2/gitlab.log combined </VirtualHost> 

configuration/home/git/gitlab/config/gitlab.yml

 production: &base gitlab: host: gitlab.mydomain.com port: 80 https: false trusted_proxies: email_from: noreply@mydomain.com email_display_name: GitLab email_reply_to: noreply@mydomain.com email_subject_suffix: '' default_projects_features: issues: true merge_requests: true wiki: true snippets: true builds: true container_registry: true incoming_email: enabled: false address: "gitlab-incoming+%{key}@gmail.com" user: "gitlab-incoming@gmail.com" password: "[REDACTED]" host: "imap.gmail.com" port: 993 ssl: true start_tls: false mailbox: "inbox" artifacts: enabled: true lfs: enabled: true gravatar: cron_jobs: stuck_ci_builds_worker: cron: "0 0 * * *" expire_build_artifacts_worker: cron: "50 * * * *" repository_check_worker: cron: "20 * * * *" admin_email_worker: cron: "0 0 * * 0" repository_archive_cache_worker: cron: "0 * * * *" registry: gitlab_ci: ldap: enabled: false servers: main: label: 'LDAP' host: '_your_ldap_server' port: 389 uid: 'sAMAccountName' method: 'plain' # "tls" or "ssl" or "plain" bind_dn: '_the_full_dn_of_the_user_you_will_bind_with' password: '_the_password_of_the_bind_user' timeout: 10 active_directory: true allow_username_or_email_login: false block_auto_created_users: false base: '' user_filter: '' attributes: username: ['uid', 'userid', 'sAMAccountName'] email: ['mail', 'email', 'userPrincipalName'] name: 'cn' first_name: 'givenName' last_name: 'sn' omniauth: enabled: false allow_single_sign_on: ["saml"] block_auto_created_users: true auto_link_ldap_user: false auto_link_saml_user: false external_providers: [] providers: shared: satellites: path: /home/git/gitlab-satellites/ repositories: storages: # You must have at least a `default` storage path. default: /home/git/repositories/ backup: path: "tmp/backups" gitlab_shell: path: /home/git/gitlab-shell/ hooks_path: /home/git/gitlab-shell/hooks/ upload_pack: true receive_pack: true git: bin_path: /usr/bin/git max_size: 20971520 # 20.megabytes timeout: 10 extra: rack_attack: git_basic_auth: 

/home/git/gitlab/unicorn.rb ,我有

 worker_processes 4 working_directory "/home/git/gitlab" # available in 0.94.0+ listen "/home/git/gitlab/tmp/sockets/gitlab.socket", :backlog => 1024 listen "127.0.0.1:8080", :tcp_nopush => true 

production.log只是说这个

 Started POST "/ci/api/v1/builds/register.json" for 35.154.26.24 at 2016-11-19 08:16:45 +0000 Started GET "/anshad/test.git/info/refs?service=git-upload-pack" for 137.97.204.60 at 2016-11-19 08:16:47 +0000 Processing by Projects::GitHttpController#info_refs as */* Parameters: {"service"=>"git-upload-pack", "namespace_id"=>"anshad", "project_id"=>"test.git"} Filter chain halted as :authenticate_user rendered or redirected Completed 401 Unauthorized in 23ms (Views: 0.3ms | ActiveRecord: 1.6ms) Started POST "/ci/api/v1/builds/register.json" for 35.154.26.24 at 2016-11-19 08:16:48 +0000 Started POST "/ci/api/v1/builds/register.json" for 35.154.26.24 at 2016-11-19 08:16:51 +0000 Started POST "/ci/api/v1/builds/register.json" for 35.154.26.24 at 2016-11-19 08:16:54 +0000 Started GET "/anshad/test.git/info/refs?service=git-upload-pack" for 137.97.204.60 at 2016-11-19 08:16:56 +0000 Processing by Projects::GitHttpController#info_refs as */* Parameters: {"service"=>"git-upload-pack", "namespace_id"=>"anshad", "project_id"=>"test.git"} Filter chain halted as :authenticate_user rendered or redirected Completed 401 Unauthorized in 25ms (Views: 0.3ms | ActiveRecord: 2.2ms) Started GET "/anshad/test.git/info/refs?service=git-upload-pack" for 137.97.204.60 at 2016-11-19 08:16:57 +0000 Processing by Projects::GitHttpController#info_refs as */* Parameters: {"service"=>"git-upload-pack", "namespace_id"=>"anshad", "project_id"=>"test.git"} Completed 500 Internal Server Error in 98ms (ActiveRecord: 3.1ms) JWT::DecodeError (Nil JSON web token): lib/gitlab/workhorse.rb:120:in `verify_api_request!' app/controllers/projects/git_http_client_controller.rb:154:in `verify_workhorse_api!' lib/gitlab/request_profiler/middleware.rb:15:in `call' lib/gitlab/middleware/go.rb:16:in `call' Started POST "/ci/api/v1/builds/register.json" for 35.154.26.24 at 2016-11-19 08:16:57 +0000 

问题在GitLab

需要注意的是,这个引用的系统是从源代码构建的,支持的nginx被替换为Apache(没有官方的gitlab支持)。
这是交易 – 在我的系统上的标准nginx配置我可以看到这一点

 upstream gitlab-workhorse { server unix:/var/opt/gitlab/gitlab-workhorse/socket; } proxy_pass http://gitlab-workhorse; 

这意味着 – 它使用套接字。 不是网络端口。 如果我试图看看主力甚至是在网络上听 – 我会看到它不是。

 ps -ef|grep -i workhorse lsof -p pid 

不会显示由workhorse pid打开的任何网络端口。 所以也许apache配置不正确? 它应该使用套接字而不是端口?

首先,请仔细检查您的gitlab主版本,如果它与您当前的GitLab安装兼容。

在你提到的所有GitLab问题中, 22484的评论似乎是最有前途的:

在我的情况下,主力的日志显示访问./.gitlab_workhorse_secret错误

在一些挖掘之后,修正是将以下内容添加到/etc/systemd/system/gitlab-workhorse.service的主要启动命令行:

 -secretPath /home/git/gitlab/.gitlab_workhorse_secret 

作为参考,完整的ExecStart现在是:

 ExecStart=/home/git/gitlab/bin/daemon_with_pidfile /home/git/gitlab/tmp/pids/gitlab-workhorse.pid \ /home/git/gitlab-workhorse/gitlab-workhorse -listenUmask 0 -listenNetwork unix \ -listenAddr /home/git/gitlab/tmp/sockets/gitlab-workhorse.socket \ -authBackend http://127.0.0.1:8080 -authSocket /home/git/gitlab/tmp/sockets/gitlab.socket \ -documentRoot /home/git/gitlab/public -secretPath /home/git/gitlab/.gitlab_workhorse_secret \ >> /home/git/gitlab/log/gitlab-workhorse.log 2>&1 

另一种可能性是:

在我的情况下,500错误是由/etc/gitlab/gitlab.rb错误的nginx配置引起的。

如果我在nginx之前有一些东西,比如在我的情况下haproxy。 我忽略了这个事实。 它在NGiNX设置中进行了描述。

在我的情况下,在haproxy发送后端到8081现在正在监听nginx(原来我设置了8080 – 默认的独角兽服务) –
我没有配置gitlab只有haproxy,没有nginx图层。

所以在我的配置中很重要

 nginx['listen_port'] = 8081 nginx['listen_https'] = false 

请注意,这两个问题都是针对NGiNX的( 使用Apache2时有一个 )


还有一个关于403(权限被拒绝)错误的提及:

通过启用HTTPS和SSH克隆,我们能够解决403问题; 我们只启用了SSH克隆,这似乎是造成这个问题的原因。 这可以通过转到https:///admin/application_settings和双重检查Enabled Git access protocols进行更改


这些结论在合并请求6843中进行了总结

但还有更多:

看看默认文件,它看起来像升级和默认值应该是一些混淆。
使用默认的配置文件示例( init.dnginx ), gitlab-workhorse将侦听Unix套接字而不是IP:端口。
Nginx示例配置文件对于Unix套接字确实有一些行,但代理传递到一个地址。

我想第一次设置gitlab我需要点我的nginx配置到Unicorn端口绑定,因为它是我在开始gitlab服务时在netstat中看到的唯一端口。
如果您将git clone请求发送给Unicorn,您将得到500错误。
我所要做的就是改变gitlab-workhorse来收听我的回头地址并指向Nginx。 这清除了我的HTTP 500错误与克隆
查看更多关于GitLab Workhorse的简史