When I restart my gitlab server with sudo gitlab-ctl restart (Debian Jessie), while the server is loading, I get the 502 error, instead of the "Deploying" page. Then everything works fine. I don't understand why this happens.
Please be aware that this appears only when loading, then everything works fine. I'm not satisfied because I used to get the better "Deploying" page.
This started happening after I configured my gitlab to work through gitlab-workhorse to go through my apache server proxy (prior to that I had huge problems with web interface communication. Snapshots downloads didn't work, but now everything is fine). Before fixing that, I used to proxy gitlab's nginx.
The configuration I currently use for apache is the following, which complies to the standard configuration of Gitlab:
<VirtualHost *:443>
ServerName git.example.com
ServerSignature Off
ProxyPreserveHost On
# Ensure that encoded slashes are not decoded but left in their encoded state.
# http://doc.gitlab.com/ce/api/projects.html#get-single-project
AllowEncodedSlashes NoDecode
<Location />
# New authorization commands for apache 2.4 and up
# http://httpd.apache.org/docs/2.4/upgrading.html#access
Require all granted
#Allow forwarding to gitlab-workhorse
ProxyPassReverse http://127.0.0.1:8283
ProxyPassReverse https://git.example.com/
</Location>
RewriteEngine on
#Don't escape encoded characters in api requests
RewriteCond %{REQUEST_URI} ^/api/v3/.*
RewriteRule .* http://127.0.0.1:8283%{REQUEST_URI} [P,QSA,NE]
#Forward all requests to gitlab-workhorse except existing files like error documents
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
RewriteCond %{REQUEST_URI} ^/uploads/.*
RewriteRule .* http://127.0.0.1:8283%{REQUEST_URI} [P,QSA]
# needed for downloading attachments
DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public
#Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
ErrorDocument 404 /404.html
ErrorDocument 422 /422.html
ErrorDocument 500 /500.html
ErrorDocument 503 /deploy.html
#... ssl config
RequestHeader set X_FORWARDED_PROTO 'https'
RequestHeader set X-Forwarded-Ssl on
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
ErrorLog /home/myuser/logs/gitlab_error.log
CustomLog /home/myuser/logs/gitlab_forwarded.log common_forwarded
CustomLog /home/myuser/logs/gitlab_access.log combined env=!dontlog
CustomLog /home/myuser/logs/gitlab.log combined
</VirtualHost>
The only configuration I changed, is my /etc/gitlab/gitlab.rb, which I did for the proxy to work.
external_url 'https://git.example.com'
nginx['enable'] = false
web_server['external_users'] = ['www-data']
gitlab_workhorse['listen_network'] = "tcp"
gitlab_workhorse['listen_addr'] = "127.0.0.1:8283"
What is it that I'm doing wrong to get that 502 error instead of the nice "Deploying" page that I used to get before doing these changes?
If you require any additional information, please ask.
Usually I see this page after gitlab-ctl start.
My Solution is
sudo gitlab-ctl start
sudo gitlab-ctl reconfigure
refresh browser :)
Well, technically this is the way it should work, it's a 502 error after all. If you want to show the deploy page there is a manual way to set it up before each restart:
gitlab-ctl deploy-page up
Wait a minute and then again:
gitlab-ctl deploy-page down
Otherwise you can add to your Apache config:
ErrorDocument 502 /deploy.html
which will show the deploy page every time a 502 error occurs.
config server firewall to allow http and https:
sudo ufw enable
sudo ufw allow http
sudo ufw allow https
sudo ufw allow OpenSSH
sudo ufw status
Output
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
80/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
Related
I have 2 docker containers, 1 running apache2 and 1 running a python api.
In non-https, I was able to make the connection such that requests on 80 are channeled to the docker container running the python api. When I enable HTTPS, requests come in as 400 (bad request).
Any help greatly appreciated. This is my virtual host file.
<VirtualHost *:443>
ServerName domain.com
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://172.17.0.1:8000/
ProxyPassReverse / http://172.17.0.1:8000/
SSLEngine on
SSLCertificateFile "/usr/local/apache2/conf/.crt"
SSLCertificateKeyFile "/usr/local/apache2/conf/.key"
</VirtualHost>
Apache logs should contain a more detailed error, however based on the configuration you posted, I would check if "/usr/local/apache2/conf/.crt" and "/usr/local/apache2/conf/.key" exists.
How to configure redmine with https, in linux apache hosting server (i.e just host, bluehost).
normal http site is working. but it is not working in https. I am getting error like"Page not found".
What I usually do is to configure apache or nginx to redirect http to https
ServerAdmin webmaster#localhost
ServerName redmine.example.com
DocumentRoot /var/www/redmine/public
RewriteEngine on
ReWriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
ErrorLog /var/log/apache2/redmine_error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/redmine_access.log combined
don't forget the VirtualHost directives
you will need to enable ssl on your webserver
I Configured SSL for rails app running with thin server in CentOS linux environment with apache. When I try to open my site using "https" I am getting Apache error page and I checked apache error logs and got the following error message
Directory index forbidden by Options directive.
I made some changes in /etc/httpd/conf.d/welcome.conf as
"Options -Indexes" TO "Options +Indexes"
then I am getting directory structure in browser.
Please help me to solve the issue
Update:
<VirtualHost *:80>
ServerName XXXX
ServerAlias www.XXXX.com
DocumentRoot XXXX
RewriteEngine On
<Proxy balancer://thinservers>
BalancerMember http://127.0.0.1:3000
</Proxy>
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule ^/(.*)$ balancer://thinservers%{REQUEST_URI} [P,QSA,L]
ProxyPass / balancer://thinservers/
ProxyPassReverse / balancer://thinservers/
ProxyPreserveHost on
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
# Custom log file locations
ErrorLog XXXX
CustomLog XXXX
Your included Apache configuration shows the HTTP virtual host as it's litening on port 80
<VirtualHost *:80>
HTTPS connects to a different virtual host defined on port 443 you will need to modify this virtualhost's configuration in order to change the way the HTTPS portion of your website behaves.
I tried to add SSL support to my server with configuration from http://www.napcsweb.com/blog/2012/07/24/securing-a-rails-app-on-passenger-with-ssl/
#<VirtualHost *:80>
# ServerName 54.215.6.127
# RewriteEngine On
# RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=permanent]
#</VirtualHost>
<VirtualHost *:80>
#<VirtualHost *:443>
ServerName 54.215.6.127
# !!! Be sure to point DocumentRoot to 'public'!
DocumentRoot /home/ubuntu/my_app/current/public
<Directory /home/ubuntu/my_app/current/public>
Satisfy Any
# This relaxes Apache security settings.
AllowOverride all
Require all granted
# MultiViews must be turned off.
Options -MultiViews
</Directory>
#SSLEngine on
#SSLOptions +StrictRequire
#SSLCertificateFile /etc/apache2/certs/54.215.6.127.crt
#SSLCertificateKeyFile /etc/apache2/certs/54.215.6.127.key
</VirtualHost>
See that I commented line to set server to previous state, i.e. non SSL, but now server is unresponsive.
I do have keys as suggested in napcsweb blog: key, csr, and crt.
What am I missing in SSL configuration?
Passenger just stopped working, how could I start it again?
Update
It worked but just with http after change configuration, I commented:
#Satisfy Any
# This relaxes Apache security settings.
#AllowOverride all
#Require all granted
# MultiViews must be turned off.
Options -MultiViews
And restarted server
sudo apachectl restart
sudo service apache2 restart
But anyway, I need to set https.
Update 2
Ports 80 and 443 are listening, but for some reason 443 does not respond.
I had an error in my EC2 security group. I allowed access to port 443 and it worked.
I'm trying to configure SSL on EC2onrails with no luck. At present I am unable to even telnet into my server at port 443, it simply says trying MY.IP.ADDRESS... and stays there indefinitely. Telnet into 80 works fine.
This was my starting point. I followed the instructions exactly, and because I have a go daddy cert I created this custom default-ssl file so I could add the SSLCertificateChainFile directive:
NameVirtualHost *:443
<VirtualHost *:443>
Include /etc/apache2/sites-available/app.custom
Include /etc/apache2/sites-available/app.common
ErrorLog /mnt/log/apache2/error.log
LogLevel warn
CustomLog /mnt/log/apache2/access.log combined
# see http://httpd.apache.org/docs/2.2/ssl/ssl_intro.html and http://httpd.apache.org/docs/2.2/mod/mod_ssl.html
SSLEngine On
SSLCertificateFile /etc/ec2onrails/ssl/cert/ec2onrails-default.crt
SSLCertificateKeyFile /etc/ec2onrails/ssl/private/ec2onrails-default.key
SSLCertificateChainFile /etc/ec2onrails/ssl/cert/ec2onrails-chain.crt
RequestHeader set X_FORWARDED_PROTO 'https'
ServerName MY_SERVER_NAME
</VirtualHost>
Note that I had to add
ServerName MY_SERVER_NAME
Or else I saw the following warning at apache startup in the error.log file:
[Wed May 27 19:46:20 2009] [warn] RSA server certificate CommonName (CN) ` MY_SERVER_NAME' does NOT match server name!?
I have run cap ec2onrails:server:enable_ssl, apache boots up cleanly, regular access over port 80 works, and apache access logs indicate no request activity to port 443. I know apache is loading my default-ssl config files because if I type gobbledygook in them it complains at startup.
Has anyone else successfully gotten SSL working with EC2onRails? What else can I do to debug this issue? Right now I am using ec2onRails version 0.9.9.1 which is based on a version of Ubuntu.
OK I figured it out. Amazon's EC2 has it's own firewall as part of its "security group" concept. This firewall was blocking port 443.