[英]git clone with http not working in gitlab
I have GitLab CE setup with my domain (Ubuntu) and the git clone with http not working but ssh works well. 我在域(Ubuntu)上安装了GitLab CE,使用http的git clone无法正常工作,但ssh运行良好。
git clone git@gitlab.mydomain.com:anshad/test.git
works. git clone git@gitlab.mydomain.com:anshad/test.git
有效。
git clone http://gitlab.mydomain.com/anshad/test.git
not working. git clone http://gitlab.mydomain.com/anshad/test.git
无法正常工作。
Cloning into 'test'...
Username for 'http://gitlab.mydomain.com': anshad
Password for 'http://anshad@gitlab.mydomain.com':
fatal: unable to access 'http://gitlab.mydomain.com/anshad/test.git/': The requested URL returned error: 500
sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production
says sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production
说
System information
System: Ubuntu 16.04
Current User: git
Using RVM: no
Ruby Version: 2.3.1p112
Gem Version: 2.5.1
Bundler Version:1.13.6
Rake Version: 10.5.0
Sidekiq Version:4.2.1
GitLab information
Version: 8.14.0-pre
Revision: 358e814
Directory: /home/git/gitlab
DB Adapter: postgresql
URL: http://gitlab.mydomain.com
HTTP Clone URL: http://gitlab.mydomain.com/some-group/some-project.git
SSH Clone URL: git@gitlab.mydomain.com:some-group/some-project.git
Using LDAP: no
Using Omniauth: no
GitLab Shell
Version: 4.0.0
Repository storage paths:
- default: /home/git/repositories/
Hooks: /home/git/gitlab-shell/hooks/
Git: /usr/bin/git
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production
says sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production
说
Checking GitLab Shell ...
GitLab Shell version >= 4.0.0 ? ... OK (4.0.0)
Repo base directory exists?
default... yes
Repo storage directories are symlinks?
default... no
Repo paths owned by git:git?
default... yes
Repo paths access is drwxrws---?
default... yes
hooks directories in repos are links: ...
Anshad Vattapoyil / test ... repository is empty
Running /home/git/gitlab-shell/bin/check
Check GitLab API access: OK
Access to /home/git/.ssh/authorized_keys: OK
Send ping to redis server: OK
gitlab-shell self-check successful
Checking GitLab Shell ... Finished
Checking Sidekiq ...
Running? ... yes
Number of Sidekiq processes ... 1
Checking Sidekiq ... Finished
Checking Reply by email ...
Reply by email is disabled in config/gitlab.yml
Checking Reply by email ... Finished
Checking LDAP ...
LDAP is disabled in config/gitlab.yml
Checking LDAP ... Finished
Checking GitLab ...
Git configured with autocrlf=input? ... yes
Database config exists? ... yes
All migrations up? ... yes
Database contains orphaned GroupMembers? ... no
GitLab config exists? ... yes
GitLab config outdated? ... no
Log directory writable? ... yes
Tmp directory writable? ... yes
Uploads directory setup correctly? ... yes
Init script exists? ... yes
Init script up-to-date? ... yes
projects have namespace: ...
Anshad Vattapoyil / test ... yes
Redis version >= 2.8.0? ... yes
Ruby version >= 2.1.0 ? ... yes (2.3.1)
Your git bin path is "/usr/bin/git"
Git version >= 2.7.3 ? ... yes (2.7.4)
Active users: 1
Checking GitLab ... Finished
Apache virtual host configuration for the domain, 域的Apache虚拟主机配置,
<VirtualHost *:80>
ServerAdmin anshad@mydomain.com
ServerName gitlab.mydomain.com
ServerAlias www.gitlab.mydomain.com
ServerSignature Off
ProxyPreserveHost On
AllowEncodedSlashes NoDecode
<Location />
Require all granted
ProxyPassReverse http://localhost:8080
ProxyPassReverse http://gitlab.mydomain.com/
</Location>
RewriteEngine on
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
RewriteCond %{REQUEST_URI} ^/uploads/.*
RewriteRule .* http://127.0.0.1:8080%{REQUEST_URI} [P,QSA,NE]
DocumentRoot /home/git/gitlab/public
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
ErrorLog /var/log/apache2/gitlab_error.log
CustomLog /var/log/apache2/gitlab_forwarded.log common_forwarded
CustomLog /var/log/apache2/gitlab_access.log combined env=!dontlog
CustomLog /var/log/apache2/gitlab.log combined
</VirtualHost>
Config /home/git/gitlab/config/gitlab.yml
配置
/home/git/gitlab/config/gitlab.yml
production: &base
gitlab:
host: gitlab.mydomain.com
port: 80
https: false
trusted_proxies:
email_from: noreply@mydomain.com
email_display_name: GitLab
email_reply_to: noreply@mydomain.com
email_subject_suffix: ''
default_projects_features:
issues: true
merge_requests: true
wiki: true
snippets: true
builds: true
container_registry: true
incoming_email:
enabled: false
address: "gitlab-incoming+%{key}@gmail.com"
user: "gitlab-incoming@gmail.com"
password: "[REDACTED]"
host: "imap.gmail.com"
port: 993
ssl: true
start_tls: false
mailbox: "inbox"
artifacts:
enabled: true
lfs:
enabled: true
gravatar:
cron_jobs:
stuck_ci_builds_worker:
cron: "0 0 * * *"
expire_build_artifacts_worker:
cron: "50 * * * *"
repository_check_worker:
cron: "20 * * * *"
admin_email_worker:
cron: "0 0 * * 0"
repository_archive_cache_worker:
cron: "0 * * * *"
registry:
gitlab_ci:
ldap:
enabled: false
servers:
main:
label: 'LDAP'
host: '_your_ldap_server'
port: 389
uid: 'sAMAccountName'
method: 'plain' # "tls" or "ssl" or "plain"
bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
password: '_the_password_of_the_bind_user'
timeout: 10
active_directory: true
allow_username_or_email_login: false
block_auto_created_users: false
base: ''
user_filter: ''
attributes:
username: ['uid', 'userid', 'sAMAccountName']
email: ['mail', 'email', 'userPrincipalName']
name: 'cn'
first_name: 'givenName'
last_name: 'sn'
omniauth:
enabled: false
allow_single_sign_on: ["saml"]
block_auto_created_users: true
auto_link_ldap_user: false
auto_link_saml_user: false
external_providers: []
providers:
shared:
satellites:
path: /home/git/gitlab-satellites/
repositories:
storages: # You must have at least a `default` storage path.
default: /home/git/repositories/
backup:
path: "tmp/backups"
gitlab_shell:
path: /home/git/gitlab-shell/
hooks_path: /home/git/gitlab-shell/hooks/
upload_pack: true
receive_pack: true
git:
bin_path: /usr/bin/git
max_size: 20971520 # 20.megabytes
timeout: 10
extra:
rack_attack:
git_basic_auth:
In /home/git/gitlab/unicorn.rb
, I have 在
/home/git/gitlab/unicorn.rb
,我有
worker_processes 4
working_directory "/home/git/gitlab" # available in 0.94.0+
listen "/home/git/gitlab/tmp/sockets/gitlab.socket", :backlog => 1024
listen "127.0.0.1:8080", :tcp_nopush => true
The production.log
says only this production.log
只说这
Started POST "/ci/api/v1/builds/register.json" for 35.154.26.24 at 2016-11-19 08:16:45 +0000
Started GET "/anshad/test.git/info/refs?service=git-upload-pack" for 137.97.204.60 at 2016-11-19 08:16:47 +0000
Processing by Projects::GitHttpController#info_refs as */*
Parameters: {"service"=>"git-upload-pack", "namespace_id"=>"anshad", "project_id"=>"test.git"}
Filter chain halted as :authenticate_user rendered or redirected
Completed 401 Unauthorized in 23ms (Views: 0.3ms | ActiveRecord: 1.6ms)
Started POST "/ci/api/v1/builds/register.json" for 35.154.26.24 at 2016-11-19 08:16:48 +0000
Started POST "/ci/api/v1/builds/register.json" for 35.154.26.24 at 2016-11-19 08:16:51 +0000
Started POST "/ci/api/v1/builds/register.json" for 35.154.26.24 at 2016-11-19 08:16:54 +0000
Started GET "/anshad/test.git/info/refs?service=git-upload-pack" for 137.97.204.60 at 2016-11-19 08:16:56 +0000
Processing by Projects::GitHttpController#info_refs as */*
Parameters: {"service"=>"git-upload-pack", "namespace_id"=>"anshad", "project_id"=>"test.git"}
Filter chain halted as :authenticate_user rendered or redirected
Completed 401 Unauthorized in 25ms (Views: 0.3ms | ActiveRecord: 2.2ms)
Started GET "/anshad/test.git/info/refs?service=git-upload-pack" for 137.97.204.60 at 2016-11-19 08:16:57 +0000
Processing by Projects::GitHttpController#info_refs as */*
Parameters: {"service"=>"git-upload-pack", "namespace_id"=>"anshad", "project_id"=>"test.git"}
Completed 500 Internal Server Error in 98ms (ActiveRecord: 3.1ms)
JWT::DecodeError (Nil JSON web token):
lib/gitlab/workhorse.rb:120:in `verify_api_request!'
app/controllers/projects/git_http_client_controller.rb:154:in `verify_workhorse_api!'
lib/gitlab/request_profiler/middleware.rb:15:in `call'
lib/gitlab/middleware/go.rb:16:in `call'
Started POST "/ci/api/v1/builds/register.json" for 35.154.26.24 at 2016-11-19 08:16:57 +0000
It's important to note that this system referenced in question was built from source code and supported nginx was replaced with Apache (not officially supported by gitlab). 重要的是要注意,所涉及的该系统是从源代码构建的,并且受支持的nginx已替换为Apache(尚未由gitlab正式支持)。
Here is the deal - in the standard nginx config on my system I can see this 这是交易-在我系统上的标准nginx配置中,我可以看到
upstream gitlab-workhorse {
server unix:/var/opt/gitlab/gitlab-workhorse/socket;
}
proxy_pass http://gitlab-workhorse;
Which means - it's using socket. 这意味着-它正在使用套接字。 Not a network port.
不是网络端口。 If I try to see if the workhorse even listening on network - I will see that it's not.
如果我尝试查看主力服务器是否还在网络上收听-我会发现事实并非如此。
ps -ef|grep -i workhorse
lsof -p pid
Would not show any network ports open by workhorse pid. 将不会显示任何由主力pid打开的网络端口。 So perhaps apache config is incorrect?
那么,也许apache config不正确? It should be using socket instead of port?
应该使用套接字而不是端口吗?
First, double-check your gitlab workhorse version and if it is compatible with your current GitLab installation. 首先,仔细检查您的gitlab主力版本,以及它是否与当前的GitLab安装兼容。
Of all the GitLab issues you reference, the comments on 22484 seem the most promising: 在您引用的所有GitLab问题中,对22484的评论似乎是最有希望的:
In my case, workhorse's logs showed an error accessing
./.gitlab_workhorse_secret
就我而言,主力的日志显示访问
./.gitlab_workhorse_secret
After some digging, the fix was to add the following to the workhorse startup command line in
/etc/systemd/system/gitlab-workhorse.service
:经过一些挖掘之后,解决方法是将以下内容添加到
/etc/systemd/system/gitlab-workhorse.service
的主力启动命令行中:
-secretPath /home/git/gitlab/.gitlab_workhorse_secret
For reference, the full
ExecStart
is now:作为参考,完整的
ExecStart
现在为:
ExecStart=/home/git/gitlab/bin/daemon_with_pidfile /home/git/gitlab/tmp/pids/gitlab-workhorse.pid \
/home/git/gitlab-workhorse/gitlab-workhorse -listenUmask 0 -listenNetwork unix \
-listenAddr /home/git/gitlab/tmp/sockets/gitlab-workhorse.socket \
-authBackend http://127.0.0.1:8080 -authSocket /home/git/gitlab/tmp/sockets/gitlab.socket \
-documentRoot /home/git/gitlab/public -secretPath /home/git/gitlab/.gitlab_workhorse_secret \
>> /home/git/gitlab/log/gitlab-workhorse.log 2>&1
The other possibility is: 另一种可能性是:
In my case 500 error was caused by bad nginx configuration in
/etc/gitlab/gitlab.rb
.在我的情况下,500错误是由
/etc/gitlab/gitlab.rb
错误的nginx配置引起的。
In case where I had something "before" the nginx, like in my case haproxy. 如果我在nginx之前有东西,例如haproxy。 I overlooked this fact.
我忽略了这个事实。 It is described in NGiNX settings .
在NGiNX设置中进行了描述。
In my case in haproxy sends backend to 8081 where is listening nginx now (originally I setted 8080 - default unicorn service) -
在我的情况下,haproxy将后端发送到8081,现在正在监听nginx(最初我设置为8080-默认的独角兽服务)-
I was not able configure gitlab only with haproxy, without nginx layer.我无法仅使用haproxy来配置gitlab,而无法使用nginx层。
So in my configuration was important 所以在我的配置中很重要
nginx['listen_port'] = 8081
nginx['listen_https'] = false
Note that both issues are for NGiNX (there is one when Apache2 is used ) 请注意,这两个问题都与NGiNX有关( 使用Apache2时存在一个问题)
There is also a mention about 403 (permission denied) errors: 还提到了403(拒绝权限)错误:
We were able to resolve the 403 issue by enabling both HTTPS and SSH cloning;
通过启用HTTPS和SSH克隆,我们能够解决403问题; we only had SSH cloning enabled which seemed to be causing the problem.
我们仅启用了SSH克隆功能,这似乎是造成此问题的原因。 This can be changed by going to
https:///admin/application_settings
and double checkingEnabled Git access protocols
可以通过转到
https:///admin/application_settings
并再次选中Enabled Git access protocols
来更改此设置
Those conclusions are summarized in merge request 6843 合并请求6843中总结了这些结论
But there is more: 但是还有更多:
Looking at the default files, it looks like there is some sort of confusion with upgrades and what the defaults should be.
查看默认文件,似乎对升级以及默认值应该有什么困惑。
With the default configuration file examples (init.d
andnginx
),gitlab-workhorse
will listen on a Unix socket and not an IP:port.使用默认的配置文件示例(
init.d
和nginx
),gitlab-workhorse
将在Unix套接字而不是IP:port上侦听。
The Nginx example config file does have some lines for Unix sockets, but the proxy pass goes to an address.Nginx示例配置文件的确有一些用于Unix套接字的行,但是代理传递到一个地址。
I thought setting gitlab up for the first time I needed point my nginx config to the Unicorn port bind as it was the only port I was seeing in netstat get setup when I started the gitlab services.
我以为是第一次设置gitlab,我需要将我的Nginx配置指向Unicorn端口绑定,因为这是我启动gitlab服务时在netstat中看到的唯一设置端口。
If you send thegit clone
request to Unicorn you will get the 500 error.如果您将
git clone
请求发送给Unicorn,则会收到500错误。
What I had to do is change gitlab-workhorse to listen to my lookback address and point Nginx there.我要做的是更改gitlab-workhorse以收听我的回溯地址,并将Nginx指向该地址。 That cleared up my HTTP 500 error with cloning .
这样就可以通过克隆清除HTTP 500错误 。
See more with A Brief History of GitLab Workhorse查看更多有关GitLab工作马的简史
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.