[英]Gitlab CI token - 403 with apache
I'm running gitlab on my server. 我在我的服务器上运行gitlab。 I'm serving the website with apache2 (with https). 我正在使用apache2(使用https)为网站服务。
Recently I got started with gitlab CI, but ran into a problem I just can't resolve on my own: I always get a 403 error: 最近我开始使用gitlab CI,但遇到了一个我无法自行解决的问题:我总是遇到403错误:
remote: Access denied
fatal: unable to access 'https://gitlab-ci-token:xxxxxxxxxxxxxxxxxxxx@git.mydomain.com/group/project.git/': The requested URL returned error: 403
Both SSH and HTTP(S) are enabled for cloning and ci works just fine with public projects, checking all gitlab logs reveals that the runner isn't authenticated thus triggering a 403. SSH和HTTP(S)都启用了克隆,ci适用于公共项目,检查所有gitlab日志显示跑步者未经过身份验证,从而触发403。
My best guess is that the apache configuration doesn't pass the ci-token to gitlab, but neither do I know how I can check that, nor do I believe that this is truly the cause. 我最好的猜测是apache配置没有将ci-token传递给gitlab,但我也不知道如何检查它,我也不相信这是真正的原因。
My vhost: 我的vhost:
<VirtualHost *:80>
ServerName git.mydomain.com
ServerSignature Off
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [NE,R,L]
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLProtocol all -SSLv2
SSLHonorCipherOrder on
SSLCipherSuite "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"
Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
SSLCompression Off
SSLCertificateFile /etc/letsencrypt/live/git.mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/git.mydomain.com/privkey.pem
SSLCACertificateFile /etc/letsencrypt/live/git.mydomain.com/chain.pem
ServerName git.mydomain.com
ServerSignature Off
ProxyPreserveHost On
AllowEncodedSlashes NoDecode
<Location />
Require all granted
ProxyPassReverse http://127.0.0.1:8181
ProxyPassReverse http://git.mydomain.com/
</Location>
RewriteEngine on
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
RewriteCond %{REQUEST_URI} ^/uploads/.*
RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
RequestHeader set X_FORWARDED_PROTO 'https'
RequestHeader set X-Forwarded-Ssl on
DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public
ErrorDocument 404 /404.html
ErrorDocument 422 /422.html
ErrorDocument 500 /500.html
ErrorDocument 502 /502.html
ErrorDocument 503 /503.html
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
ErrorLog /var/log/apache2/gitlab_error.log
CustomLog /var/log/apache2/gitlab_forwarded.log common_forwarded
CustomLog /var/log/apache2/gitlab_access.log combined env=!dontlog
CustomLog /var/log/apache2/gitlab.log combined
</VirtualHost>
Relevant part of /etc/gitlab/gitlab.rb /etc/gitlab/gitlab.rb的相关部分
external_url 'https://git.mydomain.com'
nginx['enable'] = false
web_server['external_users'] = ['www-data']
gitlab_workhorse['listen_network'] = "tcp"
gitlab_workhorse['listen_addr'] = "127.0.0.1:8181"
gitlab_rails['gitlab_email_reply_to'] = 'webmaster@mydomain.com'
The Runner config: Runner配置:
[[runners]]
name = "Runner Name"
url = "https://git.mydomain.com/ci"
token = "Some generated token"
executor = "shell"
[runners.cache]
/etc/default/gitlab: 在/ etc /默认/ gitlab:
gitlab_workhorse_options="-listenUmask 0 -listenNetwork tcp -listenAddr 127.0.0.1:8181 -authBackend http://127.0.0.1:8080"
.gitlab-ci.yml: .gitlab-ci.yml:
stages:
- compile
compilei7:
stage: compile
script:
- /./home/public/folder/someScript.sh -f `$PWD`
tags:
- neededtag
All help is appreciated, I ran against a wall here. 所有的帮助表示赞赏,我在这里碰壁。 Thanks. 谢谢。
似乎这是我修复的一个更新,因为我发布了这个问题,因为它现在正在使用完全相同的服务器和配置。
This happens when a GitLab Runner tries to clone the project from the Git repo. 当GitLab Runner尝试从Git仓库克隆项目时会发生这种情况。
In order to solve that problem, add yourself as a member of the project: 为了解决这个问题,请将自己添加为项目的成员:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.