[英]git clone with http not working in gitlab
我在域(Ubuntu)上安裝了GitLab CE,使用http的git clone無法正常工作,但ssh運行良好。
git clone git@gitlab.mydomain.com:anshad/test.git
有效。
git clone http://gitlab.mydomain.com/anshad/test.git
無法正常工作。
Cloning into 'test'...
Username for 'http://gitlab.mydomain.com': anshad
Password for 'http://anshad@gitlab.mydomain.com':
fatal: unable to access 'http://gitlab.mydomain.com/anshad/test.git/': The requested URL returned error: 500
sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production
說
System information
System: Ubuntu 16.04
Current User: git
Using RVM: no
Ruby Version: 2.3.1p112
Gem Version: 2.5.1
Bundler Version:1.13.6
Rake Version: 10.5.0
Sidekiq Version:4.2.1
GitLab information
Version: 8.14.0-pre
Revision: 358e814
Directory: /home/git/gitlab
DB Adapter: postgresql
URL: http://gitlab.mydomain.com
HTTP Clone URL: http://gitlab.mydomain.com/some-group/some-project.git
SSH Clone URL: git@gitlab.mydomain.com:some-group/some-project.git
Using LDAP: no
Using Omniauth: no
GitLab Shell
Version: 4.0.0
Repository storage paths:
- default: /home/git/repositories/
Hooks: /home/git/gitlab-shell/hooks/
Git: /usr/bin/git
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production
說
Checking GitLab Shell ...
GitLab Shell version >= 4.0.0 ? ... OK (4.0.0)
Repo base directory exists?
default... yes
Repo storage directories are symlinks?
default... no
Repo paths owned by git:git?
default... yes
Repo paths access is drwxrws---?
default... yes
hooks directories in repos are links: ...
Anshad Vattapoyil / test ... repository is empty
Running /home/git/gitlab-shell/bin/check
Check GitLab API access: OK
Access to /home/git/.ssh/authorized_keys: OK
Send ping to redis server: OK
gitlab-shell self-check successful
Checking GitLab Shell ... Finished
Checking Sidekiq ...
Running? ... yes
Number of Sidekiq processes ... 1
Checking Sidekiq ... Finished
Checking Reply by email ...
Reply by email is disabled in config/gitlab.yml
Checking Reply by email ... Finished
Checking LDAP ...
LDAP is disabled in config/gitlab.yml
Checking LDAP ... Finished
Checking GitLab ...
Git configured with autocrlf=input? ... yes
Database config exists? ... yes
All migrations up? ... yes
Database contains orphaned GroupMembers? ... no
GitLab config exists? ... yes
GitLab config outdated? ... no
Log directory writable? ... yes
Tmp directory writable? ... yes
Uploads directory setup correctly? ... yes
Init script exists? ... yes
Init script up-to-date? ... yes
projects have namespace: ...
Anshad Vattapoyil / test ... yes
Redis version >= 2.8.0? ... yes
Ruby version >= 2.1.0 ? ... yes (2.3.1)
Your git bin path is "/usr/bin/git"
Git version >= 2.7.3 ? ... yes (2.7.4)
Active users: 1
Checking GitLab ... Finished
域的Apache虛擬主機配置,
<VirtualHost *:80>
ServerAdmin anshad@mydomain.com
ServerName gitlab.mydomain.com
ServerAlias www.gitlab.mydomain.com
ServerSignature Off
ProxyPreserveHost On
AllowEncodedSlashes NoDecode
<Location />
Require all granted
ProxyPassReverse http://localhost:8080
ProxyPassReverse http://gitlab.mydomain.com/
</Location>
RewriteEngine on
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
RewriteCond %{REQUEST_URI} ^/uploads/.*
RewriteRule .* http://127.0.0.1:8080%{REQUEST_URI} [P,QSA,NE]
DocumentRoot /home/git/gitlab/public
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
ErrorLog /var/log/apache2/gitlab_error.log
CustomLog /var/log/apache2/gitlab_forwarded.log common_forwarded
CustomLog /var/log/apache2/gitlab_access.log combined env=!dontlog
CustomLog /var/log/apache2/gitlab.log combined
</VirtualHost>
配置/home/git/gitlab/config/gitlab.yml
production: &base
gitlab:
host: gitlab.mydomain.com
port: 80
https: false
trusted_proxies:
email_from: noreply@mydomain.com
email_display_name: GitLab
email_reply_to: noreply@mydomain.com
email_subject_suffix: ''
default_projects_features:
issues: true
merge_requests: true
wiki: true
snippets: true
builds: true
container_registry: true
incoming_email:
enabled: false
address: "gitlab-incoming+%{key}@gmail.com"
user: "gitlab-incoming@gmail.com"
password: "[REDACTED]"
host: "imap.gmail.com"
port: 993
ssl: true
start_tls: false
mailbox: "inbox"
artifacts:
enabled: true
lfs:
enabled: true
gravatar:
cron_jobs:
stuck_ci_builds_worker:
cron: "0 0 * * *"
expire_build_artifacts_worker:
cron: "50 * * * *"
repository_check_worker:
cron: "20 * * * *"
admin_email_worker:
cron: "0 0 * * 0"
repository_archive_cache_worker:
cron: "0 * * * *"
registry:
gitlab_ci:
ldap:
enabled: false
servers:
main:
label: 'LDAP'
host: '_your_ldap_server'
port: 389
uid: 'sAMAccountName'
method: 'plain' # "tls" or "ssl" or "plain"
bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
password: '_the_password_of_the_bind_user'
timeout: 10
active_directory: true
allow_username_or_email_login: false
block_auto_created_users: false
base: ''
user_filter: ''
attributes:
username: ['uid', 'userid', 'sAMAccountName']
email: ['mail', 'email', 'userPrincipalName']
name: 'cn'
first_name: 'givenName'
last_name: 'sn'
omniauth:
enabled: false
allow_single_sign_on: ["saml"]
block_auto_created_users: true
auto_link_ldap_user: false
auto_link_saml_user: false
external_providers: []
providers:
shared:
satellites:
path: /home/git/gitlab-satellites/
repositories:
storages: # You must have at least a `default` storage path.
default: /home/git/repositories/
backup:
path: "tmp/backups"
gitlab_shell:
path: /home/git/gitlab-shell/
hooks_path: /home/git/gitlab-shell/hooks/
upload_pack: true
receive_pack: true
git:
bin_path: /usr/bin/git
max_size: 20971520 # 20.megabytes
timeout: 10
extra:
rack_attack:
git_basic_auth:
在/home/git/gitlab/unicorn.rb
,我有
worker_processes 4
working_directory "/home/git/gitlab" # available in 0.94.0+
listen "/home/git/gitlab/tmp/sockets/gitlab.socket", :backlog => 1024
listen "127.0.0.1:8080", :tcp_nopush => true
production.log
只說這
Started POST "/ci/api/v1/builds/register.json" for 35.154.26.24 at 2016-11-19 08:16:45 +0000
Started GET "/anshad/test.git/info/refs?service=git-upload-pack" for 137.97.204.60 at 2016-11-19 08:16:47 +0000
Processing by Projects::GitHttpController#info_refs as */*
Parameters: {"service"=>"git-upload-pack", "namespace_id"=>"anshad", "project_id"=>"test.git"}
Filter chain halted as :authenticate_user rendered or redirected
Completed 401 Unauthorized in 23ms (Views: 0.3ms | ActiveRecord: 1.6ms)
Started POST "/ci/api/v1/builds/register.json" for 35.154.26.24 at 2016-11-19 08:16:48 +0000
Started POST "/ci/api/v1/builds/register.json" for 35.154.26.24 at 2016-11-19 08:16:51 +0000
Started POST "/ci/api/v1/builds/register.json" for 35.154.26.24 at 2016-11-19 08:16:54 +0000
Started GET "/anshad/test.git/info/refs?service=git-upload-pack" for 137.97.204.60 at 2016-11-19 08:16:56 +0000
Processing by Projects::GitHttpController#info_refs as */*
Parameters: {"service"=>"git-upload-pack", "namespace_id"=>"anshad", "project_id"=>"test.git"}
Filter chain halted as :authenticate_user rendered or redirected
Completed 401 Unauthorized in 25ms (Views: 0.3ms | ActiveRecord: 2.2ms)
Started GET "/anshad/test.git/info/refs?service=git-upload-pack" for 137.97.204.60 at 2016-11-19 08:16:57 +0000
Processing by Projects::GitHttpController#info_refs as */*
Parameters: {"service"=>"git-upload-pack", "namespace_id"=>"anshad", "project_id"=>"test.git"}
Completed 500 Internal Server Error in 98ms (ActiveRecord: 3.1ms)
JWT::DecodeError (Nil JSON web token):
lib/gitlab/workhorse.rb:120:in `verify_api_request!'
app/controllers/projects/git_http_client_controller.rb:154:in `verify_workhorse_api!'
lib/gitlab/request_profiler/middleware.rb:15:in `call'
lib/gitlab/middleware/go.rb:16:in `call'
Started POST "/ci/api/v1/builds/register.json" for 35.154.26.24 at 2016-11-19 08:16:57 +0000
在GitLab上發行
重要的是要注意,所涉及的該系統是從源代碼構建的,並且受支持的nginx已替換為Apache(尚未由gitlab正式支持)。
這是交易-在我系統上的標准nginx配置中,我可以看到
upstream gitlab-workhorse {
server unix:/var/opt/gitlab/gitlab-workhorse/socket;
}
proxy_pass http://gitlab-workhorse;
這意味着-它正在使用套接字。 不是網絡端口。 如果我嘗試查看主力服務器是否還在網絡上收聽-我會發現事實並非如此。
ps -ef|grep -i workhorse
lsof -p pid
將不會顯示任何由主力pid打開的網絡端口。 那么,也許apache config不正確? 應該使用套接字而不是端口嗎?
首先,仔細檢查您的gitlab主力版本,以及它是否與當前的GitLab安裝兼容。
在您引用的所有GitLab問題中,對22484的評論似乎是最有希望的:
就我而言,主力的日志顯示訪問
./.gitlab_workhorse_secret
經過一些挖掘之后,解決方法是將以下內容添加到
/etc/systemd/system/gitlab-workhorse.service
的主力啟動命令行中:
-secretPath /home/git/gitlab/.gitlab_workhorse_secret
作為參考,完整的
ExecStart
現在為:
ExecStart=/home/git/gitlab/bin/daemon_with_pidfile /home/git/gitlab/tmp/pids/gitlab-workhorse.pid \
/home/git/gitlab-workhorse/gitlab-workhorse -listenUmask 0 -listenNetwork unix \
-listenAddr /home/git/gitlab/tmp/sockets/gitlab-workhorse.socket \
-authBackend http://127.0.0.1:8080 -authSocket /home/git/gitlab/tmp/sockets/gitlab.socket \
-documentRoot /home/git/gitlab/public -secretPath /home/git/gitlab/.gitlab_workhorse_secret \
>> /home/git/gitlab/log/gitlab-workhorse.log 2>&1
另一種可能性是:
在我的情況下,500錯誤是由
/etc/gitlab/gitlab.rb
錯誤的nginx配置引起的。
如果我在nginx之前有東西,例如haproxy。 我忽略了這個事實。 在NGiNX設置中進行了描述。
在我的情況下,haproxy將后端發送到8081,現在正在監聽nginx(最初我設置為8080-默認的獨角獸服務)-
我無法僅使用haproxy來配置gitlab,而無法使用nginx層。
所以在我的配置中很重要
nginx['listen_port'] = 8081
nginx['listen_https'] = false
請注意,這兩個問題都與NGiNX有關( 使用Apache2時存在一個問題)
還提到了403(拒絕權限)錯誤:
通過啟用HTTPS和SSH克隆,我們能夠解決403問題; 我們僅啟用了SSH克隆功能,這似乎是造成此問題的原因。 可以通過轉到
https:///admin/application_settings
並再次選中Enabled Git access protocols
來更改此設置
合並請求6843中總結了這些結論
但是還有更多:
查看默認文件,似乎對升級以及默認值應該有什么困惑。
使用默認的配置文件示例(init.d
和nginx
),gitlab-workhorse
將在Unix套接字而不是IP:port上偵聽。
Nginx示例配置文件的確有一些用於Unix套接字的行,但是代理傳遞到一個地址。我以為是第一次設置gitlab,我需要將我的Nginx配置指向Unicorn端口綁定,因為這是我啟動gitlab服務時在netstat中看到的唯一設置端口。
如果您將git clone
請求發送給Unicorn,則會收到500錯誤。
我要做的是更改gitlab-workhorse以收聽我的回溯地址,並將Nginx指向該地址。 這樣就可以通過克隆清除HTTP 500錯誤 。
查看更多有關GitLab工作馬的簡史
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.