I'm attempting to set up gitlab so that it is accessible through a subdirectory of an existing apache server, example.com/gitlab, for example. I am trying to use passenger, as this seems to be the easiest to set up, but other solutions would also be acceptable. Using a separate virtual host for gitlab is unfortunately not an option for me.
My Setup
In setting this up, I have followed the gitlab setup guide and the passenger documentation.
I believe the most relevant parts of /etc/httpd/conf/httpd.conf are the following:
DocumentRoot "/home/.www"
# gitlab config
RackBaseURI /gitlab
<Directory "/home/.www/gitlab">
Options -MultiViews
</Directory>
The DocumentRoot of apache contains a symlink to the gitlab public directory:
$ ls -l /home/.www
lrwxrwxrwx 1 root http 23 Jul 29 12:35 gitlab -> ../gitlab/gitlab/public
Passenger was installed using the passenger-install-apache2-module script, and the config lines output by the script are included in the apache config.
I have played with the relative_url_root in config/gitlab.yml; that did not have any effect (judging from the the comments in the file, this mechanism seems to be discouraged or deprecated---it would be nice to avoid it).
Results
When accessing example.com/gitlab, I get the following output (a plain text document):
Not Found: /
Apache's logs indicate that passenger has started, but that at least favicon.ico is being requested from the document root, when it should be be requested from the subdirectory as /gitlab/favicon.ico:
[ 2013-07-29 14:14:12.1029 2037/7f3502e1e740 agents/HelperAgent/Main.cpp:597 ]: PassengerHelperAgent online, listening at unix:/tmp/passenger.1.0.2033/generation-0/request
[ 2013-07-29 14:14:12.1150 2043/7fa24dbf3740 agents/LoggingAgent/Main.cpp:330 ]: PassengerLoggingAgent online, listening at unix:/tmp/passenger.1.0.2033/generation-0/logging
[ 2013-07-29 14:14:12.1154 2034/7ff20a0cb740 agents/Watchdog/Main.cpp:635 ]: All Phusion Passenger agents started!
[Mon Jul 29 14:14:12 2013] [notice] Digest: generating secret for digest authentication ...
[Mon Jul 29 14:14:12 2013] [notice] Digest: done
[ 2013-07-29 14:14:13.0297 2057/7f5380ee3740 agents/Watchdog/Main.cpp:452 ]: Options: { 'analytics_log_user' => 'nobody', 'default_group' => 'nobody', 'default_python' => 'python', 'default_ruby' => '/usr/bin/ruby', 'default_user' => 'nobody', 'log_level' => '0', 'max_instances_per_app' => '0', 'max_pool_size' => '6', 'passenger_root' => '/usr/lib/ruby/gems/2.0.0/gems/passenger-4.0.10', 'pool_idle_time' => '300', 'temp_dir' => '/tmp', 'union_station_gateway_address' => 'gateway.unionstationapp.com', 'union_station_gateway_port' => '443', 'user_switching' => 'true', 'web_server_pid' => '2055', 'web_server_type' => 'apache', 'web_server_worker_gid' => '33', 'web_server_worker_uid' => '33' }
[ 2013-07-29 14:14:13.0367 2061/7f92eefef740 agents/HelperAgent/Main.cpp:597 ]: PassengerHelperAgent online, listening at unix:/tmp/passenger.1.0.2055/generation-0/request
[ 2013-07-29 14:14:13.0485 2067/7f4cc5205740 agents/LoggingAgent/Main.cpp:330 ]: PassengerLoggingAgent online, listening at unix:/tmp/passenger.1.0.2055/generation-0/logging
[ 2013-07-29 14:14:13.0490 2057/7f5380ee3740 agents/Watchdog/Main.cpp:635 ]: All Phusion Passenger agents started!
[Mon Jul 29 14:14:13 2013] [notice] Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/1.0.1e DAV/2 Phusion_Passenger/4.0.10 configured -- resuming normal operations
[ 2013-07-29 14:14:16.8354 2061/7f92eef2a700 Pool2/Spawner.h:738 ]: [App 2096 stdout]
[ 2013-07-29 14:14:24.8814 2061/7f92eef2a700 Pool2/SmartSpawner.h:301 ]: Preloader for /home/.www/../gitlab/gitlab started on PID 2096, listening on unix:/tmp/passenger.1.0.2055/generation-0/backends/preloader.2096
[Mon Jul 29 14:14:25 2013] [error] [client 129.241.220.221] File does not exist: /home/.www/favicon.ico
It seems to me that it should not be necessary to start any puma server or similar, so I have not run any bundle exec rake ... commands to start anything rails-related when generating the logs above (I have tried that but I'm not including the output here as it seems identical to me).
Does anyone see what I am doing wrong?
I don't think that Passenger is the easiest way to configure Apache for GitLab. Using a local reverse proxy is actually more simple.
The lastest version of GitLab (6.0) is using Unicorn, but it almost the same with Puma.
In your config/unicorn.rb file, comment listen directive and add:
listen "127.0.0.1:9242"
In your Apache configuration, you can then add
ProxyPass /gitlab http://127.0.0.1:9242
ProxyPassReverse /gitlab http://127.0.0.1:9242
Restart Apache and GitLab, and it should work.
Running Gitlab in a subdirectory is not officially supported, but works fine (I'm currently running an instance). I don't know anything about Passenger, but this is how you run it using unicorn and a frontend proxy:
You need to set you subdirectory in three places (to cite the default gitlab.yml):
# Uncomment and customize the last line to run in a non-root path
# WARNING: This feature is no longer supported
# Note that three settings need to be changed for this to work.
# 1) In your application.rb file: config.relative_url_root = "/gitlab"
# 2) In your gitlab.yml file: relative_url_root: /gitlab
# 3) In your unicorn.rb: ENV['RAILS_RELATIVE_URL_ROOT']
#
relative_url_root: /gitlab
I just put the ENV['RAILS_RELATIVE_URL_ROOT'] '/gitlab' somewhere at the top in unicorn.rb, as there is no "default" place.
After this, you need to start sidekiq (the background job deamon) and unicorn (the webserver for gitlab) as described in the installation documentation. The supplied init script works really well.
Finally you need to setup your apache webserver to proxy requests to the backend unicorn instance. mod_proxy configured as a reverse proxy should do the job. (Arthurs answer has a bit more detail on this part)
If you (or someone comming from google) want to use nginx as a frontend proxy, this is the configuration I use:
location /gitlab {
alias /home/git/gitlab/public;
access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;
# serve static files from defined root folder;.
# #gitlab is a named location for the upstream fallback, see below
try_files $uri $uri/index.html $uri.html #gitlab;
}
# if a file, which is not found in the root folder is requested,
# then the proxy pass the request to the upsteam (gitlab unicorn)
location #gitlab {
proxy_read_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
proxy_connect_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
proxy_redirect off;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://gitlab;
access_log /var/log/nginx/gitlab_access.log;
error_log /var/log/nginx/gitlab_error.log;
}
I did the following to get gitlab 6.2.2 available in a sub-directory with Apache and a LAMP environment:
enable the following apache modules:
sudo a2enmod proxy
sudo a2enmod proxy_balancer
sudo a2enmod proxy_http
sudo a2enmod rewrite
right from the documentation, do the following:
# 1) In your application.rb file: config.relative_url_root = "/gitlab"
# 2) In your gitlab.yml file: relative_url_root: /gitlab
# 3) In your unicorn.rb: ENV['RAILS_RELATIVE_URL_ROOT'] = "/gitlab"
in /etc/apache2/mod-available/proxy.conf:
ProxyRequests On
ProxyPreserveHost on
<Proxy *>
AddDefaultCharset off
Order deny,allow
Allow from all
AllowOverride All
</Proxy>
in /etc/apache2/apache2.conf:
ProxyPass /gitlab/ http://127.0.0.1:8080/gitlab/
ProxyPassReverse /gitlab/ http://127.0.0.1:8080/gitlab/
ProxyPass /gitlab http://127.0.0.1:8080/gitlab
ProxyPassReverse /gitlab http://127.0.0.1:8080/gitlab
ProxyPass /assets http://127.0.0.1:8080/gitlab/assets
ProxyPassReverse /assets http://127.0.0.1:8080/gitlab/assets
An update on user1258056's post :
On recent releases of Gitlab (I'm using 10.0.3), the proposed solution leads to assets not being loaded (Error 401 : Not Authorized)
To fix this, add the following lines in /etc/gitlab/gitlab.rb :
unicorn['port'] = 8081
gitlab_workhorse['listen_addr'] ="127.0.0.1:8181"
gitlab_workhorse['listen_network'] = "tcp"
And change /etc/apache2/apache2.conf as follow :
ProxyPass /gitlab/assets/ http://127.0.0.1:8181/gitlab/assets/
ProxyPassReverse /gitlab/assets/ http://127.0.0.1:8181/gitlab/assets/
ProxyPass /gitlab/ http://127.0.0.1:8081/gitlab/
ProxyPassReverse /gitlab/ http://127.0.0.1:8081/gitlab/
ProxyPass /gitlab http://127.0.0.1:8081/gitlab
ProxyPassReverse /gitlab http://127.0.0.1:8081/gitlab
This leads to assets request being dispatched to the Workhorse component (port 8181), while other requests go through the usual path (port 8081)
I use gitlab & nginx.
use gitlab in subdir has many problems (or bugs).
I use gitlab.example.com (easy to configure, easy to remember), not example.com/gitlab.
Related
I am contacting you because I can't get mercure to work in production.
The binary prebuild runs fine, but when I try to connect to the hub, I get a 404 no found.
Here is the command I run :
sudo MERCURE_PUBLISHER_JWT_KEY='eyJhbGciOiJIUzI1NiIsInR5cCI6...' MERCURE_SUBSCRIBER_JWT_KEY='eyJhbGciOiJIUzI1NiIsInR5cCI6...' SERVER_NAME=:3000 ./mercure run
the server launches without any problem apparently:
2022/02/15 17:38:09.919 INFO using adjacent Caddyfile
2022/02/15 17:38:09.920 WARN input is not formatted with 'caddy fmt' {"adapter": "caddyfile", "file": "Caddyfile", "line": 3}
2022/02/15 17:38:09.921 INFO admin admin endpoint started {"address": "tcp/localhost:2019", "enforce_origin": false, "origins": ["[::1]:2019", "127.0.0.1:2019", "localhost:2019"]}
2022/02/15 17:38:09.922 INFO tls.cache.maintenance started background certificate maintenance {"cache": "0xc0000cb7a0"}
2022/02/15 17:38:09.935 INFO tls cleaning storage unit {"description": "FileStorage:/root/.local/share/caddy"}
2022/02/15 17:38:09.935 INFO tls finished cleaning storage units
2022/02/15 17:38:09.935 INFO autosaved config (load with --resume flag) {"file": "/root/.config/caddy/autosave.json"}
2022/02/15 17:38:09.935 INFO serving initial configuration
my .env is configured as such:
###> symfony/mercure-bundle ###
MERCURE_URL=https://monsite.com/.well-known/mercure
MERCURE_PUBLIC_URL=https://monsite.com/.well-known/mercure
MERCURE_JWT_SECRET="eyJhbGciOiJIUzI1NiIsInR5cCI6..."
###< symfony/mercure-bundle ###
My CaddyFile :
# Learn how to configure the Mercure.rocks Hub on https://mercure.rocks/docs/hub/config
{
{$GLOBAL_OPTIONS}
}
{$SERVER_NAME:monsite.com}
log
route {
encode zstd gzip
mercure {
# Transport to use (default to Bolt)
transport_url {$MERCURE_TRANSPORT_URL:bolt://mercure.db}
# Publisher JWT key
publisher_jwt {env.MERCURE_PUBLISHER_JWT_KEY} {env.MERCURE_PUBLISHER_JWT_ALG}
# Subscriber JWT key
subscriber_jwt {env.MERCURE_SUBSCRIBER_JWT_KEY} {env.MERCURE_SUBSCRIBER_JWT_ALG}
# Allow Subscribers
anonymous
# Extra directives
{$MERCURE_EXTRA_DIRECTIVES}
}
respond /healthz 200
respond "Not Found" 404
}
When I try to access the hub with postman by typing the following command:
https://monsite.com/.well-known/mercure
I get a 404 no found.
I am under linux debian 10 with apache2. I don't understand what I did wrong. Thanks for your help.
EDIT 21/02/2022
Hi Mehmet, here is what I did:
In /etc/apache2/sites-available monsite.conf and monsite-le-ssl.conf :
ProxyPass /mercure-hub http://localhost:8080/
ProxyPassReverse /mercure-hub http://localhost:8080/
In Caddyfile and Caddyfile.dev :
{
{$GLOBAL_OPTIONS}
auto_https off }
{$SERVER_NAME::8080}
Apparently the hub launches well, I have no error in the console:
debian#vps-...:/var/www/monsite/mercure$ sudo MERCURE_PUBLISHER_JWT_KEY='eyJhbGciOiJIUzI1NiIsInR5cCI6I...' MERCURE_SUBSCRIBER_JWT_KEY='eyJhbGciOiJIUzI1NiIsInR5cCI6I...' ./mercure run -config Caddyfile.dev
2022/02/21 13:31:20.672 INFO using provided configuration {"config_file": "Caddyfile.dev", "config_adapter": ""}
2022/02/21 13:31:20.675 WARN input is not formatted with 'caddy fmt' {"adapter": "caddyfile", "file": "Caddyfile.dev", "line": 3}
2022/02/21 13:31:20.676 INFO admin admin endpoint started {"address": "tcp/localhost:2019", "enforce_origin": false, "origins": ["localhost:2019", "[::1]:2019", "127.0.0.1:2019"]}
2022/02/21 13:31:20.676 INFO tls.cache.maintenance started background certificate maintenance {"cache": "0xc0003fe700"}
2022/02/21 13:31:20.703 INFO tls cleaning storage unit {"description": "FileStorage:/root/.local/share/caddy"}
2022/02/21 13:31:20.703 INFO tls finished cleaning storage units
2022/02/21 13:31:20.703 INFO autosaved config (load with --resume flag) {"file": "/root/.config/caddy/autosave.json"}
2022/02/21 13:31:20.704 INFO serving initial configuration
Whether I run Caddyfile or Caddyfile.dev, when accessing https://monsite.com/mercure-hub, I get a 500 error.
That is my apache settings. Maybe help to you.
open
nano /etc/apache2/sites-available/yourdomain.com-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
DocumentRoot /var/www/html/yourdomain.com
DirectoryIndex /index.php
ServerName yourdomain.com
#Settings for mercure
ProxyPass /mercure-hub http://localhost:8080
ProxyPassReverse /mercure-hub http://localhost:8080
<Directory /var/www/html/yourdomain.com >
AllowOverride None
Order Allow,Deny
Allow from All
FallbackResource /index.php
Options FollowSymLinks MultiViews
</Directory>
<Directory /var/www/html/yourdomain.com >
DirectoryIndex disabled
FallbackResource disabled
</Directory>
RewriteEngine on
Include /etc/letsencrypt/options-ssl-apache.conf
#YOUR SSL PEM FİLES
SSLCertificateFile /etc/letsencrypt/live …..
SSLCertificateKeyFile /etc/letsencrypt/live …..
</VirtualHost>
</IfModule>
Your caddyfile option should like that
{
{$GLOBAL_OPTIONS}
auto_https off
}
{$SERVER_NAME::8080}#this parameter will run http://localhost:8080
Mercure command
MERCURE_PUBLISHER_JWT_KEY='YOUR_KEY' MERCURE_SUBSCRIBER_JWT_KEY='YOUR_KEY' ./mercure run -config Caddyfile
you can try with Caddyfile.dev for test.
MERCURE_PUBLISHER_JWT_KEY='YOUR_KEY' MERCURE_SUBSCRIBER_JWT_KEY='YOUR_KEY' ./mercure run -config Caddyfile.dev
after this settings your mercure will run yourdomain.com/mercure-hub
After some digging, I tried to figure out why it was returning a 500 error. I went to the apache logs, I had this error message:
"No protocol handler was valid for the URL /. If you are using a DSO
version of mod_proxy, make sure the proxy submodules are included in
the configuration using LoadModule"
So I installed the missing components:
sudo a2enmod ssl
sudo a2enmod proxy
sudo a2enmod proxy_balancer
sudo a2enmod proxy_http
I also modified the proxy urls by adding a slash at the end of mercure-hub, otherwise I would get a 404 error:
ProxyPass /mercure-hub/ http://localhost:8080/
ProxyPassReverse /mercure-hub/ http://localhost:8080/
Restarted apache, and updated the Url in my .env :
MERCURE_URL=https://monsite.com/mercure-hub/.well-known/mercure
MERCURE_PUBLIC_URL=https://monsite.com/mercure-hub/.well-known/mercure
And it works, thanks a lot !
I have added a new domain to Amazon linux server running apache
<VirtualHost *:80>
ServerName mydomain.com
ServerAlias www.mydomain.com
DocumentRoot /var/www/mydomain
ErrorDocument 404 /index.html
ErrorLog /var/log/mydomain.com-error_log
CustomLog /var/log/mydomain.com-access_log common
<Directory /var/www/mydomain>
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</VirtualHost>
Restarted the server
checked status
sudo systemctl restart httpd active (running) 1 min
But for whatever reason the default apache index.html is served
Directory exists for the new domain , index.html is there chmod 644 done
Error log for the new domain is empty.
Access log and error lod are empty
-rw-r--r--. 1 root root 0 Dec 21 15:26 mydomain.com-access_log
-rw-r--r--. 1 root root 0 Dec 21 09:50 mydomain.com-error_log
tail of host error_log is normal
AH00489: Apache/2.4.37 (Red Hat Enterprise Linux) OpenSSL/1.1.1c configured -- resuming normal operations
[Mon Dec 21 15:02:24.161922 2020] [core:notice] [pid 73594:tid 140519198484800]
AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
I feel a permissions/cert problem. Or one more thing letsencrypt crt has been installed for the new domain probably successfully
[ec2-user#ip-xx-xx-xx-xx ~]$ wget mywwwdomain.com
--2020-12-21 15:57:26-- http://mywwwdomain.com/
Resolving mywwwdomain.com (mywwwdomain.com)... 55.55.55.55
Connecting to mywwwdomain.com (mywwwdomain.com)|55.55.55.55|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://mywwwdomain.com/ [following]
--2020-12-21 15:57:26-- https://mywwwdomain.com/
Connecting to mywwwdomain.com (mywwwdomain.com)|55.55.55.55|:443... connected.
ERROR: The certificate of ‘mywwwdomain.com’ is not trusted.
ERROR: The certificate of ‘mywwwdomain.com’ hasn't got a known issuer.
The certificate's owner does not match hostname ‘mywwwdomain.com’
[ec2-user#ip-xx-xx-xx-xx ~]$
55.55.55.55 - my IP address
How to debug further and fix this?
If you added a new domain in a new file, make sure the new file is properly included in the main httpd config file.
You can get a list of the VHs apache is serving issuing the following command:
# apache2ctl -S (On Debian/Ubuntu), # apachectl -S (On CentOS/RHEL) or
# httpd -S.
I need to forward all traffic from specified port to a Unix Domain Socket in Apache:
In sites-enabled/000-default.conf I have defined a VirtualHost:
<VirtualHost *:8091>
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / unix:/var/lib/jenkins/workspace/myproject/mysocket.sock|http://127.0.0.1/
ProxyPassReverse / unix:/var/lib/jenkins/workspace/myproject/mysocket.sock|http://127.0.0.1/
</VirtualHost>
In ports.conf I have:
Listen 80
Listen 8091
I have both proxy and proxy_http mods enabled:
krzysiek:/etc/apache2$ a2enmod proxy
Module proxy already enabled
krzysiek:/etc/apache2$ a2enmod proxy_http
Module proxy already enabled
I am using Apache 2.4.7 and offical documentation states that:
In 2.4.7 and later, support for using a Unix Domain Socket is available by using a target which prepends unix:/path/lis.sock|
When I reload Apache I get error:
krzysiek:/etc/apache2$ sudo service apache2 restart
* Restarting web server apache2 [fail]
* The apache2 configtest failed.
AH00526: Syntax error on line 64 of /etc/apache2/sites-enabled/000-default.conf:
ProxyPass URL must be absolute!
I tried changing:
ProxyPass / unix:/var/(...)
To:
ProxyPass / unix:///var/(...)
Then Apache reloads correctly but forwarding DOES NOT work, error.log says:
[proxy:warn] [pid 22436] [client 10.0.4.19:47662] AH01144: No protocol handler was valid for the URL /. If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
Could you explain me what I'm doing wrong? Or how do I forward traffic from port to unix socket on Apache correctly?
Might be a bit late 🙂, but the following apache config works for me:
ProxyRequests off
Define SOCKET_NAME /path/to/my.sock
ProxyPass / unix:${SOCKET_NAME}|uwsgi://%{HTTP_HOST}/
ProxyPassReverse / unix:${SOCKET_NAME}|uwsgi://%{HTTP_HOST}/
with modules proxy and proxy_uwsgi loaded.
Important do not place your socket in /tmp (I think systemd prevents the apache process to directly access it for security reasons).
Also, watch out for the file permissions.
I'm trying to run an Apache Solr Service (on its emdedded jetty server) on a remote server. The admin has provided me following information:
DNS: my.server.com
IP: xxx.xxx.xxx
Server OS: 3.16.0-4-amd64 #1 SMP Debian 3.16.36-1+deb8u1 (2016-09-03) x86_64 GNU/Linux
Only Port 80 is accessible. On the server we want to deploy Apache Solr and a microservice which uses Solr as search engine. I want to use Apache Webserver to forward the HTTP-Request to the Solr Admin UI and to the microservice UI, but it doesn't seem to work, I use Apache Server version: Apache/2.4.10 (Debian)
Server built: Sep 15 2016 20:44:43.
I installed Apache and started the server, so far everything works as expected. I can access the admin view from Apache entering the DNS in my browser.
I enabled a few modules following this articel https://www.digitalocean.com/community/tutorials/how-to-use-apache-http-server-as-reverse-proxy-using-mod_proxy-extension:
a2enmod proxy
a2enmod proxy_http
a2enmod proxy_ajp
a2enmod rewrite
a2enmod deflate
a2enmod headers
a2enmod proxy_balancer
a2enmod proxy_connect
a2enmod proxy_html
Then I tried to configure a virtual host under /etc/apache2/sites-available/myconf.conf:
<VirtualHost *:80>
DocumentRoot /var/www/html
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
ProxyPass /solr http://my.server.com:8983 retry=0 timeout=5
ProxyPassReverse /solr http://my.server.com:8983
ProxyPass /microservice http://my.server.com:6868 retry=0 timeout=5
ProxyPassReverse /microservice http://my.server.com:6868
LogLevel debug
</VirtualHost>
Solr uses its standard port 8983 and the microservice will be on port 6868. When I try to acces solr with http://my.server.com/solr I get an HTTP 503 Service unavailable.
I first tried this:
/usr/sbin/setsebool -P httpd_can_network_connect 1
But it changed nothing. I also had to install first:
apt-get install policycoreutils
to make this option available. The solr service seems to be ok:
solr status
Found 1 Solr nodes:
Solr process 14082 running on port 8983
{
"solr_home":"/etc/apache-solr/solr-6.2.0/server/solr",
"version":"6.2.0 764d0f19151dbff6f5fcd9fc4b2682cf934590c5 - mike - 2016-08-20 05:41:37",
"startTime":"2016-10-07T12:02:05.300Z",
"uptime":"0 days, 1 hours, 29 minutes, 55 seconds",
"memory":"29.7 MB (%6.1) of 490.7 MB"}
The Apache log keeps saying:
The timeout specified has expired: AH00957: HTTP: attempt to connect to xxx.xxx.xxx:8983 (my.server.com) failed
AH00959: ap_proxy_connect_backend disabling worker for (my.server.com) for 0s
AH01114: HTTP: failed to make connection to backend: my.server.com
Without my timeout setting everthing keeps the same but it takes ages before I get the 503 Error.
Any hints? After one day struggeling I'm depressed ... all I want is to finish the task.
Thanks in advance!
It turns out that I needed to append a slash to the urls:
ProxyPass /solr/ http://my.server.com:8983/ retry=0 timeout=5
ProxyPassReverse /solr/ http://my.server.com:8983/
ProxyPass /microservice/ http://my.server.com:6868/ retry=0 timeout=5
ProxyPassReverse /microservice/ http://my.server.com:6868/
I got GitLab up and running, but currently it doesn't use SSL. I use the Let's Encrypt Plesk Extension to get free SSL Certificates in general.
This is what my setup looks like:
Plesk v12.5.30_build1205150826.19 os_Ubuntu 14.04
GitLab 8.8.5
Let's Encrypt Plesk Extension v1.6 Release 1
Plesk Subdomain: git.my-domain.com
Plesk Apache & nginx Settings for git.my-domain.com:
Additional directives for HTTP :
<Location />
ProxyPass http://IP-of-my-domain:9999/
ProxyPassReverse http://IP-of-my-domain:9999/
</Location>
Additional directives for HTTPS :
<Location />
ProxyPass https://IP-of-my-domain:9998/
ProxyPassReverse https://IP-of-my-domain:9998/
</Location>
In my gitlab.rb file:
external_url "http://IP-of-my-domain:9999/"
I also found How do I use let’s encrypt with gitlab? and tried to adapt the answers but couldn't figure out what to put into:
nginx['custom_gitlab_server_config']="?"
nginx['custom_gitlab_mattermost_server_config']="?"
Http connection is working flawlessly (Subdomain or IP:Port, both work). As soon as I change to Https it doesn't and I get the following (also if I change external_url to port 9998):
Service Unavailable
The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.
Additionally, a 503 Service Unavailable error was encountered while trying to use an ErrorDocument to handle the request.
Certificate was installed before the ProxyPass and https works without any problems without the ProxyPass entries (i.e. the certificate exists and is valid).
If anyone got Plesk and GitLab with Let's Encrypt up and running, I would really appreciate if you could share your configuration.
I created symlinks in /etc/gitlab/ssl to my certificates
subdomain.domain.tld.crt => /opt/psa/var/modules/letsencrypt/etc/archive/subdomain.domain.tld/cert1.pem
subdomain.domain.tld.key => /opt/psa/var/modules/letsencrypt/etc/archive/subdomain.domain.tld/privkey1.pem
In file gitlab.rb
external_url 'https://gitlab.domain.tld'
gitlab_rails['gitlab_shell_ssh_port'] = 22
gitlab_rails['initial_shared_runners_registration_token'] = "token"
web_server['external_users'] = ['webUser']
nginx['enable'] = false # Tutorial
nginx['redirect_http_to_https'] = true
nginx['listen_https'] = false
In Plesk: Domain => Apache & nginx Settings => Additional nginx directives
location ~ / {
# for omnibus installation
root /opt/gitlab/embedded/service/gitlab-rails/public;
try_files $uri $uri/index.html $uri.html #gitlab;
}
# if a file, which is not found in the root folder is requested,
# then the proxy pass the request to the upsteam (gitlab unicorn)
location #gitlab {
proxy_read_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
proxy_connect_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
proxy_redirect off;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://gitlab;
}
In file gitlab.conf
upstream gitlab {
# for omnibus installation
server unix:/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket;
}