Gitlab recipes

From ElphelWiki
Jump to: navigation, search

X-Frame headers

X-Frame-Options header

  • Edit: /opt/gitlab/embedded/service/gitlab-rails/app/controllers/application_controller.rb in def default_headers:
-headers['X-Frame-Options'] = 'DENY'
+headers['X-Frame-Options'] = 'ALLOW-FROM https://www.elphel.com/'
  • Restart services
gitlab-ctl restart


Nginx behind apache2 misconfiguration

Error log

gitlab bind() to 0.0.0.0:80 failed (98: Address already in use)

Also, running gitlab-ctl status shows that nginx is getting restarted:

run: gitaly: (pid 22266) 938s; run: log: (pid 18631) 277569s
run: gitlab-monitor: (pid 22295) 938s; run: log: (pid 18630) 277569s
run: gitlab-workhorse: (pid 22300) 937s; run: log: (pid 18617) 277569s
run: logrotate: (pid 22312) 937s; run: log: (pid 18635) 277569s
run: nginx: (pid 23828) 2s; run: log: (pid 18629) 277569s
run: node-exporter: (pid 22394) 936s; run: log: (pid 18636) 277569s
run: postgres-exporter: (pid 22401) 936s; run: log: (pid 18649) 277569s
run: postgresql: (pid 22406) 935s; run: log: (pid 18618) 277569s
run: prometheus: (pid 22414) 935s; run: log: (pid 18616) 277569s
run: redis: (pid 22429) 934s; run: log: (pid 18625) 277569s
run: redis-exporter: (pid 22434) 934s; run: log: (pid 18615) 277569s
run: sidekiq: (pid 22440) 933s; run: log: (pid 18626) 277569s
run: unicorn: (pid 22447) 933s; run: log: (pid 18619) 277569s

Versions

GitLab 10.5.1
GitLab Shell 6.0.3
GitLab Workhorse v3.6.0
GitLab API v4
Ruby 2.3.6p384
Rails 4.2.10
postgresql 9.6.5

Problem

  • /etc/gitlab/gitlab.rb:
# nginx['enable'] = true
# nginx['client_max_body_size'] = '250m'
# nginx['redirect_http_to_https'] = false
# nginx['redirect_http_to_https_port'] = 80

redirect_http_to_https default option is probably true or is ignored resulting in a nginx config record:

  • /var/opt/gitlab/nginx/conf/gitlab-http.conf:
server {
  listen *:80;
  ...
}

which is in conflict with Apache

Solution

In /etc/gitlab/gitlab.rb uncommented and changed nginx['redirect_http_to_https_port'] to another port:

nginx['redirect_http_to_https_port'] = 8033

Then:

~# gitlab-ctl reconfigure
~# gitlab-ctl restart