Self signed SSL not working properly (#4459) · Issues · gpt / large_projects / gitlabhq1

Self signed SSL not working properly

Created by: m4tthumphrey

The web interface is loading correctly (although the gravatars are not loading securey but I believe there is another ticket for that) but I cannot clone or push etc. I keep getting the following error:

Cloning into 'project-a'... fatal: Could not read from remote repository.

Please make sure you have the correct access rights and the repository exists.

I have set the self_signed_cert to true in /gitlab-shell/config.yml but nothing. My nginx is set up as follows:

# GITLAB
# Maintainer: @randx
# App Version: 5.0

upstream gitlab {
  server unix:/home/git/gitlab/tmp/sockets/gitlab.socket;
}

server {
  listen 80;         # e.g., listen 192.168.1.1:80; In most cases *:80 is a good idea
  server_name git.domain.com;     # e.g., server_name source.example.;
  rewrite        ^ https://$server_name$request_uri? permanent;
}

server {
  listen 443 default_server;         # e.g., listen 192.168.1.1:80; In most cases *:80 is a good idea
  ssl on;
  ssl_certificate certs/server.crt;
  ssl_certificate_key certs/server.key;
  server_name git.domain.com;     # e.g., server_name source.example.com;
  server_tokens off;     # don't show the version number, a security best practice
  root /home/git/gitlab/public;

  # individual nginx logs for this gitlab vhost
  access_log  /var/log/nginx/gitlab_access.log;
  error_log   /var/log/nginx/gitlab_error.log;

  location / {
    # serve static files from defined root folder;.
    # @gitlab is a named location for the upstream fallback, see below
    try_files $uri $uri/index.html $uri.html @gitlab;
  }

  # if a file, which is not found in the root folder is requested,
  # then the proxy pass the request to the upsteam (gitlab unicorn)
  location @gitlab {
    proxy_read_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
    proxy_connect_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
    proxy_redirect     off;

    proxy_set_header   X-Forwarded-Proto $scheme;
    proxy_set_header   Host              $http_host;
    proxy_set_header   X-Real-IP         $remote_addr;

    proxy_pass http://gitlab;
  }
}

I've seen a few other issues mentioned the CA certificate but a) can I even get a CA for a self signed and b) how do I get a CA?

Everything works 100% when not using SSL...

Help me!!!!