Skip to content

GitLab

Closed
Created by Administrator@rootOwner

Setting relative url can not using ssh to clone/push/pull

Created by: swpustc

I install gitlab 7.2.2 as branch 7-2-stable Installation document without setting relative url, and everything works OK. With setting relative url root, the ssh prompt:

$ git push
Access denied.
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

But using https will OK.

I add relative url from config/application.rb, and check all configure files.

The log in gitlag-shell is:(With clone by ssh)

 E, [2014-09-20T21:04:43.160014 #4719] ERROR -- : API call <POST https://swpustc.wicp.net/g/api/v3/internal/allowed> failed: 405 => <>.
 W, [2014-09-20T21:04:43.160200 #4719]  WARN -- : gitlab-shell: Access denied for git command <git-receive-pack 'swp/gnuinvisualstudio.git'> by user with key key-1.

The log in gitlab/log/production.log is:(With clone by https)

Started POST "/g/api/v3/internal/allowed" for 127.0.0.1 at 2014-09-20 21:04:40 +0800
Started POST "/g/api/v3/internal/allowed" for 127.0.0.1 at 2014-09-20 21:37:53 +0800
Started GET "/g/swp/gnuinvisualstudio.git/info/refs?service=git-upload-pack" for 36.33.39.194 at 2014-09-20 21:38:16 +0800
Started POST "/g/swp/gnuinvisualstudio.git/git-upload-pack" for 36.33.39.194 at 2014-09-20 21:38:16 +0800

The nginx configure file is: gitLab's relative url is /g.

upstream gitlab {
  server unix:/home/git/gitlab/tmp/sockets/gitlab.socket;
}
server {
  listen *:80 default_server;
  listen [::]:80 default_server ipv6only=on;
  server_name wpustc.wicp.net; ## Replace this with something like gitlab.example.com
  server_tokens off; ## Don't show the nginx version number, a security best practice
  root /nowhere; ## root doesn't have to be a valid path since we are redirecting
  rewrite ^ https://$server_name$request_uri permanent;
}

 server {
  listen 443 ssl;
  listen [::]:443 ipv6only=on;
  server_name swpustc.wicp.net; ## Replace this with something like gitlab.example.com
  server_tokens off;
  root /home/git/html;
  #index index.html index.htm;

  # Strong SSL Security
  # https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
  ssl on;
  ssl_certificate /etc/nginx/ssl/gitlab.crt;
  ssl_certificate_key /etc/nginx/ssl/gitlab.key;
  ssl_session_timeout 5m;

  ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4';

ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache  builtin:1000  shared:SSL:10m;

ssl_prefer_server_ciphers   on;

add_header Strict-Transport-Security max-age=63072000;
add_header X-Frame-Options DENY;

rewrite ^/g$ /g/;

location / {
  try_files $uri $uri/ $uri/index.html $uri/index.htm @jmpgit;
}

location @jmpgit {
  return 302 /g$request_uri;
}

location /g/ {
  root /home/git/gitlab/public;

  ## Increase this if you want to upload large attachments
  ## Or if you want to accept large git objects over http
  client_max_body_size 500m;

  add_header X-Content-Type-Options nosniff;

  ## Individual nginx logs for this GitLab vhost
  access_log  /var/log/nginx/gitlab_access.log;
  error_log   /var/log/nginx/gitlab_error.log;

  ## Serve static files from defined root folder.
  ## @gitlab is a named location for the upstream fallback, see below.
  try_files $uri $uri/index.html $uri.html @gitlab;
}

## If a file, which is not found in the root folder is requested,
## then the proxy pass the request to the upsteam (gitlab unicorn).
location @gitlab {

 ## If you use https make sure you disable gzip compression
  ## to be safe against BREACH attack.
  gzip off;

  ## https://github.com/gitlabhq/gitlabhq/issues/694
  ## Some requests take more than 30 seconds.
 proxy_read_timeout      300;
  proxy_connect_timeout   300;
  proxy_redirect          off;

  proxy_set_header    Host                $http_host;
  proxy_set_header    X-Real-IP           $remote_addr;
  proxy_set_header    X-Forwarded-Ssl     on;
  proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
  proxy_set_header    X-Forwarded-Proto   $scheme;
  proxy_set_header    X-Frame-Options     SAMEORIGIN;

  proxy_pass http://gitlab;
}

## Enable gzip compression as per rails guide:
## http://guides.rubyonrails.org/asset_pipeline.html#gzip-compression
## WARNING: If you are using relative urls do remove the block below
## See config/application.rb under "Relative url support" for the list of
## other files that need to be changed for relative url support
 #location ~ ^/g/(assets)/ {
#  root /home/git/gitlab/public;
 #  gzip_static on; # to serve pre-gzipped version
#  expires max;
#  add_header Cache-Control public;
#}

error_page 404 /404.html;
error_page 422 /422.html;
error_page 500 /500.html;
error_page 502 /502.html;

}