Question

SSL on standard GitLab image

  • Posted June 20, 2014

Hi,

I just started out with a GitLab Droplet based on the ready provide image available.

Everything is running pretty smooth except I seem to be unable to get SSL working. I am following the guide I found here: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/README.md

To setup https. It seems all goes well until I try to connect to my url at http: or https: after the updates have been made. I just get a failed to open page message.

I checked on the server with “nmap localhost” and indeed when I change the config url to https://mydomain.com/ instead of http://mydomain.com/ that both port 80 and port 443 are not open. As long as the config says http://mydomain.com/ port 80 opens fine and connections through http can be made without problems.

Could anyone point me in the right direction on what I should do to get ssl working?

Thanks in advance.

  • Mark
Subscribe
Share

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Hi friend.

I have the same problem, until I read the official document here: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md

note the ‘https’ below

external_url “https://gitlab.example.com

If there line is http, gitlab will not use https at all, without any warning T_T…

Hi friend.

I have the same problem, until I read the official document here: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/nginx.md

note the ‘https’ below

external_url “https://gitlab.example.com

If there line is http, gitlab will not use https at all, without any warning T_T…

I seem to have it working for the most part, but the gravatar images keep being loaded via http instead of https.

Hi, Is your certificate encrypted with passphrase? Check your nginx logs: /var/log/gitlab/nginx/* If you find something like this:

2014-07-31_10:21:02.65460 nginx: [emerg] SSL_CTX_use_PrivateKey_file("/etc/gitlab/ssl/gitlab.key") failed (SSL: error:0906406D:PEM routines:PEM_def_callba
ck:problems getting password error:0906A068:PEM routines:PEM_do_header:bad password read error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib)
2014-07-31_10:21:03.69148 Enter PEM pass phrase:

You can use this command to remove passphrase:

openssl rsa -in server.key.org -out server.key

Would there be anyone who would be able to point me in the right direction, I am still having no luck with this issue.

Any help would be much appreciated.

Thanks!

No, I have not done any additional firewall stuff cause my knowledge at this moment is way to limited for that I would say…

The output of the command you mentioned is:

<pre> mark@code:~$ sudo netstat -plunt Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 871/postgres
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1079/master
tcp 0 0 0.0.0.0:1338 0.0.0.0:* LISTEN 920/sshd
tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 863/redis-server 12 tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 15227/config.ru tcp6 0 0 :::25 :::* LISTEN 1079/master
tcp6 0 0 :::1338 :::* LISTEN 920/sshd </pre>

Hi astarr,

Thanks for your input.

I do have exactly these lines in the config file exactly in the same way you posted them as well only, of course, my external_url is specified as my own custom url.

I run reconfigure once I save the config file and also the nginx configuration files does contain the line where it should listen to port 443.

However when all this is done and when I check nmap localhost both port 80 and 443 are closed. Once I rewrite the config with a normal http instead of https domain and run reconfigure, port 80 opens up again and the system becomes available again on a normal non https url.

  • Mark

I just ran through it and was able to make https work. Could you post your <code>/etc/gitlab/gitlab.rb</code> file? It should contain: <pre> external_url “https://gitlab.example.com” nginx[‘redirect_http_to_https’] = true nginx[‘ssl_certificate’] = “/etc/gitlab/ssl/gitlab.crt” nginx[‘ssl_certificate_key’] = “/etc/gitlab/ssl/gitlab.key” </pre> Make sure to remember to run <code>gitlab-ctl reconfigure</code> after change the contents of the file.

Also check the contents of <code>/var/opt/gitlab/nginx/etc/gitlab-http.conf</code> This is the Nginx configuration that is autogenerated. Is there a server block with <code>listen *:443</code> in it?

You can also run <code>gitlab-ctl start</code> just to make sure that all the components are up and running.