I have the same problem, until I read the official document here:
If there line is http, gitlab will not use https at all, without any warning T_T....
/etc/gitlab/gitlab.rbfile? It should contain:
external_url "https://gitlab.example.com" nginx['redirect_http_to_https'] = true nginx['ssl_certificate'] = "/etc/gitlab/ssl/gitlab.crt" nginx['ssl_certificate_key'] = "/etc/gitlab/ssl/gitlab.key"Make sure to remember to run
gitlab-ctl reconfigureafter change the contents of the file. Also check the contents of
/var/opt/gitlab/nginx/etc/gitlab-http.confThis is the Nginx configuration that is autogenerated. Is there a server block with
listen *:443in it? You can also run
gitlab-ctl startjust to make sure that all the components are up and running.
No, I have not done any additional firewall stuff cause my knowledge at this moment is way to limited for that I would say…
The output of the command you mentioned is:
mark@code:~$ sudo netstat -plunt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 871/postgres
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1079/master
tcp 0 0 0.0.0.0:1338 0.0.0.0:* LISTEN 920/sshd
tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 863/redis-server 12
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 15227/config.ru
tcp6 0 0 :::25 :::* LISTEN 1079/master
tcp6 0 0 :::1338 :::* LISTEN 920/sshd
Would there be anyone who would be able to point me in the right direction, I am still having no luck with this issue.
Any help would be much appreciated.
Is your certificate encrypted with passphrase? Check your nginx logs: /var/log/gitlab/nginx/*
If you find something like this:
2014-07-31_10:21:02.65460 nginx: [emerg] SSL_CTX_use_PrivateKey_file("/etc/gitlab/ssl/gitlab.key") failed (SSL: error:0906406D:PEM routines:PEM_def_callba ck:problems getting password error:0906A068:PEM routines:PEM_do_header:bad password read error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib) 2014-07-31_10:21:03.69148 Enter PEM pass phrase:
You can use this command to remove passphrase:
openssl rsa -in server.key.org -out server.key
I seem to have it working for the most part, but the gravatar images keep being loaded via http instead of https.