Apache2
帶有 Apache 2.4 的 Gitlab 給出 502: AH01102: error reading status line from remote server 127.0.0.1:8080
我不是伺服器管理員,所以我不會每天都配置 Apache 伺服器。
但我想在我們的伺服器上使用帶有 SSL 和 Apache 2.4.6 的 Gitlab。(CentOS 7 上的 httpd)。
到目前為止,我已經添加了證書 (
.pem
) 並打開了 SSL。頭 -30 /opt/gitlab/embedded/service/gitlab-rails/config/gitlab.yml
gitlab: ## Web server settings (note: host is the FQDN, do not include http://) host: gitlab.my-domain.org port: 443 https: true # The maximum time unicorn/puma can spend on the request. This needs to be smaller than the worker timeout. # Default is 95% of the worker timeout max_request_duration_seconds: 57
阿帕奇配置:
<IfModule mod_ssl.c> <VirtualHost *:443> ServerName gitlab.my-domain.org ServerSignature Off ProxyPreserveHost On ProxyTimeout 60 AllowEncodedSlashes NoDecode SSLEngine on SSLProxyEngine on SSLCertificateFile /etc/letsencrypt/live/some-original-domain/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/some-original-domain/privkey.pem Include /etc/letsencrypt/options-ssl-apache.conf SSLCertificateChainFile /etc/letsencrypt/live/some-original-domain/chain.pem <Location /> # New authorization commands for apache 2.4 and up # http://httpd.apache.org/docs/2.4/upgrading.html#access Require all granted ProxyPassReverse http://127.0.0.1:8080 ProxyPassReverse https://gitlab.my-domain.org/ </Location> RewriteEngine on RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR] RewriteCond %{REQUEST_URI} ^/uploads/.* RewriteRule .* https://127.0.0.1:8080%{REQUEST_URI} [P,QSA] RequestHeader set X_FORWARDED_PROTO 'https' RequestHeader set X-Forwarded-Ssl on # needed for downloading attachments DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up. # ErrorDocument 404 /404.html # ErrorDocument 422 /422.html # ErrorDocument 500 /500.html # ErrorDocument 503 /deploy.html LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded ErrorLog /var/log/httpd/gitlab.my-domain_error.log CustomLog /var/log/httpd/gitlab.my-domain_forwarded.log common_forwarded CustomLog /var/log/httpd/gitlab.my-domain_access.log combined env=!dontlog CustomLog /var/log/httpd/gitlab.my-domain.log combined </VirtualHost> </IfModule>
一定有一些錯誤配置,我只看到:
[proxy_http:error] [pid 18466] (103)Software caused connection abort: [client {IP}:32906] AH01102: error reading status line from remote server 127.0.0.1:8080 [proxy:error] [pid 18466] [client {IP}:32906] AH00898: Error reading from remote server returned by /
而且我不明白
<location>
這個配置的一部分也為wget http://localhost:8080/api/v3/internal/檢查伺服器
{....} connection refused ERROR 410: Gone.
最後
gitlab-rake gitlab:check
:Checking GitLab subtasks ... Checking GitLab Shell ... GitLab Shell: ... GitLab Shell version >= 13.7.0 ? ... OK (13.7.0) Running /opt/gitlab/embedded/service/gitlab-shell/bin/check Internal API available: OK Redis available via internal API: OK gitlab-shell self-check successful Checking GitLab Shell ... Finished Checking Gitaly ... Gitaly: ... default ... OK Checking Gitaly ... Finished Checking Sidekiq ... Sidekiq: ... Running? ... yes Number of Sidekiq processes ... 1 Checking Sidekiq ... Finished Checking Incoming Email ... Incoming Email: ... Reply by email is disabled in config/gitlab.yml Checking Incoming Email ... Finished Checking LDAP ... LDAP: ... LDAP is disabled in config/gitlab.yml Checking LDAP ... Finished Checking GitLab App ... Git configured correctly? ... yes Database config exists? ... yes All migrations up? ... yes Database contains orphaned GroupMembers? ... no GitLab config exists? ... yes GitLab config up to date? ... yes Log directory writable? ... yes Tmp directory writable? ... yes Uploads directory exists? ... yes Uploads directory has correct permissions? ... yes Uploads directory tmp has correct permissions? ... skipped (no tmp uploads folder yet) Init script exists? ... skipped (omnibus-gitlab has no init script) Init script up-to-date? ... skipped (omnibus-gitlab has no init script) Projects have namespace: ... GitLab Instance / Monitoring ... yes sdp-dev / sdp-services ... yes sdp-dev / co2compass-app ... yes sdp-dev / sdp-api ... yes sdp-dev / sdp-ops ... yes Redis version >= 4.0.0? ... yes Ruby version >= 2.5.3 ? ... yes (2.6.6) Git version >= 2.24.0 ? ... yes (2.28.0) Git user has default SSH configuration? ... yes Active users: ... 3 Is authorized keys file accessible? ... yes GitLab configured to store new projects in hashed storage? ... yes All projects are in hashed storage? ... yes Checking GitLab App ... Finished Checking GitLab subtasks ... Finished
我認為這不是超時問題,因為來自瀏覽器的整個請求大約需要 150 毫秒。我能夠通過
http
之前訪問 Gitlab 實例。任何的想法?
編輯:網路統計
為了澄清,Gitlab 是否應該在127.0.0.1:8080下可用,我認為該服務在那裡可用。
netstat -tupln Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:9229 0.0.0.0:* LISTEN 28566/gitlab-workho tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 6202/puma: cluster tcp 0 0 127.0.0.1:9168 0.0.0.0:* LISTEN 28564/puma 4.3.5.gi tcp 0 0 127.0.0.1:8082 0.0.0.0:* LISTEN 28846/sidekiq 5.2.9 tcp 0 0 127.0.0.1:9236 0.0.0.0:* LISTEN 28523/gitaly tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 4950/httpd tcp6 0 0 ::1:9168 :::* LISTEN 28564/puma 4.3.5.gi
Apache 配置有問題:
RewriteRule .* http://127.0.0.1:8080%{REQUEST_URI} [P,QSA]
代替
https://...
我所做的另一項更改是添加
SSLCompression Off
但我完全不確定它的影響。
無論如何,現在它工作正常。
我以前從未設置過 Gitlab 實例,但看起來您已將 Gitlab 配置為偵聽 127.0.0.1:443,而不是 apache 配置文件中配置的 127.0.0.1:8080。
您正在使用 apache 設置反向代理,網路流量如下所示:
Gitlab ( http://127.0.0.1:8080 ) -> Apache 反向代理 -> https://gitlab.my-domain.com/
所以在你的 Gitlab 配置文件中,改變
port: 443
到
port: 8080