Apache2

帶有 Apache 2.4 的 Gitlab 給出 502: AH01102: error reading status line from remote server 127.0.0.1:8080

  • February 4, 2021

我不是伺服器管理員,所以我不會每天都配置 Apache 伺服器。

但我想在我們的伺服器上使用帶有 SSL 和 Apache 2.4.6 的 Gitlab。(CentOS 7 上的 httpd)。

到目前為止,我已經添加了證書 ( .pem) 並打開了 SSL。

頭 -30 /opt/gitlab/embedded/service/gitlab-rails/config/gitlab.yml

gitlab:
   ## Web server settings (note: host is the FQDN, do not include http://)
   host: gitlab.my-domain.org
   port: 443
   https: true

   # The maximum time unicorn/puma can spend on the request. This needs to be smaller than the worker timeout.
   # Default is 95% of the worker timeout
   max_request_duration_seconds: 57

阿帕奇配置:

<IfModule mod_ssl.c>
<VirtualHost *:443>  
 ServerName gitlab.my-domain.org
 ServerSignature Off

 ProxyPreserveHost On
 ProxyTimeout 60
 AllowEncodedSlashes NoDecode

 SSLEngine on
 SSLProxyEngine on
 SSLCertificateFile /etc/letsencrypt/live/some-original-domain/cert.pem
 SSLCertificateKeyFile /etc/letsencrypt/live/some-original-domain/privkey.pem
 Include /etc/letsencrypt/options-ssl-apache.conf
 SSLCertificateChainFile /etc/letsencrypt/live/some-original-domain/chain.pem

 <Location />
   # New authorization commands for apache 2.4 and up
   # http://httpd.apache.org/docs/2.4/upgrading.html#access
   Require all granted
   ProxyPassReverse http://127.0.0.1:8080
   ProxyPassReverse https://gitlab.my-domain.org/
 </Location>

 RewriteEngine on
 RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
 RewriteCond %{REQUEST_URI} ^/uploads/.*
 RewriteRule .* https://127.0.0.1:8080%{REQUEST_URI} [P,QSA]

 RequestHeader set X_FORWARDED_PROTO 'https'
 RequestHeader set X-Forwarded-Ssl on

 # needed for downloading attachments
 DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public

 #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up.
 # ErrorDocument 404 /404.html
 # ErrorDocument 422 /422.html
 # ErrorDocument 500 /500.html
 # ErrorDocument 503 /deploy.html

 LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded
 ErrorLog  /var/log/httpd/gitlab.my-domain_error.log
 CustomLog /var/log/httpd/gitlab.my-domain_forwarded.log common_forwarded
 CustomLog /var/log/httpd/gitlab.my-domain_access.log combined env=!dontlog
 CustomLog /var/log/httpd/gitlab.my-domain.log combined

</VirtualHost>
</IfModule>

一定有一些錯誤配置,我只看到:

[proxy_http:error] [pid 18466] (103)Software caused connection abort: [client {IP}:32906] AH01102: error reading status line from remote server 127.0.0.1:8080
[proxy:error] [pid 18466] [client {IP}:32906] AH00898: Error reading from remote server returned by /

而且我不明白<location> 這個配置的一部分

也為wget http://localhost:8080/api/v3/internal/檢查伺服器

{....} connection refused
ERROR 410: Gone.

最後gitlab-rake gitlab:check

Checking GitLab subtasks ...

Checking GitLab Shell ...

GitLab Shell: ... GitLab Shell version >= 13.7.0 ? ... OK (13.7.0)
Running /opt/gitlab/embedded/service/gitlab-shell/bin/check
Internal API available: OK
Redis available via internal API: OK
gitlab-shell self-check successful

Checking GitLab Shell ... Finished

Checking Gitaly ...

Gitaly: ... default ... OK

Checking Gitaly ... Finished

Checking Sidekiq ...

Sidekiq: ... Running? ... yes
Number of Sidekiq processes ... 1

Checking Sidekiq ... Finished

Checking Incoming Email ...

Incoming Email: ... Reply by email is disabled in config/gitlab.yml

Checking Incoming Email ... Finished

Checking LDAP ...

LDAP: ... LDAP is disabled in config/gitlab.yml

Checking LDAP ... Finished

Checking GitLab App ...

Git configured correctly? ... yes
Database config exists? ... yes
All migrations up? ... yes
Database contains orphaned GroupMembers? ... no
GitLab config exists? ... yes
GitLab config up to date? ... yes
Log directory writable? ... yes
Tmp directory writable? ... yes
Uploads directory exists? ... yes
Uploads directory has correct permissions? ... yes
Uploads directory tmp has correct permissions? ... skipped (no tmp uploads folder yet)
Init script exists? ... skipped (omnibus-gitlab has no init script)
Init script up-to-date? ... skipped (omnibus-gitlab has no init script)
Projects have namespace: ... 
GitLab Instance / Monitoring ... yes
sdp-dev / sdp-services ... yes
sdp-dev / co2compass-app ... yes
sdp-dev / sdp-api ... yes
sdp-dev / sdp-ops ... yes
Redis version >= 4.0.0? ... yes
Ruby version >= 2.5.3 ? ... yes (2.6.6)
Git version >= 2.24.0 ? ... yes (2.28.0)
Git user has default SSH configuration? ... yes
Active users: ... 3
Is authorized keys file accessible? ... yes
GitLab configured to store new projects in hashed storage? ... yes
All projects are in hashed storage? ... yes

Checking GitLab App ... Finished


Checking GitLab subtasks ... Finished

我認為這不是超時問題,因為來自瀏覽器的整個請求大約需要 150 毫秒。我能夠通過http之前訪問 Gitlab 實例。

任何的想法?

編輯:網路統計

為了澄清,Gitlab 是否應該在127.0.0.1:8080下可用,我認為該服務在那裡可用。

netstat -tupln

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    

tcp        0      0 127.0.0.1:9229          0.0.0.0:*               LISTEN      28566/gitlab-workho                  
tcp        0      0 127.0.0.1:8080          0.0.0.0:*               LISTEN      6202/puma: cluster  
tcp        0      0 127.0.0.1:9168          0.0.0.0:*               LISTEN      28564/puma 4.3.5.gi         
tcp        0      0 127.0.0.1:8082          0.0.0.0:*               LISTEN      28846/sidekiq 5.2.9 
tcp        0      0 127.0.0.1:9236          0.0.0.0:*               LISTEN      28523/gitaly                   
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      4950/httpd           
tcp6       0      0 ::1:9168                :::*                    LISTEN      28564/puma 4.3.5.gi

Apache 配置有問題:

RewriteRule .* http://127.0.0.1:8080%{REQUEST_URI} [P,QSA]

代替https://...

我所做的另一項更改是添加

SSLCompression Off

但我完全不確定它的影響。

無論如何,現在它工作正常。

我以前從未設置過 Gitlab 實例,但看起來您已將 Gitlab 配置為偵聽 127.0.0.1:443,而不是 apache 配置文件中配置的 127.0.0.1:8080。

您正在使用 apache 設置反向代理,網路流量如下所示:

Gitlab ( http://127.0.0.1:8080 ) -> Apache 反向代理 -> https://gitlab.my-domain.com/

所以在你的 Gitlab 配置文件中,改變

port: 443

port: 8080

引用自:https://serverfault.com/questions/1052079