We have a gitlab instance that is running in a private subnet in AWS. For some of our projects we need to be able to clone them and execute some pull commands from outside our network. We want to control the acces to this repositories through haproxy and give restricted acces to them. We are cloning them through https, so we do not need ssh trafic forward for them. The problem is that i have setup the rules to fwd the request for a specific repository to gitlab but every time i try to login i get :
remote: HTTP Basic: Access denied
fatal: Authentication failed for ...
The rule is something simple like :
use_backend gitlab if { path_beg /path1/path2/repo.git }
Our backend definition looks like :
backend gitlab
mode http
server gitlab git.internal.server:80
Anyone managed to this thing using haproxy ?
Related
Hello I have setup gitlab over docker and I created a repository then added simple readme file. I am trying to access to the repo from other computers in the same network but I cannot. I setup gitlab to this http://gitlab.local:30080/ url. What should I do to clone repo into other computers and work on local server ?
Where did you specify the dns entry for gitlab.local?
you need some DNS Server which is able to resolve gitlab.local to the IP of the host your docker container is running on.
Did you expose the Port from the container to the Host?
you must published the port from docker container to the one port from host.
after do this, if you use a linux OS add the record like this in /etc/hosts file.
192.168.1.10 gitlab.local
if you use a Windows OS add the record into the C:Windows\System32\drivers\etc HostFile
now you can access gitlab with this urlon the any network computer that edit host file an add record above:
http://gitlab.local:30080/
notice: the firewall must be off or add firewall-rule for gitlab and port on any computer that you use
I am trying to clone my bitbucket repository into my private AWS instance but it is giving me a 'network is unreachable' error.
I have successfully established a connection to the private instance using bastion host and I'm able to access it but when I'm trying to git clone my repository it is just timing out with the error:
ssh: connect to host altssh.bitbucket.org port 443: Network is unreachable
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
Are you able to clone git repos from other servers, if yes, then it can be because of Security Group rule between the instance and Git is not in place or the Firewalld service running at the OS level
You can use telnet command to troubleshoot the issue further from the instance you are trying to clone git repo
telnet altssh.bitbucket.org 443
When Using git clone, I come into an error.
Here is the command and the error information.
[user#linux]$ git clone git#github.com:username/repertory.git
FATAL: failed to begin relaying via HTTP.
ssh_exchange_identification: Connection closed by remote host
fatal: Could not read from remote repository.
Please make sure you have the correct access rights and the repository exists.
Except for git#github, git clone https://...... and git clone git://...... works well. So i guess there is something wrong with ssh protocal, then i checked ssh.
[user#linux]$ ssh -T git#github.com
Hi username! You've successfully authenticated, but GitHub does not provide shell access.
It seems that I can connect to github through ssh protocol properly. But what's wrong with git clone through ssh?
This error message comes from connect.c from SSH
It is a SSH Proxy Command -- connect.c, the simple relaying command to make network connection via SOCKS and https proxy: You can make SSH session beyond the firewall with this command.
So check if such a connection is needed: it could very well be needed if you are in an enterprise, behind firewall, but in that case do contact your IT support team to check the validity/approval of such a solution.
And that error message indicates that even this SSH mode (relay through https proxy) might be blocked.
If you are not in an enterprise setting, and don't need proxy, do remove them (HTTPS(S)/PROXY) from your environment variables and your git config file.
If you're using a Proxy, many corporate firewalls block access to the CONNECT method on ports other than 443. GitHub operates an SSH server listening on port 443, using the host "ssh.github.com".
First, configure your SSH ~/.ssh/config with the following:
Host github.com, ssh.github.com
User git
Hostname ssh.github.com
Port 443
ProxyCommand socat - PROXY:localhost:%h:%p,proxyport=3128
in the example above I'm assuming you're running a web proxy on host localhost and port 3128 (e.g. cntlm).
You may also substitute socat with nc or connect-proxy with slightly different syntax.
Test with:
ssh -T git#ssh.github.com
Hi username! You've successfully authenticated, but GitHub does not provide shell access.
then with:
git clone git#ssh.github.com:username/repository.git
I got a public Gitlab installation running on Nginx and working, and i'd like to restrict its access to a whitelist of IP adresses.
I've tried to add a basic restriction in nginx like this :
location #gitlab {
allow 127.0.0.1;
allow XXX.XXX.XXX.XXX;
deny all;
...
}
It kinda works as only allowed IPs can get through gitlab's web interface.
But when it comes to push stuff from these allowed IPs, i got this error :
Pushing to http://my.server:port/myrepo.git
POST git-receive-pack (451 bytes)
remote: GitLab: API is not accesible
To http://my.server:port/myrepo.git
! [remote rejected] master -> master (pre-receive hook declined)
error: failed to push some refs to 'http://my.server:port/myrepo.git'
Weird. I also tried using ngx_http_geo_module, with the same result.
Can someone know how to get this done ?
Thanks
Ok, after looking at gitlab_error.log, i figured out that i also had to whitelist my server's public IP too :
[error] 13629#0: *380 access forbidden by rule, client: YYY.YYY.YYY.YYY, server: my.server, request: "POST //api/v3/internal/allowed HTTP/1.1", host: "my.server:port"
So in the end, my nginx config looks like this, and everything's now fine :
location #gitlab {
allow 127.0.0.1;
allow XXX.XXX.XXX.XXX;
allow YYY.YYY.YYY.YYY;
deny all;
...
}
Simple as that ...
Don't know if it's a bug or something as i'm using an old 7.6 version of gitlab. I'll run an update soon and will check this out.
I've got a private Git repo on GitHub and I have setup SSH connections between my server and github.com. I can pull my app from GitHub successfully on to the server but when I visit my app URL I get a '500 Internal Server Error'. My host suggests that this is to do with ownership problems.
So my question is this, if I am logged in to my server via SSH as root, and I do a pull request, how can I make sure that the ownership of the files on the server are correct.
Thanks