I have recently updated GitLab to version 7.14, and when I run
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production
I get the following error
Check GitLab API access: FAILED: Failed to connect to internal API
gitlab-shell self-check failed
Try fixing it:
Make sure GitLab is running;
Check the gitlab-shell configuration file:
sudo -u git -H editor /home/git/gitlab-shell/config.yml
Please fix the error above and rerun the checks.
I have gitlab running behind a reverse proxy with the following rules set up
DNAT net loc:192.168.122.38:22 tcp 2227 - <externalip>
DNAT net loc:192.168.122.38:80 tcp 2280 - <externalip>
DNAT net loc:192.168.122.38:443 tcp 2443 - <externalip>
and gitlab-shell/config.yml looks like
GitLab user. git by default
user: git
# Url to gitlab instance. Used for api calls
gitlab_url: "https://<external_url>:2443/"
# Repositories path
repos_path: "/home/git/repositories"
# File used as authorized_keys for gitlab user
auth_file: "/home/git/.ssh/authorized_keys"
ssh_port: 2227
self_signed_cert: true
Based on the configuration you have described the issue is that gitlab-shell is trying to access GitLab at https://:2443. However, you point out that only ports 22, 80 and 443 are proxied. You need to adjust your gitlab-shell configuration so it either points at localhost at an appropriate port or at port 443 on the external URL.
Related
When Using git clone, I come into an error.
Here is the command and the error information.
[user#linux]$ git clone git#github.com:username/repertory.git
FATAL: failed to begin relaying via HTTP.
ssh_exchange_identification: Connection closed by remote host
fatal: Could not read from remote repository.
Please make sure you have the correct access rights and the repository exists.
Except for git#github, git clone https://...... and git clone git://...... works well. So i guess there is something wrong with ssh protocal, then i checked ssh.
[user#linux]$ ssh -T git#github.com
Hi username! You've successfully authenticated, but GitHub does not provide shell access.
It seems that I can connect to github through ssh protocol properly. But what's wrong with git clone through ssh?
This error message comes from connect.c from SSH
It is a SSH Proxy Command -- connect.c, the simple relaying command to make network connection via SOCKS and https proxy: You can make SSH session beyond the firewall with this command.
So check if such a connection is needed: it could very well be needed if you are in an enterprise, behind firewall, but in that case do contact your IT support team to check the validity/approval of such a solution.
And that error message indicates that even this SSH mode (relay through https proxy) might be blocked.
If you are not in an enterprise setting, and don't need proxy, do remove them (HTTPS(S)/PROXY) from your environment variables and your git config file.
If you're using a Proxy, many corporate firewalls block access to the CONNECT method on ports other than 443. GitHub operates an SSH server listening on port 443, using the host "ssh.github.com".
First, configure your SSH ~/.ssh/config with the following:
Host github.com, ssh.github.com
User git
Hostname ssh.github.com
Port 443
ProxyCommand socat - PROXY:localhost:%h:%p,proxyport=3128
in the example above I'm assuming you're running a web proxy on host localhost and port 3128 (e.g. cntlm).
You may also substitute socat with nc or connect-proxy with slightly different syntax.
Test with:
ssh -T git#ssh.github.com
Hi username! You've successfully authenticated, but GitHub does not provide shell access.
then with:
git clone git#ssh.github.com:username/repository.git
I tried to change port number on these files. But when I run gitlab-ctl reconfigure for updating. I can't access my link (http://myaddress.example:8790) Those files which I changed are:
/var/opt/gitlab/gitlab-rails/etc/gitlab.yml
/opt/gitlab/embedded/conf/nginx.conf
/opt/gitlab/embedded/cookbooks/gitlab/attributes/default.rb
/opt/gitlab/embedded/service/gitlab-rails/config/gitlab.yml
/var/opt/gitlab/nginx/conf/gitlab-http.conf
In /etc/gitlab/gitlab.rb I change external_url "http://myaddress.example:8790"
How can I fix it?
Using GIT_LAB_PATH as you gitlab base directory (the root where is it installed)
Modify GIT_LAB_PATH/gitlab/gitlab.yml
## GitLab settings
gitlab:
## Web server settings
host: HOSTNAME
port: HTTP_PORT
https: false
If you use non-standard ssh port you need to specify it
ssh_port: SSH_PORT
Modify GIT_LAB_PATH/gitlab-shell/config.yml to use the new HTTP port:
Url to gitlab instance. Used for api calls. Should end with a slash.
gitlab_url: "http://HOSTNAME:HTTP_PORT/"
Modify /etc/nginx/sites-available/gitlab
listen *:HTTP_PORT default_server; # e.g., listen 192.168.1.1:80; In most cases *:80 is a good idea
Modify /etc/ssh/sshd_config
What ports, IPs and protocols we listen for
Port SSH_PORT
Restart SSH, restart GitLab, restart nginx:
sudo service ssh restart
sudo service gitlab restart
sudo service nginx restart
Test GitLab:
sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production
Update the remote origins for your repos to use the new port:
ssh://git#HOSTNAME:HTTP_PORT/repo_name
Dear all I missing open port in firewall
I type it on linu terminal
/etc/init.d/iptables stop
It worked
I am unable to add a backend server because the health check fails with log message
Health check for server mule/muleapp failed, reason: Layer4 connection
problem, info: "General socket error (Permission denied)", check
duration: 0ms, status: 0/2 DOWN.
I am however able to telnet into the same IP and host. And adding other backends works. I do not see what permission issue is. My configuration is very simplistic
backend mule
balance roundrobin
server muleapp x.x.x.x:64006 check
(substitute x with any number). I am running in HTTP mode. It should be noted that connecting to a local TCPMon port also does not work - but then there is not health check log statements.
The problem is SELinux only allowing the web server to make outbound connections to a limited set of ports.
Fixed by doing:
semanage port --add --type http_port_t --proto tcp 8001
after installing semanage with
yum install policycoreutils-python
Reference: https://serverfault.com/questions/654599/weird-interaction-with-systemctl-with-haproxy-on-centos-7
In SELinux you can easily allow haproxy to connect to all remote backend ports:
getsebool haproxy_connect_any # by default 0
setsebool -P haproxy_connect_any 1
This works immediately without haproxy restart.
I'm using node.js for my webserver, and I would like forever (or something like it) to run the server.
I'm also using git to manage the website. I have a bare repository on the server that I can push to/pull from on my local machine. I would like the repository to do three things when I push to it.
CD to my working directory (on the server)
Have the working directory pull from the bare repo
Restart the running webserver.
The following script seems like it's what I should use as a post-receive hook in my bare repo.
cd ~/site
git pull
sudo forever stopall
sudo forever start main.js
However, I don't think it's smart to have the git hook use sudo like that. The script needs elevated to run on port 80.
How should I be doing this? What should my git post-receive look like?
Thanks!
Well, for my particular case, it turns out I shouldn't be running node as a super user for security reasons. I wanted it to be elevated to run on port 80, but it didn't need to be elevated to run on port 8000.
So I forwarded port 80 to port 8000, and now am running node on port 8000. It still works identically to how it did before.
The command that I used in particular to forward port 80 to 8000 is
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8000
I've recently installed the GIT on a Rackspace cloud server. The installation was done through the Fedora EPEL packages.
In my IPTables I've added the accept for port 9418:
-A INPUT -p tcp -m tcp --dport 9418 -j ACCEPT
Now on the server when I go to clone a repositary, I get this error.
git clone git://www_dev.####.com/public
Cloning into public...
fatal: Unable to look up www_dev.#####.com (port 9418) (Name or service not known)
Does anyone have an idea of what is causing this error?
Your DNS server can't resolve www_dev.####.com to an IP. If you can find the IP, add an entry to /etc/hosts and see if it works then. If so, you'll need to find a DNS server that knows that host name or else get it registered with a DNS server yourself.