Gitlab 8 with nginx proxy can't download a zip, clone a public repo as guest, can't build in CI either

Question

I think all 3 problems are related to the same issue, so I'm going to put all of them here.

Gitlab itself is working, I even managed to update it from 8.2.2 to 8.2.3. I can create projects, push my code, pull it, reclone it when I have the proper ssh key, etc.

BUT:

1. I can't download the code as zip file, got a JSON instead:

{"RepoPath":"/var/opt/gitlab/git-data/repositories/me/myrepo.git", "ArchivePrefix": "...

2. People can't clone my public repo (empty repository error).

3. CI can't build my tests:

warning: You have cloned an empty repository. Checking out 12345 as develop... fatal: reference is not a tree : 123456789mycommithash987654321

ERROR: Build failed with: exit status 1

NB: I Translated error messages from French ones.

I suppose the problem is in my Nginx configuration, but there is so much documentation I'm not sure which one is the good one: the ones with the workhorse, the ones when I have to change gitlab.rb's gitlab_git_http_server, etc.

My configuration is following:

• Gitlab 8.2.3
• Ubuntu Trusty (14.04)
• Nginx 1.8

My gitlab is hosted on a subdomain using SLL so I added a Nginx proxy

/etc/gitlab/gitlab.rb:

external_url 'https://gitlab.mydomain.com'
nginx['listen_addresses'] = ['127.0.0.1', "[::1]"]
nginx['listen_port'] = 8080 
nginx['listen_https'] = false 

/etc/nginx/site_enabled/gitlab:

server {
  listen *:80 default_server;
  listen [::]:80 ipv6only=on default_server;
  server_name gitlab.mydomain.com;
  return 301 https://$server_name$request_uri;

  access_log  /var/log/nginx/gitlab_access.log;
  error_log   /var/log/nginx/gitlab_error.log;
}

server{
  # listen 443 ssl;
  listen 0.0.0.0:443 ssl default_server;
  listen [::]:443 ipv6only=on ssl default_server; 
  server_name gitlab.mydomain.com;
  server_tokens off;

  location /{
    proxy_pass http://localhost:8080;
    proxy_redirect off;
    proxy_set_header    Host                $http_host;
    proxy_set_header    X-Real-IP           $remote_addr;
    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto   $scheme;
  }

  location ~ ^/(assets)/ {
    root /opt/gitlab/embedded/service/gitlab-rails/public;
    gzip_static on; # to serve pre-gzipped version
    expires max;
    add_header Cache-Control public;
  }

  client_max_body_size 250m;

  # ...
  # A lot a of SSL stuff (HSTS, OCSP, dhparam, etc)
  # ...

  access_log  /var/log/nginx/gitlab_access.log;
  error_log   /var/log/nginx/gitlab_error.log;
  
  error_page 502 /502.html;

UPDATE :

Just upgraded Gilab to 8.3.0.

Git a 502 now.

Applying : https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/update/8.2-to-8.3.md.

We'll see.

UPDATE 2:

Did not finish instructions after all, stop everything and restarting everything twice (Gitlab and Nginx) Finally managed to get the thing working.

Still same problems with CI/Zip/PublicCloning tough.

UPDATE 3:

Just update to 8.2.3 apt-get update apt-get install gitlab-ce

502.

restart nginx gitlab-ctl restart

gitlab-rake gitlab:app:check

Checking GitLab ...

Git configured with autocrlf=input? ... yes
Database config exists? ... yes
Database is SQLite ... no
All migrations up? ... yes
Database contains orphaned GroupMembers? ... no
GitLab config exists? ... yes
GitLab config outdated? ... no
Log directory writable? ... yes
Tmp directory writable? ... yes
Uploads directory setup correctly? ... yes
Init script exists? ... skipped (omnibus-gitlab has no init script)
Init script up-to-date? ... skipped (omnibus-gitlab has no init script)
projects have namespace: ... 

Redis version >= 2.8.0? ... yes
Ruby version >= 2.1.0 ? ... yes (2.1.7)
Your git bin path is "/opt/gitlab/embedded/bin/git"
Git version >= 1.7.10 ? ... yes (2.6.1)
Active users: 2

Checking GitLab ... Finished

---

If someone can lead me to the proper documentation or changes to be made that would be awesome.

Answer 1

A beggining but not all of it:

I mistakenly made Gitlab's nginx listen to 8080 port. When it's already the port used by Gitlab's Unicorn.

Changing it to 8081 made the CI better responding. Still have to solve git user right (or better, use docker) but that's not a direct issue of what matters here...

UPDATE: Complete Solution - ACLs

Seems git and gitlab-runner users that are created during install process do have enough rights.

First: Create a real home for each : /home/gitlab-runner, /home/git with proper ssh authorized_keys, and rbenv + ruby installs.

Then: vim /etc/passwd and change there home directory for the new home, where they have full rights. Now my builds are green !

Answer 2

The update documentation is missing an item: it renames gitlab-git-http-server to gitlab-workhorse in nginx configuration, but it partially misses /etc/default/gitlab. Replace all occurrences of gitlab-git-http-server with gitlab-workhorse there as well, especially the socket in gitlab_workhorse_options.

Something like

sed -i -e 's/gitlab-git-http-server/gitlab-workhorse/g' /etc/default/gitlab

Answer 3

It looks as though downloading of ZIP-Files is now handled by the gitlab-workhorse.

For that there's some extra stuff in the nginx-configfile. You might want to have a look at https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/support/nginx/gitlab where there is a section

upstream gitlab-workhorse {
  server unix:/home/git/gitlab/tmp/sockets/gitlab-workhorse.socket fail_timeout=0;
}

and a

proxy_pass http://gitlab-workhorse;

at the end of the configuration.

I'm currently digging into the same issue and will report back, when I've solved it.

Answer 4

take a look at https://gist.github.com/sameersbn/becd1c976c3dc4866ef8 it seems that there is a option 'gzip' that can been turn off.

gzip                    off;

at line 53.