search

NixOS / nixpkgs

Nix Packages collection & NixOS
MIT License
17.93k stars 13.96k forks source link

gitlab not working #56350

Closed locallycompact closed 2 weeks ago

locallycompact commented 5 years ago

Issue description

can't access gitlab on port 8080, says

This site can’t be reached localhost refused to connect.

Steps to reproduce

services.gitlab.enable = true; services.gitlab.databasePassword = "insecure"; services.gitlab.secrets.db = "insecure"; services.gitlab.secrets.otp = "insecureinsecureinsecureinsecureinsecure"; services.gitlab.secrets.secret = "insecureinsecureinsecureinsecureinsecure"; services.gitlab.initialRootPassword = "insecure"; services.gitlab.secrets.jws = " -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAn9Az/4nzBeAc1evJxo5TwNXq9frp2yeYAxLh7OSnym/93h6A rR6ZcjdFounDzFpH/CSL2jHDRBVqCvSYShzTZovbIWsd/YcghwZqpgTFb7UgKq1I qTJcETrj8cPRZpQoFQIzfJq0DOpqJlh/2e2RT/9mUof2U6xh+uz0nFZhGKe1L1K8 qfVE6fhUeJBLEa1INFoI28c3vWFuMLC7g491s/+F1NgqYb3FtH78ihM2vCsH8ROj QYf8I9ojmG7zA7W96HFVT1sx4Hhc3O9vVbypMRL0bhBvXqYyxauHJJxREMhZxPe5 uZ2zvgnrVeVf1NKbUp0tjIXrmJOMipt1hdQ0NwIDAQABAoIBAQCHlEu43CB3eJUe CwZIU9DMBO9rtW2WRjXZTbirj6SlwnL+cKQ7unz1f9ytBGLeyCzPxXV8K8F7zisD llRoc6IJGldSN5zezDeVNaVeqSeSyHe8nPvKxvWCjJJ7NeQ9gS2r/Q0PBfQADRL2 6xe0G66uzn7RP5WDkPgit8oho8qF7dI+9E3hJYjRqe3KLNmGfrMsrRzfTeqkK/lh /kfPXw+NWhiRk9+4wuzJ5A/W8EdUw8K5SMzEiDY5M0HU87gRT7bpZZMdrGIXaC9Q PXpbk3HAAzZ4VTuS0FULe42HL1Pd8Ncp17aHRxiTlJoAegmMBxkARmLXA5Nw2nt/ BSJvbxtBAoGBAMqq6DuSkuudMALNpQ7Gg5VTEdD58KOaqadVfSclt/VlCyVnebS0 ZSPL6TFsC3aSI/plUIMQSYQAA8a+DJSYMOdh9iSF+wBi+UOqGLocClvTb2CbuQUG CIIsqVC68N6vocmi98eEXcOYMFnIfRpH8ciP3ySanbw3YCMt/RcTP65XAoGBAMne VTNSKqilib4+VvA7YMJ6XP2l/uwy7oZvrlyDH8zCCd/+XTS18ujXFHPWGF8MSF+P Lk1XcTTQBEOJgDbmeczbBmNvEm0U0ZxNY31BCWzW33uo6/HOr+C7oYeBtJFgBPDz cytlCmFgScCH29xEDCaKZ9zytMsUgEfIwTCeDD0hAoGACApPvE1MVtydkv7llXh6 r+njww6nZVY1dNYHaQ4uBiZEEu/P/ENL3+evEK7gpYuWsdBjKU/0GrCFddUEWsDO 798LDNfj5VgH249b+8YxAwOYX5TN+k0K+V8cOH+yHqOJH56/hcLSlXfsMyOpEunX xcUvbRxVNapcvgiNCeVRmXECgYB2fjha0J9TsR+ieStFBkWswnC1PuvdL6RNa17Y 1OskoL11KvUBDNBSFnXd7M0PdcFBvmT6Zxp/Wp82GY8WKsFSGzqrwTX6q57Cdbax fiyPI625A5XDsYQRkXGmfd9E+izMVsrCrSOjtwZzqgvHRnYvZUzEJ/8xuY33FQM5 i3w5oQKBgARU6GacQvN/OTu+6GGL0t5LdY64rnGEnUrCiqMh5wtad3i5pk8qPJfT BVJE84beeWHUl4V3/hIl6Cb48s/KPAfKRsI+6sVjte8o2yRadUr8ovXvFVzpLcPz cP0/Xa9VRD0THgneeHprKqflbfdMEChn1sow+cuRtF8++aRVXgfq -----END RSA PRIVATE KEY----- ";

Technical details

locallycompact commented 5 years ago

Update: I was able to get a little bit further by using this example from the nixpkgs test suite

  services.nginx = {
    enable = true;
    recommendedProxySettings = true;
    virtualHosts = {
      "localhost" = {
        locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
      };
    };
  };

  services.gitlab = {
    enable = true;
    databasePassword = "dbPassword";
    initialRootPassword = "notproduction";
    smtp.enable = true;
    secrets = {
      secret = "secret";
      otp = "otpsecret";
      db = "dbsecret";

      # nix-shell -p openssl --run "openssl genrsa 2048"
      jws = ''
        -----BEGIN RSA PRIVATE KEY-----
        MIIEpAIBAAKCAQEA13/qEio76OWUtWO0WIz9lWnsTWOU8Esv4sQHDq9PCEFsLt21
        PAXrlWhLjjWcxGfsrDwnh7YErGHYL62BMSxMdFJolaknlQK/O/V8UETDe45VoHM+
        Znk270RfUcfYFgiihnXUZXVmL0om9TsQSk646wCcjCY9LxtxUyKNhvT7KjgYw2aX
        z34aw7M+Js3T2p1TjZPSC82GtmtKkJEKFMi5EjprLTDE7EdcUzr9Xuw+kQ+gRm9k
        7FE+JQqSoprwE3Q0v2OAn3UhLMgg0gNFRnsc5l6IAshDzV+H22RPqKKlJjVjjfPY
        0TQSvYLVApigHbDPH0BoCXfjFfQazbbP3OUHrwIDAQABAoIBAQCMU+tkcMQaYIV5
        qLdjgkwO467QpivyXcOM8wF1eosIYTHFQvIlZ+WEoSmyLQ8shlADyBgls01Pw1c3
        lNAv6RzQEmmwKzpvOh61OKH+0whIiOMRXHoh2IUBQZCgfHYlwvGyhUAN4WjtGmhM
        AG4XNTQNM5S9Xpkw97nP3Qwz+YskbbkrfqtCEVy9ro+4nhbjqPsuO3adbnkva4zR
        cyurRhrHgHU6LPjn5NHnHH4qw2faY2oAsL8pmpkTbO5IqWDvOcbjNfjVPgVoq26O
        bbaa1qs4nmc80qQgMjRPJef535xyf3eLsSlDvpf6O8sPrJzVR1zaqEqixpQCZDac
        +kRiSBrhAoGBAOwHiq0PuyJh6VzBu7ybqX6+gF/wA4Jkwzx6mbfaBgurvU1aospp
        kisIonAkxSbxllZMnjbkShZEdATYKeT9o5NEhnU4YnHfc5bJZbiWOZAzYGLcY7g8
        vDQ31pBItyY4pFgPbSpNlbUvUsoPVJ45RasRADDTNCzMzdjFQQXst2V9AoGBAOm7
        sSpzYfFPLEAhieAkuhtbsX58Boo46djiKVfzGftfp6F9aHTOfzGORU5jrZ16mSbS
        qkkC6BEFrATX2051dzzXC89fWoJYALrsffE5I3KlKXsCAWSnCP1MMxOfH+Ls61Mr
        7pK/LKfvJt53mUH4jIdbmmFUDwbg18oBEH+x9PmbAoGAS/+JqXu9N67rIxDGUE6W
        3tacI0f2+U9Uhe67/DTZaXyc8YFTlXU0uWKIWy+bw5RaYeM9tlL/f/f+m2i25KK+
        vrZ7zNag7CWU5GJovGyykDnauTpZaYM03mN0VPT08/uc/zXIYqyknbhlIeaZynCK
        fDB3LUF0NVCknz20WCIGU0kCgYEAkxY0ZXx61Dp4pFr2wwEZxQGs7uXpz64FKyEX
        12r6nMATY4Lh6y/Px0W6w5vis8lk+5Ny6cNUevHQ0LNuJS+yu6ywl+1vrbrnqroM
        f3LvpcPeGLSoX8jl1VDQi7aFgG6LoKly1xJLbdsH4NPutB9PgBbbTghx9GgmI88L
        rPA2M6UCgYBOmkYJocNgxg6B1/n4Tb9fN1Q/XuJrFDE6NxVUoke+IIyMPRH7FC3m
        VMYzu+b7zTVJjaBb1cmJemxl/xajziWDofJYPefhdbOVU7HXtmJFY0IG3pVxU1zW
        3bmDj5QAtCUDpuuNa6GEIT0YR4+D/V7o3DmlZ0tVIwKJmVJoQ2f5dw==
        -----END RSA PRIVATE KEY-----
      '';
    };
  };

now I can navigate to localhost and I see a 502 error from gitlab itself that reads

Whoops, GitLab is taking too much time to respond.
Try refreshing the page, or going back and attempting the action again.

Please contact your GitLab administrator if this problem persists.
devhell commented 5 years ago

From my own experience, how much time have you given Gitlab to "get ready" after you've seen the 502? The reason is that I've seen it take up to a minute or two to get ready. Refreshing the page after that time usually gets a 200.

locallycompact commented 5 years ago

@devhell 502 seems to still persist no matter how long I wait.

chkno commented 4 years ago

Information about gitlab's startup progress is visible in journalctl:

$ journalctl | egrep -c 'gitlab|unicorn|workhorse|sidekiq'
135

I see six minutes pass between the initial systemd: Started gitlab-workhorse.service. and the final unicorn: INFO -- : master process ready that indicates gitlab is ready to respond to web requests. (Upstream issue about slow startup: https://gitlab.com/gitlab-org/gitlab/issues/17721 )

Post the output from journalctl | egrep 'gitlab|unicorn|workhorse|sidekiq , which ought to have more information about what the trouble was?

stale[bot] commented 4 years ago

Hello, I'm a bot and I thank you in the name of the community for opening this issue.

To help our human contributors focus on the most-relevant reports, I check up on old issues to see if they're still relevant. This issue has had no activity for 180 days, and so I marked it as stale, but you can rest assured it will never be closed by a non-human.

The community would appreciate your effort in checking if the issue is still valid. If it isn't, please close it.

If the issue persists, and you'd like to remove the stale label, you simply need to leave a comment. Your comment can be as simple as "still important to me". If you'd like it to get more attention, you can ask for help by searching for maintainers and people that previously touched related code and @ mention them in a comment. You can use Git blame or GitHub's web interface on the relevant files to find them.

Lastly, you can always ask for help at our Discourse Forum or at #nixos' IRC channel.

teto commented 2 weeks ago

feel free to reopen. Closing because old