search

sameersbn / docker-gitlab

Dockerized GitLab
http://www.damagehead.com/docker-gitlab/
MIT License
7.9k stars 2.14k forks source link

mail_room fails to start after upgrade to 11.9.1 #1891

Open cvillfon opened 5 years ago

cvillfon commented 5 years ago

After upgrading from 11.5.3 to 11.9.1 mail_room fails to start. I'm running behind a reverse proxy (haproxy) which takes care of SSL, so I set GITLAB_HTTPS="true" but no other SSL configuration. The error message in mail_room.log is:

certificate verify failed (unable to get local issuer certificate) (OpenSSL::SSL::SSLError)

chess-seventh commented 5 years ago

I have updated as well to version 11.9.1.

I am having a similar issue with the __mail_room__ module, this is the output the docker container gives me.

2019-04-03 10:19:35,235 INFO exited: mail_room (exit status 1; not expected)
2019-04-03 10:19:37,239 INFO spawned: 'mail_room' with pid 753
2019-04-03 10:19:37,712 INFO exited: mail_room (exit status 1; not expected)
2019-04-03 10:19:40,716 INFO spawned: 'mail_room' with pid 760
2019-04-03 10:19:41,198 INFO exited: mail_room (exit status 1; not expected)
2019-04-03 10:19:41,702 INFO gave up: mail_room entered FATAL state, too many start retries too quickly

I have set the GITLAB_HTTPS=true as well. The SSL certificates are handled by Traefik in Docker-Swarm. I just saw this "error" when adding the feature to send issues by mail. In my configuration I have simply added the following environment to the docker-compose.yml

- GITLAB_INCOMING_EMAIL_ENABLED=true
- GITLAB_INCOMING_EMAIL_ADDRESS=gitlab+%{key}@mydomain.org
- IMAP_USER=gitlab@mydomain.org
- IMAP_PASS=USER_PASSWORD
- IMAP_ENABLED=true
- IMAP_HOST=mail.mydomain.org
- SMTP_USER=gitlab@mydomain.org
- SMTP_PASS=USER_PASSWORD
- SMTP_ENABLED=true
- SMTP_DOMAIN=mydomain.org
- SMTP_HOST=mail.mydomain.org

I host (on the same machine) the a docker-compose with a mail server.

Initially after the update, I first went in the gitlab container I found this in the mail_room.log:

$  cat log/mail_room.log
/usr/lib/ruby/2.5.0/socket.rb:227:in `getaddrinfo': getaddrinfo: Temporary failure in name resolution (SocketError)
        from /usr/lib/ruby/2.5.0/socket.rb:227:in `foreach'
        from /usr/lib/ruby/2.5.0/socket.rb:631:in `tcp'
        from /usr/lib/ruby/2.5.0/net/imap.rb:1132:in `tcp_socket'
        from /usr/lib/ruby/2.5.0/net/imap.rb:1089:in `initialize'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/connection.rb:74:in `new'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/connection.rb:74:in `imap'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/connection.rb:84:in `log_in'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/connection.rb:68:in `setup'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/connection.rb:8:in `initialize'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/mailbox_watcher.rb:57:in `new'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/mailbox_watcher.rb:57:in `connection'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/mailbox_watcher.rb:28:in `run'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/coordinator.rb:19:in `each'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/coordinator.rb:19:in `run'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/cli.rb:52:in `start'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/bin/mail_room:5:in `<top (required)>'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/bin/mail_room:23:in `load'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/bin/mail_room:23:in `<main>'

/usr/lib/ruby/2.5.0/socket.rb:227:in `getaddrinfo': getaddrinfo: Temporary failure in name resolution (SocketError)
        from /usr/lib/ruby/2.5.0/socket.rb:227:in `foreach'
        from /usr/lib/ruby/2.5.0/socket.rb:631:in `tcp'
        from /usr/lib/ruby/2.5.0/net/imap.rb:1132:in `tcp_socket'
        from /usr/lib/ruby/2.5.0/net/imap.rb:1089:in `initialize'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/connection.rb:74:in `new'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/connection.rb:74:in `imap'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/connection.rb:84:in `log_in'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/connection.rb:68:in `setup'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/connection.rb:8:in `initialize'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/mailbox_watcher.rb:57:in `new'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/mailbox_watcher.rb:57:in `connection'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/mailbox_watcher.rb:28:in `run'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/coordinator.rb:19:in `each'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/coordinator.rb:19:in `run'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/cli.rb:52:in `start'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/bin/mail_room:5:in `<top (required)>'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/bin/mail_room:23:in `load'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/bin/mail_room:23:in `<main>'

/usr/lib/ruby/2.5.0/socket.rb:227:in `getaddrinfo': getaddrinfo: Temporary failure in name resolution (SocketError)
        from /usr/lib/ruby/2.5.0/socket.rb:227:in `foreach'
        from /usr/lib/ruby/2.5.0/socket.rb:631:in `tcp'
        from /usr/lib/ruby/2.5.0/net/imap.rb:1132:in `tcp_socket'
        from /usr/lib/ruby/2.5.0/net/imap.rb:1089:in `initialize'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/connection.rb:74:in `new'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/connection.rb:74:in `imap'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/connection.rb:84:in `log_in'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/connection.rb:68:in `setup'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/connection.rb:8:in `initialize'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/mailbox_watcher.rb:57:in `new'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/mailbox_watcher.rb:57:in `connection'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/mailbox_watcher.rb:28:in `run'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/coordinator.rb:19:in `each'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/coordinator.rb:19:in `run'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/cli.rb:52:in `start'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/bin/mail_room:5:in `<top (required)>'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/bin/mail_room:23:in `load'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/bin/mail_room:23:in `<main>'
/usr/lib/ruby/2.5.0/socket.rb:227:in `getaddrinfo': getaddrinfo: Temporary failure in name resolution (SocketError)
        from /usr/lib/ruby/2.5.0/socket.rb:227:in `foreach'
        from /usr/lib/ruby/2.5.0/socket.rb:631:in `tcp'
        from /usr/lib/ruby/2.5.0/net/imap.rb:1132:in `tcp_socket'
        from /usr/lib/ruby/2.5.0/net/imap.rb:1089:in `initialize'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/connection.rb:74:in `new'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/connection.rb:74:in `imap'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/connection.rb:84:in `log_in'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/connection.rb:68:in `setup'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/connection.rb:8:in `initialize'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/mailbox_watcher.rb:57:in `new'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/mailbox_watcher.rb:57:in `connection'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/mailbox_watcher.rb:28:in `run'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/coordinator.rb:19:in `each'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/coordinator.rb:19:in `run'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/cli.rb:52:in `start'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/bin/mail_room:5:in `<top (required)>'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/bin/mail_room:23:in `load'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/bin/mail_room:23:in `<main>'

Although I have restarted the container after fixing a minor DNS Resolver issue and found this (almost same as above).

$ cat log/mail_room.log
/usr/lib/ruby/2.5.0/net/protocol.rb:44:in `connect_nonblock': SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate) (OpenSSL::SSL::SSLError)
        from /usr/lib/ruby/2.5.0/net/protocol.rb:44:in `ssl_socket_connect'
        from /usr/lib/ruby/2.5.0/net/imap.rb:1531:in `start_tls_session'
        from /usr/lib/ruby/2.5.0/net/imap.rb:1092:in `initialize'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/connection.rb:74:in `new'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/connection.rb:74:in `imap'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/connection.rb:84:in `log_in'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/connection.rb:68:in `setup'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/connection.rb:8:in `initialize'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/mailbox_watcher.rb:57:in `new'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/mailbox_watcher.rb:57:in `connection'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/mailbox_watcher.rb:28:in `run'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/coordinator.rb:19:in `each'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/coordinator.rb:19:in `run'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/cli.rb:52:in `start'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/bin/mail_room:5:in `<top (required)>'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/bin/mail_room:23:in `load'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/bin/mail_room:23:in `<main>'
/usr/lib/ruby/2.5.0/net/protocol.rb:44:in `connect_nonblock': SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate) (OpenSSL::SSL::SSLError)
        from /usr/lib/ruby/2.5.0/net/protocol.rb:44:in `ssl_socket_connect'
        from /usr/lib/ruby/2.5.0/net/imap.rb:1531:in `start_tls_session'
        from /usr/lib/ruby/2.5.0/net/imap.rb:1092:in `initialize'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/connection.rb:74:in `new'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/connection.rb:74:in `imap'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/connection.rb:84:in `log_in'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/connection.rb:68:in `setup'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/connection.rb:8:in `initialize'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/mailbox_watcher.rb:57:in `new'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/mailbox_watcher.rb:57:in `connection'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/mailbox_watcher.rb:28:in `run'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/coordinator.rb:19:in `each'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/coordinator.rb:19:in `run'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/cli.rb:52:in `start'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/bin/mail_room:5:in `<top (required)>'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/bin/mail_room:23:in `load'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/bin/mail_room:23:in `<main>'
/usr/lib/ruby/2.5.0/net/protocol.rb:44:in `connect_nonblock': SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate) (OpenSSL::SSL::SSLError)
        from /usr/lib/ruby/2.5.0/net/protocol.rb:44:in `ssl_socket_connect'
        from /usr/lib/ruby/2.5.0/net/imap.rb:1531:in `start_tls_session'
        from /usr/lib/ruby/2.5.0/net/imap.rb:1092:in `initialize'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/connection.rb:74:in `new'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/connection.rb:74:in `imap'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/connection.rb:84:in `log_in'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/connection.rb:68:in `setup'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/connection.rb:8:in `initialize'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/mailbox_watcher.rb:57:in `new'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/mailbox_watcher.rb:57:in `connection'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/mailbox_watcher.rb:28:in `run'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/coordinator.rb:19:in `each'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/coordinator.rb:19:in `run'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/cli.rb:52:in `start'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/bin/mail_room:5:in `<top (required)>'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/bin/mail_room:23:in `load'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/bin/mail_room:23:in `<main>'
/usr/lib/ruby/2.5.0/net/protocol.rb:44:in `connect_nonblock': SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate) (OpenSSL::SSL::SSLError)
        from /usr/lib/ruby/2.5.0/net/protocol.rb:44:in `ssl_socket_connect'
        from /usr/lib/ruby/2.5.0/net/imap.rb:1531:in `start_tls_session'
        from /usr/lib/ruby/2.5.0/net/imap.rb:1092:in `initialize'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/connection.rb:74:in `new'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/connection.rb:74:in `imap'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/connection.rb:84:in `log_in'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/connection.rb:68:in `setup'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/connection.rb:8:in `initialize'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/mailbox_watcher.rb:57:in `new'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/mailbox_watcher.rb:57:in `connection'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/mailbox_watcher.rb:28:in `run'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/coordinator.rb:19:in `each'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/coordinator.rb:19:in `run'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/lib/mail_room/cli.rb:52:in `start'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/gems/mail_room-0.9.1/bin/mail_room:5:in `<top (required)>'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/bin/mail_room:23:in `load'
        from /home/git/gitlab/vendor/bundle/ruby/2.5.0/bin/mail_room:23:in `<main>'

After running this command to see if the container could see the certificates: openssl s_client -connect mail.mydomain.org:443 -showcerts < /dev/null

I get this:

CONNECTED(00000003)
depth=0 CN = TRAEFIK DEFAULT CERT
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = TRAEFIK DEFAULT CERT
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:/CN=TRAEFIK DEFAULT CERT
   i:/CN=TRAEFIK DEFAULT CERT
-----BEGIN CERTIFICATE-----
REDACTED
-----END CERTIFICATE-----
---
Server certificate
subject=/CN=TRAEFIK DEFAULT CERT
issuer=/CN=TRAEFIK DEFAULT CERT
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 1449 bytes and written 431 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: REDACTED
    Session-ID-ctx:
    Master-Key: REDACTED
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket: REDACTED
    Start Time: 1554291689
    Timeout   : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)
---
DONE

It doesn't receive them... I

I have tried in adding this to the `docker-compose.yml' file:

extra_hosts:
- "mail.mydomain.org:IP_LOCAL_DNS"

or

extra_hosts:
- "mail.mydomain.org:TRAEFIK_INTERNAL_IP"

But still no success when running the openssl command. And the issue with __mail_room__ still comes up. Although I get a result when making a curl -vvv http://mail.mydomain.org:

curl -vvv https://mail.mydomain.org
* Rebuilt URL to: https://mail.mydomain.org/
*   Trying IP_LOCAL_DNS...
* Connected to mail.mydomain.org (IP_LOCAL_DNS) port 443 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 592 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
*        server certificate verification OK
*        server certificate status verification SKIPPED
*        common name: mail.mydomain.org (matched)
*        server certificate expiration date OK
*        server certificate activation date OK
*        certificate public key: RSA
*        certificate version: #3
*        subject: CN=mail.mydomain.org
*        start date: Tue, 02 Apr 2019 12:24:26 GMT
*        expire date: Mon, 01 Jul 2019 12:24:26 GMT
*        issuer: C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3
*        compression: NULL
* ALPN, server accepted to use http/1.1
> GET / HTTP/1.1
> Host: mail.mydomain.org
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Cache-Control: no-store, no-cache, must-revalidate, max-age=0
< Cache-Control: post-check=0, pre-check=0
< Content-Type: text/html; charset=utf-8
< Date: Wed, 03 Apr 2019 12:42:00 GMT
< Expires: Mon, 26 Jul 1997 05:00:00 GMT
< Last-Modified: Wed, 03 Apr 2019 12:42:00 GMT
< Pragma: no-cache
< Server: RainLoop
< Vary: Accept-Encoding
< Content-Length: 1479
<
<!DOCTYPE html><html class="...

Thanks.

wflanagan commented 5 years ago

12.2.5 has this problem after upgrade from 11.11.0 as well.

asifhisam commented 5 years ago

After upgrade 12.2.5, mail_room failed to start. Following is the log:

from /usr/lib/ruby/2.6.0/net/protocol.rb:44:in "ssl_socket_connect" from /usr/lib/ruby/2.6.0/net/imap.rb:1533:in "start_tls_session" from /usr/lib/ruby/2.6.0/net/imap.rb:1092:in "initialize" from /home/git/gitlab/vendor/bundle/ruby/2.6.0/gems/mail_room-0.9.1/lib/mail_room/connection.rb:74:in "new" from /home/git/gitlab/vendor/bundle/ruby/2.6.0/gems/mail_room-0.9.1/lib/mail_room/connection.rb:74:in "imap" from /home/git/gitlab/vendor/bundle/ruby/2.6.0/gems/mail_room-0.9.1/lib/mail_room/connection.rb:84:in "log_in" from /home/git/gitlab/vendor/bundle/ruby/2.6.0/gems/mail_room-0.9.1/lib/mail_room/connection.rb:68:in "setup" from /home/git/gitlab/vendor/bundle/ruby/2.6.0/gems/mail_room-0.9.1/lib/mail_room/connection.rb:8:in "initialize" from /home/git/gitlab/vendor/bundle/ruby/2.6.0/gems/mail_room-0.9.1/lib/mail_room/mailbox_watcher.rb:57:in "new" from /home/git/gitlab/vendor/bundle/ruby/2.6.0/gems/mail_room-0.9.1/lib/mail_room/mailbox_watcher.rb:57:in "connection" from /home/git/gitlab/vendor/bundle/ruby/2.6.0/gems/mail_room-0.9.1/lib/mail_room/mailbox_watcher.rb:28:in "run" from /home/git/gitlab/vendor/bundle/ruby/2.6.0/gems/mail_room-0.9.1/lib/mail_room/coordinator.rb:19:in "each" from /home/git/gitlab/vendor/bundle/ruby/2.6.0/gems/mail_room-0.9.1/lib/mail_room/coordinator.rb:19:in "run" from /home/git/gitlab/vendor/bundle/ruby/2.6.0/gems/mail_room-0.9.1/lib/mail_room/cli.rb:52:in "start" from /home/git/gitlab/vendor/bundle/ruby/2.6.0/gems/mail_room-0.9.1/bin/mail_room:5:in "<top (required)>" from /home/git/gitlab/vendor/bundle/ruby/2.6.0/bin/mail_room:23:in "load" from /home/git/gitlab/vendor/bundle/ruby/2.6.0/bin/mail_room:23:in "<main>" /usr/lib/ruby/2.6.0/net/protocol.rb:44:in "connect_nonblock": SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate) (OpenSSL::SSL::SSLError)

solidnerd commented 5 years ago

Hey,

It seems that your certificate is not correct. I think you have a self signed certificate. You should add your ca to the image ssl ca store.

asifhisam notifications@github.com schrieb am Mi. 25. Sept. 2019 um 08:31:

After upgrade 12.2.5, mail_room failed to start. Following is the log:

from /usr/lib/ruby/2.6.0/net/protocol.rb:44:in "ssl_socket_connect" from /usr/lib/ruby/2.6.0/net/imap.rb:1533:in "start_tls_session" from /usr/lib/ruby/2.6.0/net/imap.rb:1092:in "initialize" from /home/git/gitlab/vendor/bundle/ruby/2.6.0/gems/mail_room-0.9.1/lib/mail_room/connection.rb:74:in "new" from /home/git/gitlab/vendor/bundle/ruby/2.6.0/gems/mail_room-0.9.1/lib/mail_room/connection.rb:74:in "imap" from /home/git/gitlab/vendor/bundle/ruby/2.6.0/gems/mail_room-0.9.1/lib/mail_room/connection.rb:84:in "log_in" from /home/git/gitlab/vendor/bundle/ruby/2.6.0/gems/mail_room-0.9.1/lib/mail_room/connection.rb:68:in "setup" from /home/git/gitlab/vendor/bundle/ruby/2.6.0/gems/mail_room-0.9.1/lib/mail_room/connection.rb:8:in "initialize" from /home/git/gitlab/vendor/bundle/ruby/2.6.0/gems/mail_room-0.9.1/lib/mail_room/mailbox_watcher.rb:57:in "new" from /home/git/gitlab/vendor/bundle/ruby/2.6.0/gems/mail_room-0.9.1/lib/mail_room/mailbox_watcher.rb:57:in "connection" from /home/git/gitlab/vendor/bundle/ruby/2.6.0/gems/mail_room-0.9.1/lib/mail_room/mailbox_watcher.rb:28:in "run" from /home/git/gitlab/vendor/bundle/ruby/2.6.0/gems/mail_room-0.9.1/lib/mail_room/coordinator.rb:19:in "each" from /home/git/gitlab/vendor/bundle/ruby/2.6.0/gems/mail_room-0.9.1/lib/mail_room/coordinator.rb:19:in "run" from /home/git/gitlab/vendor/bundle/ruby/2.6.0/gems/mail_room-0.9.1/lib/mail_room/cli.rb:52:in "start" from /home/git/gitlab/vendor/bundle/ruby/2.6.0/gems/mail_room-0.9.1/bin/mail_room:5:in "<top (required)>" from /home/git/gitlab/vendor/bundle/ruby/2.6.0/bin/mail_room:23:in "load" from /home/git/gitlab/vendor/bundle/ruby/2.6.0/bin/mail_room:23:in "

" /usr/lib/ruby/2.6.0/net/protocol.rb:44:in "connect_nonblock": SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate) (OpenSSL::SSL::SSLError)

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/sameersbn/docker-gitlab/issues/1891?email_source=notifications&email_token=AAGYM3Z6KUS7UT5NR72IZ23QLMASTA5CNFSM4HDGUREKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD7QYX6Q#issuecomment-534875130, or mute the thread https://github.com/notifications/unsubscribe-auth/AAGYM36GWAVHFAZ3S3G62DLQLMASTANCNFSM4HDGUREA .

gopeter commented 5 years ago

I've got the same problem. mail_room doesn't start because of this:

/usr/lib/ruby/2.6.0/net/protocol.rb:44:in "connect_nonblock": SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate) (OpenSSL::SSL::SSLError)

I'm running GitLab behind a load balancer and I'm using officially signed certificates. Running openssl s_client -connect git.mycompany.com:443 -showcerts < /dev/null returns Verify return code: 0 (ok). Email settings are the default ones, since we're using Gmail, so there shouldn't be certificate issues.

solidnerd commented 5 years ago

@gopeter You are using the wrong service. HTTP & SMTP with STARTTLS are different protocols and also services. You need to connect against your targeted mail server. Also what you should do is to execute the steps in your current container.

A correct testing would be something like this:

openssl s_client -connect youmailserverexample.com:25 -starttls smtp -showcerts

The most Mail Providers using Port 587 for Starttls because 25 is mostly blocked by a lot of companies.

openssl s_client -connect youmailserverexample.com:587 -starttls smtp -showcerts

Execute the Commands in the container and post the result here.

gopeter commented 5 years ago

We're using Gmail, so I thought that I don't have to validate their certificates :)

openssl s_client -connect smtp.gmail.com:587 -starttls smtp -showcerts returns Verify return code: 0 (ok) also.

solidnerd commented 5 years ago

I think something is wrong with your configurationpf the can you share your parameters ? I don’t need any credentials

Peter Oesteritz notifications@github.com schrieb am Mi. 2. Okt. 2019 um 14:31:

We're using Gmail, so I thought that I don't have to validate their certificates :)

openssl s_client -connect smtp.gmail.com:587 -starttls smtp -showcerts returns Verify return code: 0 (ok) also.

— You are receiving this because you commented.

Reply to this email directly, view it on GitHub https://github.com/sameersbn/docker-gitlab/issues/1891?email_source=notifications&email_token=AAGYM37TX737JDGIOATW6Y3QMSID3A5CNFSM4HDGUREKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEAESNMQ#issuecomment-537470642, or mute the thread https://github.com/notifications/unsubscribe-auth/AAGYM3YFSFHRPX4K6PFVD2LQMSID3ANCNFSM4HDGUREA .

gopeter commented 5 years ago

For sure!

Here are all of our environment variables:

[
   {
      "key":"GITLAB_UPLOADS_STORAGE_PATH",
      "value":"/home/git/gitlab/public"
   },
   {
      "key":"GITLAB_UNICORN_MEMORY_MAX",
      "value":"524288000"
   },
   {
      "key":"UNICORN_WORKERS",
      "value":"4"
   },
   {
      "key":"NGINX_WORKERS",
      "value":"4"
   },
   {
      "key":"GOOGLE_ANALYTICS_ID",
      "value":"__HIDDEN__"
   },
   {
      "key":"GITLAB_PAGES_EXTERNAL_HTTP",
      "value":":8081"
   },
   {
      "key":"GITLAB_HTTPS",
      "value":"true"
   },
   {
      "key":"GITLAB_PAGES_ENABLED",
      "value":"true"
   },
   {
      "key":"GITLAB_PAGES_DOMAIN",
      "value":"__HIDDEN__"
   },
   {
      "key":"GITLAB_SECRETS_DB_KEY_BASE",
      "value":"__HIDDEN__"
   },
   {
      "key":"GITLAB_SECRETS_SECRET_KEY_BASE",
      "value":"__HIDDEN__"
   },
   {
      "key":"GITLAB_SECRETS_OTP_KEY_BASE",
      "value":"__HIDDEN__"
   },
   {
      "key":"IMAP_USER",
      "value":"__HIDDEN__@gmail.com"
   },
   {
      "key":"IMAP_PASS",
      "value":"__HIDDEN__"
   },
   {
      "key":"SMTP_USER",
      "value":"__HIDDEN__@gmail.com"
   },
   {
      "key":"SMTP_PASS",
      "value":"__HIDDEN__"
   },
   {
      "key":"GITLAB_EMAIL",
      "value":"__HIDDEN__d@gmail.com"
   },
   {
      "key":"GITLAB_HOST",
      "value":"__HIDDEN__"
   },
   {
      "key":"GITLAB_PORT",
      "value":"443"
   },
   {
      "key":"GITLAB_SSH_PORT",
      "value":"22"
   },
   {
      "key":"GITLAB_BACKUP_SCHEDULE",
      "value":"daily"
   },
   {
      "key":"GITLAB_BACKUP_TIME",
      "value":"01:00"
   },
   {
      "key":"GITLAB_TIMEZONE",
      "value":"Berlin"
   },
   {
      "key":"TZ",
      "value":"Europe/Berlin"
   },
   {
      "key":"GITLAB_TIMEOUT",
      "value":"60"
   },
   {
      "key":"OAUTH_ENABLED",
      "value":"true"
   },
   {
      "key":"OAUTH_ALLOW_SSO",
      "value":"google_oauth2"
   },
   {
      "key":"OAUTH_EXTERNAL_PROVIDERS",
      "value":"google_oauth2"
   },
   {
      "key":"OAUTH_BLOCK_AUTO_CREATED_USERS",
      "value":"false"
   },
   {
      "key":"OAUTH_GOOGLE_API_KEY",
      "value":"__HIDDEN__"
   },
   {
      "key":"OAUTH_GOOGLE_APP_SECRET",
      "value":"__HIDDEN__"
   }
]

And our load balancer/nginx config:

server {
    listen 80;
    server_name __HIDDEN__;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl http2;
    server_name __HIDDEN__;

    ssl on;
    ssl_certificate      /volume1/docker/certs/__HIDDEN__.crt;
    ssl_certificate_key  /volume1/docker/certs/__HIDDEN__.key;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;

    location / {
        proxy_set_header    Host $host;
        proxy_set_header    X-Real-IP $remote_addr;
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header    X-Forwarded-Ssl on;
        proxy_set_header    X-Forwarded-Proto https;
        proxy_redirect      off;

        proxy_pass          http://localhost:11080;
    }
}

Everything worked fine with 12.2.6 (and before), but after upgrading to 12.3.2 I got the mail_room errors. The docker image runs on a Synology device.

ToroNZ commented 4 years ago

For what is worth... in my case I encountered this due to my Dovecot service (IMAP) not exposing the intermediate certificate from Let's Encrypt which signed my mail server certificate. Adding the 'fullchain.pem' file to Dovecot config fixed the issue (unable to get local issuer certificate).

pierreozoux commented 4 years ago

I have the same error. I did verify my email server, and looks good with openssl.

I got this log in the container ./log:

/usr/lib/ruby/2.6.0/net/imap.rb:3495:in `parse_error': unexpected token ATOM (expected CRLF) (Net::IMAP::ResponseParseError)
    from /usr/lib/ruby/2.6.0/net/imap.rb:3347:in `match'
    from /usr/lib/ruby/2.6.0/net/imap.rb:2263:in `response'
    from /usr/lib/ruby/2.6.0/net/imap.rb:2181:in `parse'
    from /usr/lib/ruby/2.6.0/net/imap.rb:1244:in `get_response'
    from /usr/lib/ruby/2.6.0/net/imap.rb:1109:in `initialize'
    from /home/git/gitlab/vendor/bundle/ruby/2.6.0/gems/gitlab-mail_room-0.0.3/lib/mail_room/connection.rb:80:in `new'
    from /home/git/gitlab/vendor/bundle/ruby/2.6.0/gems/gitlab-mail_room-0.0.3/lib/mail_room/connection.rb:80:in `imap'
    from /home/git/gitlab/vendor/bundle/ruby/2.6.0/gems/gitlab-mail_room-0.0.3/lib/mail_room/connection.rb:90:in `log_in'
    from /home/git/gitlab/vendor/bundle/ruby/2.6.0/gems/gitlab-mail_room-0.0.3/lib/mail_room/connection.rb:72:in `setup'
    from /home/git/gitlab/vendor/bundle/ruby/2.6.0/gems/gitlab-mail_room-0.0.3/lib/mail_room/connection.rb:8:in `initialize'
    from /home/git/gitlab/vendor/bundle/ruby/2.6.0/gems/gitlab-mail_room-0.0.3/lib/mail_room/mailbox_watcher.rb:59:in `new'
    from /home/git/gitlab/vendor/bundle/ruby/2.6.0/gems/gitlab-mail_room-0.0.3/lib/mail_room/mailbox_watcher.rb:59:in `connection'
    from /home/git/gitlab/vendor/bundle/ruby/2.6.0/gems/gitlab-mail_room-0.0.3/lib/mail_room/mailbox_watcher.rb:29:in `run'
    from /home/git/gitlab/vendor/bundle/ruby/2.6.0/gems/gitlab-mail_room-0.0.3/lib/mail_room/coordinator.rb:19:in `each'
    from /home/git/gitlab/vendor/bundle/ruby/2.6.0/gems/gitlab-mail_room-0.0.3/lib/mail_room/coordinator.rb:19:in `run'
    from /home/git/gitlab/vendor/bundle/ruby/2.6.0/gems/gitlab-mail_room-0.0.3/lib/mail_room/cli.rb:58:in `start'
    from /home/git/gitlab/vendor/bundle/ruby/2.6.0/gems/gitlab-mail_room-0.0.3/bin/mail_room:5:in `<top (required)>'
    from /home/git/gitlab/vendor/bundle/ruby/2.6.0/bin/mail_room:23:in `load'
    from /home/git/gitlab/vendor/bundle/ruby/2.6.0/bin/mail_room:23:in `<main>'
pierreozoux commented 4 years ago

Ok, sorry, wrong imap port configured :) Solved on my side ;)