Hi guys. I am facing frequent 403 forbidden issue for git cloning, runner's cloning, and curl requests to gitlab frontent port.
Running gitlab from sameersbn docker-compose.yml file with version 12.5.2.
Gitlab site works fine on browser.
ssh cloning is working fine.
Other API requests are working fine.
Git clone with https method gives 403 forbidden error.
Since gitlab runners also clone with https only by default, that gives same error.
I am running gitlab site on AWS machine with ubuntu server edition.
I have tried curl request directly in server in following ways -
Scenario 1
curl localhost:8000 (8000 is published port for http)
Forbidden
curl 10.0.0.114:8000
Works fine. Gives below output
<html><body>You are being <a href="https://10.0.0.114:8000/users/sign_in">redirected</a>.</body></html>
curl 172.20.0.4:80 (container ip and port of gitlab)
<html><body>You are being <a href="https://172.20.0.4:80/users/sign_in">redirected</a>.</body></html>
Now sometimes both (server's private ip and localhost) gives forbidden error. Followed by container ip curl request error forbidden.
Scenario 2
curl localhost:8000 (8000 is published port for http)
Forbidden
curl 10.0.0.114:8000
forbidden
curl 172.20.0.4:80 (container ip and port of gitlab)
forbidden
Infra configuration
AWS EC2 t3.large.
Public VPC and subnet.
Security group has inbound access for http and ssh properly
Gitlab running as docker-compose.
Web server Nginx as daemon service for ssl and domain mapping.
Elastic IP for Public ip persistance.
None of the above is giving permanent solution.
Following suspected behaviour -
Docker network is giving issue somewhere
Postgresql database is giving issue.
Following solution we have tried -
Changing docker-compose network range.
Starting fresh gitlab on new aws server and using same volume data from original gitlab server.
Tried different subnets in aws VPC for the server.
When scenario 1 happens, I do workaround fix by pointing my nginx to private ip of server from localhost.
Please help...
Let me know if any follow up questions are there to get more details.
Hi guys. I am facing frequent 403 forbidden issue for git cloning, runner's cloning, and curl requests to gitlab frontent port.
Running gitlab from sameersbn docker-compose.yml file with version 12.5.2. Gitlab site works fine on browser. ssh cloning is working fine. Other API requests are working fine. Git clone with https method gives 403 forbidden error. Since gitlab runners also clone with https only by default, that gives same error. I am running gitlab site on AWS machine with ubuntu server edition.
I have tried curl request directly in server in following ways -
Scenario 1
Now sometimes both (server's private ip and localhost) gives forbidden error. Followed by container ip curl request error forbidden.
Scenario 2
Infra configuration
None of the above is giving permanent solution.
Following suspected behaviour -
Following solution we have tried -
Please help...
Let me know if any follow up questions are there to get more details.