Gitlab authorization: 504 Gateway Time-out

[Smahane]

I'm setting up sregistry with gitlab.com. In the login phase, when i click "Authorize" , i get a 504.. error.

bash-4.4$ docker-compose logs --tail=30 nginx 
....
nginx_1   | 2019/06/21 17:55:13 [error] 8#8: *31 upstream timed out (110: Operation timed out) while reading response header from upstream, client: 172.17.0.1, server: localhost, request: "GET /complete/gitlab/?code=6ad4d418667b9ecf154606a8f56378d5c1274b7d91ac8e5b1671385f80bf7a3e&state=yZuKwNielfxootywJWikkEb9GPzJDlCl HTTP/1.1", upstream: "uwsgi://172.17.0.4:3031", host: "127.0.0.1"
nginx_1   | 172.17.0.1 - - [21/Jun/2019:17:55:13 +0000] "GET /complete/gitlab/?code=6ad4d418667b9ecf154606a8f56378d5c1274b7d91ac8e5b1671385f80bf7a3e&state=yZuKwNielfxootywJWikkEb9GPzJDlCl HTTP/1.1" 504 585 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36" "-"

Any idea what could be causing this issue please or how to debug? Thank you

[vsoch]

It's likely a configuration issue - these things tend to be sensitive for even small things like http vs https. Could you please walk me through everything you did for the setup, these steps? https://python-social-auth-docs.readthedocs.io/en/latest/backends/gitlab.html

And for the pictures above, are you showing that you clicked Authorize and it hung, or that you weren't able to click because it's greyed out?

[vsoch]

And what does the server log say? (the uwsgi container?)

[Smahane]

• for the picture, no. The button is enabled. It gets grayed out after i click it(normal) then it goes to the 504... error.
• My secrets.py file has these lines

  
  SECRET_KEY = 'xxxxxxxxxxxxxxx'

SOCIAL_AUTH_GITLAB_SCOPE = ['read_user'] SOCIAL_AUTH_GITLAB_KEY = 'xxxxxxxxxx' SOCIAL_AUTH_GITLAB_SECRET = 'xxxxxxxxxxxxxxxxx'

- The uwsgi log is showing some erros: Authentication failed: HTTPSConnectionPool(host='gitlab.com', port=443).. please see the attached log.
[uwsgi.log](https://github.com/singularityhub/sregistry/files/3315678/uwsgi.log)

[vsoch]

Ah this is much more informative! Are you behind a proxy? See https://github.com/python-gitlab/python-gitlab/issues/544

[vsoch]

You'd want to export these environment variables for the proxies for your container to find, the requests library will find (and use them) https://2.python-requests.org//en/master/user/advanced/#proxies

[Smahane]

yes I'm behind a proxy. I did setup the proxies and Socksv5 in the browser already but im not sure how to apply what they suggested in this link you pointed to above https://python-gitlab.readthedocs.io/en/stable/api-usage.html#proxy-configuration Should this be applied to one of the images in the sregistry container?

[Smahane]

And these proxies are already exported in my environment before i do docker-compose up. So i think the containers should've already taken these variables

[vsoch]

Yes that is correct, the containers need to know about the proxy (and they do not). What you want to do (in your Dockerfile that builds the container) is to specify those environment variables (with your proxy) as ENV, for example:

ENV HTTP_PROXY "http://proxy.server:1111"
ENV HTTPS_PROXY "https://proxy.server:3128"

And of course change that to the actual. If you are uncomfortable having them in your Dockerfile, then you can also do them as build arguments. In the Dockerfile:

ARG http_proxy
ARG https_proxy
ENV HTTP_PROXY ${http_proxy}
ENV HTTPS_PROXY ${https_proxy}

and then you would need to remember to do this:

docker build --build-arg https_proxy=https://proxy.server:9999 --build-arg http_proxy=http://proxy.server:9999 -t vanessa/sregistry .

The first is much simpler, so I'd do that if it's fairly trivial to keep the Dockerfile local and the proxy address isn't a secret if the file is found by one of your admins.

[vsoch]

@Smahane the containers don't see environment variables on your host.

[vsoch]

Docker == container == complete isolation. You must be thinking of Singularity :)

[Smahane]

Yes i was thinking SIngularity :)

It still doesn't work. I added the proxy variables to the DockerFile. but i didn't build the containers Should i rebuild the containers here or not needed?

[vsoch]

Haha, if you don't rebuild the containers, how will the environment variables be there? :)

[Smahane]

It worked :) Thanks a lot!!

One more please, i need to get it to work now with the organisation's gitlab (gitlab.organization.com). I understand from the docs that i only need to add SOCIAL_AUTH_GITLAB_API_URL = 'https://gitlab.organisation.com' and of course update the key and secret as well.

Anything else?

[vsoch]

I’ve never done it, but that’s the first thing I would try :) Double check the social core python docs I linked above to make sure everything looks right.

Just a heads up it’s getting late here and I’ll likely go offline soon, but I’ll be around over the weekend if you need more help.