Gitlab: Difference between revisions
imported>Onny Add troubleshooting section for running behind reverse proxy |
imported>Onny mNo edit summary |
||
Line 35: | Line 35: | ||
== Troubleshooting == | == Troubleshooting == | ||
=== Error 422 The change you requested was rejected on login | === Error 422 The change you requested was rejected on login === | ||
There might be different reasons for this error to show up after a failing login. One possible issue could be that your Gitlab instance is configured to be served with SSL encryption but running unencrypted behind a reverse proxy | There might be different reasons for this error to show up after a failing login. One possible issue could be that your Gitlab instance is configured to be served with SSL encryption but running unencrypted behind a reverse proxy |
Revision as of 20:46, 24 November 2022
The GitLab web application offers git repository management, code reviews, issue tracking, activity feeds and wikis.
Installation
A minimal local installation of Gitlab might look like this
services.gitlab = {
enable = true;
databasePasswordFile = pkgs.writeText "dbPassword" "test123";
initialRootPasswordFile = pkgs.writeText "rootPassword" "test123";
secrets = {
secretFile = pkgs.writeText "secret" "Aig5zaic";
otpFile = pkgs.writeText "otpsecret" "Riew9mue";
dbFile = pkgs.writeText "dbsecret" "we2quaeZ";
jwsFile = pkgs.runCommand "oidcKeyBase" {} "${pkgs.openssl}/bin/openssl genrsa 2048 > $out";
};
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts = {
localhost = {
locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
};
};
};
services.openssh.enable = true;
systemd.services.gitlab-backup.environment.BACKUP = "dump";
Troubleshooting
Error 422 The change you requested was rejected on login
There might be different reasons for this error to show up after a failing login. One possible issue could be that your Gitlab instance is configured to be served with SSL encryption but running unencrypted behind a reverse proxy
services.gitlab = {
enable = true;
port = 443;
https = true;
[...]
To solve this, add following http headers to your upstream reverse proxy. In this example for the web server Caddy but it can be set for others too
caddy = {
enable = true;
virtualHosts = {
"git.example.org".extraConfig = ''
reverse_proxy http://10.100.0.3 {
header_up X-Forwarded-Proto https
header_up X-Forwarded-Ssl on
}
'';
};
};