A few days ago i installed GitLab and it seemed to work just fine, but when i tried to connect today it printed an 502 error (to long time to load).
!! As i stated above, it works Perfectly fine with disabled Firewall :)
Code:
gitlab-ctl tail
Output:
2017-09-04_09:18:29.94177 2017/09/04 11:18:29 error: GET "/": badgateway: failed after 30s: dial tcp [::1]:8081: getsockopt: connection refused
2017-09-04_09:18:29.94187 git.myurl.com @ - - [2017-09-04 11:17:59.940389308 +0200 CEST] "GET / HTTP/1.1" 502 2925 "" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36" 30.001060
2017-09-04_09:18:30.27682 2017/09/04 11:18:30 Send static file "/opt/gitlab/embedded/service/gitlab-rails/public/favicon.ico" ("") for GET "/favicon.ico"
2017-09-04_09:18:30.27712 git.myurl.com @ - - [2017-09-04 11:18:30.276480568 +0200 CEST] "GET /favicon.ico HTTP/1.1" 200 5430 "https://git.myurl.com/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36" 0.000454
After trying and researching i found out that it works perfectly fine with disabled firewall so i looked up the needed ports and allowed them via
ufw allow "rule"
This are my Open Ports now:
ufw status
Output:
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
Apache Full ALLOW Anywhere
3306 ALLOW Anywhere
Dovecot IMAP ALLOW Anywhere
Postfix ALLOW Anywhere
Postfix SMTPS ALLOW Anywhere
Postfix Submission ALLOW Anywhere
Dovecot Secure IMAP ALLOW Anywhere
8080 ALLOW Anywhere
9987/udp ALLOW Anywhere
1194 ALLOW Anywhere
80 ALLOW Anywhere
443 ALLOW Anywhere
1194/udp ALLOW Anywhere
8443 ALLOW Anywhere
122 ALLOW Anywhere
123/udp ALLOW Anywhere
161/udp ALLOW Anywhere
22 ALLOW Anywhere
8081 ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
Apache Full (v6) ALLOW Anywhere (v6)
3306 (v6) ALLOW Anywhere (v6)
Dovecot IMAP (v6) ALLOW Anywhere (v6)
Postfix (v6) ALLOW Anywhere (v6)
Postfix SMTPS (v6) ALLOW Anywhere (v6)
Postfix Submission (v6) ALLOW Anywhere (v6)
Dovecot Secure IMAP (v6) ALLOW Anywhere (v6)
8080 (v6) ALLOW Anywhere (v6)
9987/udp (v6) ALLOW Anywhere (v6)
1194 (v6) ALLOW Anywhere (v6)
80 (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
1194/udp (v6) ALLOW Anywhere (v6)
8443 (v6) ALLOW Anywhere (v6)
122 (v6) ALLOW Anywhere (v6)
123/udp (v6) ALLOW Anywhere (v6)
161/udp (v6) ALLOW Anywhere (v6)
22 (v6) ALLOW Anywhere (v6)
8081 (v6) ALLOW Anywhere (v6)
I tried a few things now, but i have no clue why it wont work.
gitlab-ctl reconfigure
works just fine (like 10 times already).
I also restarted the server several times (and i can connect to gitlab every time, but only with disabled ufw)
gitlab-ctl status
Output:
run: gitaly: (pid 1385) 2506s; run: log: (pid 1383) 2506s
run: gitlab-monitor: (pid 1403) 2506s; run: log: (pid 1401) 2506s
run: gitlab-workhorse: (pid 1386) 2506s; run: log: (pid 1384) 2506s
run: logrotate: (pid 1400) 2506s; run: log: (pid 1399) 2506s
run: node-exporter: (pid 1409) 2506s; run: log: (pid 1408) 2506s
run: postgres-exporter: (pid 1410) 2506s; run: log: (pid 1402) 2506s
run: postgresql: (pid 1391) 2506s; run: log: (pid 1389) 2506s
run: prometheus: (pid 1407) 2506s; run: log: (pid 1406) 2506s
run: redis: (pid 1387) 2506s; run: log: (pid 1382) 2506s
run: redis-exporter: (pid 1405) 2506s; run: log: (pid 1404) 2506s
run: sidekiq: (pid 1396) 2506s; run: log: (pid 1395) 2506s
run: unicorn: (pid 1390) 2506s; run: log: (pid 1388) 2506s
Code:
grep "^[^#;]" /etc/gitlab/gitlab.rb
Output:
external_url 'https://git.myurl.com'
unicorn['port'] = 8081
gitlab_git_http_server['auth_backend'] = "http://localhost:8081"
web_server['external_users'] = ['www-data']
nginx['enable'] = false
gitlab_rails['internal_api_url'] = 'https://git.myurl.com'
Maybe Important, don't know
When i installed openvpn i had to add stuff to /etc/ufw/before.rules
Code:
less /etc/ufw/before.rules
Output (only relevant Stuff):
# START OPENVPN RULES
# NAT table rule
*nat
:POSTROUTING ACCEPT [0:0]
# Allow traffic from OpenVPN client to wlp11s0 (change to the interface
you discovered!)
-A POSTROUTING -s 10.8.0.0/8 -o ens3 -j MASQUERADE
COMMIT
# END OPENVPN RULES
When i do
ufw reload
Output:
ERROR: problem running ufw-init
Bad argument `*nat'
Error occurred at line: 21
Try `iptables-restore -h' or 'iptables-restore --help' for more
information.
Problem running '/etc/ufw/before.rules'
But when i run
ufw enable
right after it, it works and Firewall is active after that
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
As this is my First question ever asked on stackoverflow (yes i know how to google and never had to start a Thread myself ;) ) i hope i provided enough Info (if not just tell me) and somebody finds the time to help me,
thank you in advance,
Paul
edit: it works when i comment out the OpenVPN Rules in before.rules
ucommenting openvpn rules in before.rules solved the problem, i though want to know how to enable the masquerade without braking gitlab