Quelles sont les permissions nécessaires à nginx pour le socket Gitlab-workhorse?

J’ai essayé de faire le sorting toute la journée. J’exécute une installation omnibus de GitLab sur Ubuntu 14.04, en utilisant une installation nginx existante. Je peux ouvrir une session, créer des projets, des problèmes, etc. Une capture … J’utilise Plesk 12.5 sur ce serveur. Voici quelques sorties:

Erreur signalée par nginx:

2016/02/10 16:00:50 [crit] 24866#0: *53 connect() to unix://var/opt/gitlab/gitlab-workhorse/socket failed (13: Permission denied) while connecting to upstream, client: XXX.XXX.XX, server: git.example.com, request: "GET /namespace/project-name.git/info/refs?service=git-upload-pack HTTP/1.1", upstream: "http://unix://var/opt/gitlab/gitlab-workhorse/socket:/namespace/project-name.git/info/refs?service=git-upload-pack", host: "git.example.com" 

Les permissions sur le socket de travail:

srwxrwxrwx 1 git git 0 Feb 2 18:40 socket

• Registre docker gitlab avec nginx et omnibus externes
• Activer cert certifiée HTTPS pour GitLab Community Edition pour l’installateur Ominbus
• 502 Bad Gateway de Nginx pour une grande fourche GitLab
• L’environnement Docker via proxy nginx génère 502 Bad Gateway
• Gitlab: Problèmes avec Unicorn, Resque avec Passenger / Nginx

J’ai essayé de changer le propriétaire en nginx ( www-data ) et le groupe en gitlab-www mais pas de chance. Je n’utilise pas de répertoires différents … mais je ne sais pas où aller à partir de là. Je suis si près de courir que je me sens si loin !!

Gitlab: cochez (oui il y a une erreur dans les parameters IMAP, mais je ne pense pas que cela soit lié ???)

 Checking GitLab Shell ... GitLab Shell version >= 2.6.10 ? ... OK (2.6.10) Repo base directory exists? ... yes Repo base directory is a symlink? ... no Repo base owned by git:git? ... yes Repo base access is drwxrws---? ... yes hooks directories in repos are links: ... [... project checks all ok ...] Running /opt/gitlab/embedded/service/gitlab-shell/bin/check Check GitLab API access: OK Check directories and files: /var/opt/gitlab/git-data/repositories: OK /var/opt/gitlab/.ssh/authorized_keys: OK Test redis-cli executable: redis-cli 2.8.21 Send ping to redis server: PONG gitlab-shell self-check successful Checking GitLab Shell ... Finished Checking Sidekiq ... Running? ... yes Number of Sidekiq processes ... 1 Checking Sidekiq ... Finished Checking Reply by email ... Address formatted correctly? ... yes IMAP server credentials are correct? ... no Try fixing it: Check that the information in config/gitlab.yml is correct For more information see: doc/incoming_email/README.md Please fix the error above and rerun the checks. Init.d configured correctly? ... skipped (omnibus-gitlab has no init script) MailRoom running? ... can't check because of previous errors Checking Reply by email ... Finished Checking LDAP ... LDAP is disabled in config/gitlab.yml Checking LDAP ... Finished Checking GitLab ... Git configured with autocrlf=input? ... yes Database config exists? ... yes Database is SQLite ... no All migrations up? ... yes Database contains orphaned GroupMembers? ... no GitLab config exists? ... yes GitLab config outdated? ... no Log directory writable? ... yes Tmp directory writable? ... yes Uploads directory setup correctly? ... yes Init script exists? ... skipped (omnibus-gitlab has no init script) Init script up-to-date? ... skipped (omnibus-gitlab has no init script) projects have namespace: ... [... project checks all yes ...] Redis version >= 2.8.0? ... yes Ruby version >= 2.1.0 ? ... yes (2.1.8) Your git bin path is "/opt/gitlab/embedded/bin/git" Git version >= 1.7.10 ? ... yes (2.6.2) Active users: 4 Checking GitLab ... Finished 

Voici la configuration nginx pour le vhost:

 location /uploads/ { ## If you use HTTPS make sure you disable gzip compression ## to be safe against BREACH attack. gzip off; proxy_read_timeout 300; proxy_connect_timeout 300; proxy_redirect off; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Frame-Options SAMEORIGIN; proxy_pass https://gitlab; } location @gitlab { ## If you use HTTPS make sure you disable gzip compression ## to be safe against BREACH attack. gzip off; proxy_read_timeout 300; proxy_connect_timeout 300; proxy_redirect off; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Frame-Options SAMEORIGIN; #proxy_pass http://gitlab; # Returns 502 error if not changed to localhost proxy_pass http://localhost:8080; } location ~ ^/[\w\.-]+/[\w\.-]+/gitlab-lfs/objects { client_max_body_size 0; error_page 418 = @gitlab-workhorse; return 418; } location ~ ^/[\w\.-]+/[\w\.-]+/(info/refs|git-upload-pack|git-receive-pack)$ { client_max_body_size 0; error_page 418 = @gitlab-workhorse; return 418; } location ~ ^/[\w\.-]+/[\w\.-]+/repository/archive { client_max_body_size 0; error_page 418 = @gitlab-workhorse; return 418; } location ~ ^/api/v3/projects/.*/repository/archive { client_max_body_size 0; error_page 418 = @gitlab-workhorse; return 418; } location ~ ^/[\w\.-]+/[\w\.-]+/builds/download { client_max_body_size 0; error_page 418 = @gitlab-workhorse; return 418; } location ~ /ci/api/v1/builds/[0-9]+/artifacts { client_max_body_size 0; error_page 418 = @gitlab-workhorse; return 418; } location @gitlab-workhorse { client_max_body_size 0; ## If you use HTTPS make sure you disable gzip compression ## to be safe against BREACH attack. gzip off; # proxy_read_timeout 300; # proxy_connect_timeout 300; # proxy_redirect off; proxy_buffering off; # The following settings only work with NGINX 1.7.11 or newer # # # Pass chunked request bodies to gitlab-workhorse as-is #proxy_request_buffering off; proxy_read_timeout 300; proxy_connect_timeout 300; proxy_redirect off; proxy_http_version 1.1; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Ssl on; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://gitlab-workhorse; } location ~ ^/(assets)/ { root /opt/gitlab/embedded/service/gitlab-rails/public; gzip_static on; # to serve pre-gzipped version expires max; add_header Cache-Control public; } location ~ / { root /opt/gitlab/embedded/service/gitlab-rails/public; try_files $uri $uri/index.html $uri.html @gitlab; } error_page 502 /502.html; 

Enfin, voici la configuration au niveau du bloc serveur pour le vhost:

 upstream gitlab { server unix:/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket fail_timeout=0; } upstream gitlab-workhorse { server unix://var/opt/gitlab/gitlab-workhorse/socket fail_timeout=0; } 

En consultant les documents à l’ adresse https://github.com/gitlabhq/omnibus-gitlab/blob/master/doc/settings/nginx.md Je vois cette note mais elle ne spécifie pas quelles devraient être les permissions:

* Remarque: assurez-vous que l’utilisateur du serveur Web dispose des permissions appropriées sur tous les répertoires utilisés par le serveur Web externe, sinon vous recevrez un message d’échec (XX: Autorisation refusée) lors de la lecture des erreurs en amont.

Toute orientation serait très appréciée.

• Recréer le fichier de configuration gitlabs nginx
• Problèmes de configuration de Gitlab :: Conflit de port de Licorne NGINX
• Comment configurer nginx pour servir gitlabhq sur un SubURI
• Installé gitlab, mais uniquement les pages d’accueil de nginx
• Comment redémarrer séparément nginx en gitlab?

 user www-data; 

 sudo usermod -aG gitlab-www www-data 

  # my nginx run with user nginx. web_server['external_users'] = ['nginx'] web_server['username'] = 'nginx' web_server['group'] = 'nginx' web_server['uid'] = 994 web_server['gid'] = 991 web_server['shell'] = '/bin/false' web_server['home'] = '/var/lib/nginx'