Nginx – Gitlab error 502 on plesk server

On a VPS running on CentOS 6.8 with Plesk 12.0.18 I installed Gitlab Omnibus 8.12.7 – after few configuration it worked great for Plesk and Git (I was able to access plesk and websites managed by it, and to push/pull on the git server). I just had to configure Gitlab to not run with the bundled nginx.

Problem is I can't access Gitlab, I get the 502 error page from Gitlab.

Here is the relevant parts of the config.rb file:

external_url 'https://git.mydomain.fr'

gitlab_workhorse['enable'] = true
gitlab_workhorse['listen_network'] = "tcp"
gitlab_workhorse['listen_umask'] = 000
gitlab_workhorse['listen_addr'] = "localhost:8181"
gitlab_workhorse['auth_backend'] = "http://localhost:8081"

unicorn['port'] = 8081

web_server['external_users'] = ['vps_admin']

nginx['enable'] = false
nginx['redirect_http_to_https'] = true

gitlab_pages['enable'] = false

gitlab_rails['git_timeout'] = 600
nginx['keepalive_timeout'] = 300
unicorn['worker_timeout'] = 300

Configuration lines that are not quoted are just commented.

With that settings (and after running gitlab-ctl reconfigure, restarting server) I see Unicorn / Workhorse / git running all on the right port number, and no error message coming up (gitlab-ctl tail doesn't reveal any error).

I created the git.mydomain.fr vhost in Plesk, and set the following configuration in the nginx settings:

location /uploads/ {
    gzip off;

    proxy_read_timeout      300;
    proxy_connect_timeout   300;
    proxy_redirect          off;

    proxy_set_header    Host                $http_host;
    proxy_set_header    X-Real-IP           $remote_addr;
    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto   $scheme;
    proxy_set_header    X-Frame-Options     SAMEORIGIN;

    proxy_pass http://gitlab;
}

location @gitlab {
    gzip off;

    proxy_read_timeout      300;
    proxy_connect_timeout   300;
    proxy_redirect          off;

    proxy_set_header    Host                $http_host;
    proxy_set_header    X-Real-IP           $remote_addr;
    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto   $scheme;
    proxy_set_header    X-Frame-Options     SAMEORIGIN;

    proxy_pass http://gitlab;
}

location ~ ^/[\w\.-]+/[\w\.-]+/gitlab-lfs/objects {
    client_max_body_size 0;
    error_page 418 = @gitlab-workhorse;
    return 418;
}

location ~ ^/[\w\.-]+/[\w\.-]+/(info/refs|git-upload-pack|git-receive-pack)$ {
    client_max_body_size 0;
    error_page 418 = @gitlab-workhorse;
    return 418;
}

location ~ ^/[\w\.-]+/[\w\.-]+/repository/archive {
    client_max_body_size 0;
    error_page 418 = @gitlab-workhorse;
    return 418;
}

location ~ ^/api/v3/projects/.*/repository/archive {
    client_max_body_size 0;
    error_page 418 = @gitlab-workhorse;
    return 418;
}

location ~ ^/[\w\.-]+/[\w\.-]+/builds/download {
    client_max_body_size 0;
    error_page 418 = @gitlab-workhorse;
    return 418;
}

location ~ /ci/api/v1/builds/[0-9]+/artifacts {
    client_max_body_size 0;
    error_page 418 = @gitlab-workhorse;
    return 418;
}

location @gitlab-workhorse {
    client_max_body_size 0;

    proxy_read_timeout      300;
    proxy_connect_timeout   300;
    proxy_redirect          off;

    proxy_buffering off;
    proxy_set_header    Host                $http_host;
    proxy_set_header    X-Real-IP           $remote_addr;
    proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto   $scheme;

    proxy_pass http://gitlab-workhorse;
}

location ~ ^/(assets)/ {
    root /opt/gitlab/embedded/service/gitlab-rails/public;
    gzip_static on; # to serve pre-gzipped version
    expires max;
    add_header Cache-Control public;
}

location ~ / {
    root /opt/gitlab/embedded/service/gitlab-rails/public;
    try_files $uri $uri/index.html $uri.html @gitlab;
}

error_page 500 /500.html;
error_page 502 /502.html;
error_page 503 /503.html;
error_page 404 /404.html;
error_page 422 /422.html;

And with the following Apache settings:

ServerAdmin git@git.mydomain.fr
ServerName git.mydomain.fr
DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public
<Directory /opt/gitlab/embedded/service/gitlab-rails/public>
    Options Indexes FollowSymLinks
    AllowOverride All
    Order allow,deny
    Allow from all
    Options -MultiViews
</Directory>

ErrorLog logs/ssl_git_error.log
LogLevel debug
CustomLog logs/ssl_git_access.log combined

And the /etc/nginx/conf.d/gitlab.conf content:

upstream gitlab {
  server unix:/var/opt/gitlab/gitlab-rails/sockets/gitlab.socket fail_timeout=0;
}

upstream gitlab-workhorse {
    server localhost:8181;
    #server unix:/var/opt/gitlab/gitlab-rails/sockets/gitlab-workhorse.socket fail_timeout=0;
}

Anyone have an idea on what could be wrong here? RAM is ok (I have 3GB), and no error is showing in the logs… Just a 502 error when accessing gitlab.

Best Answer

I had the exact same problem. It's because the webuser has no access to the gitlab-socket. When you disable the built-in nginx the external web users have to be added to the gitlab-www group. This is done like this:

Step 1: Edit your /etc/gitlab/gitlab.rb file. Find the line (uncomment when commented):

web_server['external_users'] = []

I've added the user that is also assiociated in plesk with my gitlab domain (xxxx) as well as: nginx, apache and git. So mine looks like this (where xxxx is the user for this domain):

web_server['external_users'] = ['xxxx', 'nginx', 'git', 'apache']

Step 2: Reconfigure

gitlab-ctl reconfigure

Best Answer

Related Solutions

Nginx – Help needed setting up nginx to serve static files

Nginx proxy pass works for https but not http

Related Topic