Hallo,
ich habe mir mal aus neugier Gitlab installiert, dazu wollte ich Netbeans IDE nutzen.
Nach anfänglichen Schwierigkeiten läuft es nun jetzt, nur Netbeans kann via Team -> Git -> Clone... auf meine https:// balblub.git Repository Adresse nicht zugreifen.
Es kommt immer der Fehler: Cannot connect to repository at [url]https://git.christoph-neumann.org/Miraculix/test.git[/url]
Nginx ssl config
Code
# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
# fullchain.pem
ssl_certificate /etc/nginx/.security/certificates/christoph-neumann.org/fullchain.pem;
# privkey.pem
ssl_certificate_key /etc/nginx/.security/certificates/christoph-neumann.org/privkey.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# intermediate configuration. tweak to your needs.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
#ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
ssl_prefer_server_ciphers on;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
## verify chain of trust of OCSP response using Root CA and Intermediate certs
# chain.pem
ssl_trusted_certificate /etc/nginx/.security/certificates/christoph-neumann.org/chain.pem;
# Setting DNS resolver
# 8.8.8.8 google 1st
# 8.8.4.4 google 2nd
# 46.38.225.230 netcup
# Setting [valid=time] parameter overrides the default TTL time.
resolver 8.8.8.8 8.8.4.4 46.38.225.230 valid=60s;
Alles anzeigen
Nginx Server
Code
# GitLab configuration
#
# HTTP
upstream gitlab-workhorse {
server unix:/var/opt/gitlab/gitlab-workhorse/socket;
}
server {
# Lets listen to the standard http port.
# Syntax: listen port [default_server] [ssl] [http2 | spdy]
# [proxy_protocol] [setfib=number] [fastopen=number]
# [backlog=number] [rcvbuf=size] [sndbuf=size]
# [accept_filter=filter] [deferred] [bind] [ipv6only=on|off]
# [reuseport] [so_keepalive=on|off|[keepidle]:[keepintvl]:[keepcnt]];
# IPv4
listen 80;
# IPv6
listen [::]:80;
# Sets the name of the vServer.
# e.g server_name example.com www.example.com;
# The first name becomes the primary server name.
# An _ (underscore) is an invalid value which will
# never trigger on a real hostname. Thus it catches all server names.
server_name git.christoph-neumann.org;
# We want to redirect every request in a location block, because that allows
# Let's Encrypt to verify every TLS certificate still on port 80 whithout
# getting redirected.
location / {
return 301 https://git.christoph-neumann.org$request_uri;
}
# The purpose of this location block is that Let's Encrypt can access the
# .well-known/acme-challenge for self verification process.
# Content-Type should be set to text/plain because Let's Encrypt uses the http-01 challenge mode.
# Set the root to your webserver path e.g. /var/www/html/example.com
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
root /var/www/htdocs/gitlab;
}
}
# Redirect to the non-www server_name.
#server {
# IPv4
# listen 443 ssl http2;
# IPv6
# listen [::]:443 ssl http2;
# standard SSL configuration src https://wiki.mozilla.org/Security/Server_Side_TLS
# include /etc/nginx/friday.d/ssl.d/christoph-neumann.org/ssl_intermediate.conf;
# server_name CHANGEME;
# return 301 https://$request_uri;
#}
# SSL
server {
# IPv4
listen 443 ssl http2;
# IPv6
listen [::]:443 ssl http2;
# standard SSL configuration src https://wiki.mozilla.org/Security/Server_Side_TLS
include /etc/nginx/friday.d/ssl.d/christoph-neumann.org/git.ssl.conf;
# See HTTP
server_name git.christoph-neumann.org;
access_log /var/log/nginx/gitlab_access.log combined;
error_log /var/log/nginx/gitlab_error.log;
# Defines the path to the root folder.
root /opt/gitlab/embedded/service/gitlab-rails/public;
client_max_body_size 250m;
location / {
## If you use HTTPS make sure you disable gzip compression
## to be safe against BREACH attack.
gzip off;
# Access denied except for the listed users in .htpasswd.
#include /etc/nginx/friday.d/locations.d/auth.d/*.conf;
## https://github.com/gitlabhq/gitlabhq/issues/694
## Some requests take more than 30 seconds.
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Ssl on;
proxy_pass http://gitlab-workhorse;
}
# Defines files that will be used as an index.
#index index.php index.html index.htm;
# PHP configuration
#location ~ \.php$ {
# include /etc/nginx/friday.d/fastcgi.d/fastcgi-php.conf;
# fastcgi_pass unix:/var/run/php5-fpm.sock;
#}
# Cache control Todo
#include /etc/nginx/friday.d/locations.d/cache.d/*.conf;
# Expire control Todo
#include /etc/nginx/friday.d/locations.d/expires.d/*.conf;
# File access protection.
include /etc/nginx/friday.d/locations.d/file-protect.d/*.conf;
Alles anzeigen
gitlab.rb wurde folgendes hinzugefügt
Code
nginx['enable'] = false
gitlab_rails['internal_api_url'] = 'https://git.christoph-neumann.org'
external_url 'https://git.christoph-neumann.org'
web_server['external_users'] = ['www-data']
Desweitern wurde usermod -aG gitlab-www www-data ausgeführt
Was fehlt bzw habe ich etwas übersehen?