@expatcz wrote:
Hi,
I'm trying to setup gitlab and mattermost behind haproxy.
I'm using the official docker image of gitlab/gitlab-ce , tag 9.2.1-ce.0 .
Both of them should be running in one and the same container, wich mappes the exposed ports 80 and 443 on the host 192.168.10.121:8080 -> 80
8443 -> 443gitlab uses the hostname 'git.mydomain.com' ,
mattermost uses 'chat.mydomain.com'Both are directed to the same haproxy backend:
backend http_gitlab
mode http
option httplog
option forwardfor
option http-server-close
option httpchk
http-request set-header X-Forwarded-Port %[dst_port]
http-request set-header X-Forwarded-Proto https if { ssl_fc }
server gitlab 192.168.10.121:8080 maxconn 50I've modified the gitlab.rb according the gitlab documentation:
external_url 'https://git.mydomain.com'
nginx['listen_port'] = 80
nginx['listen_https'] = false
nginx['proxy_set_headers'] = {
"X-Forwarded-Proto" => "https",
"X-Forwarded-Ssl" => "on",
}mattermost_external_url 'https://chat.mydomain.com'
mattermost_nginx['listen_port'] = 80
mattermost_nginx['listen_https'] = false
mattermost_nginx['proxy_set_headers'] = {
"X-Forwarded-Proto" => "https",
"X-Forwarded-Ssl" => "on",
}gitlab itself is working fine at https://git.mydomain.com .
But mattermost has an issue with SSO: After it redirects me to gitlab for login and I klick 'Authorize', a blank page is displayed. The page source contains:{"id":"api.user.authorize_oauth_user.token_failed.app_error","message":"Token request failed","detailed_error":"","request_id":"km8x4wu9if817njji1rwb1smjc","status_code":500}
And an error message is raised in the mattermost current log:
2017-05-25_10:30:18.81999 [2017/05/25 10:30:18 UTC] [EROR] /signup/gitlab/complete:AuthorizeOAuthUser code=500 rid=urc7pnxmwpgd5p6xs73botb3gr uid= ip=192.168.10.2, 192.168.10.101 Token request failed [details: Post https://git.mydomain.com/oauth/token: x509: certificate is not valid for any names, but wanted to match git.mydomain.com]
I've no glue, what could cause this error. gitlab is running fine with the certificate on the proxy server. I also copied the git.mydomain.com.crt from the haproxy server to the config/ssl dir of gitlab because it also contains the ca's cert. But the error persists.
Does someone have any hint about the issue?
Thanks a lot.
Posts: 1
Participants: 1