gitlab与Apache连接被拒绝

Question

我无法让gitlab在我的服务器上工作。
的environnment是：
的Ubuntu 16.04.1 LTS
的Apache 2.4

我通过综合脚本安装gitlab，编辑gitlab.rb，使其与Apache的工作，取得了虚拟主机专用，挣扎与小SSL证书，得到它的工作，但我坚持一个我无法解决的错误。

当我去https://gitlab.mydomain.com/users/sign_in我有一个漂亮的503 错误日志中说：

[Tue Apr 18 16:58:56.556702 2017] [proxy:error] [pid 31966] (111)Connection refused: AH00957: HTTPS: attempt to connect to 127.0.0.1:8181 (*) failed 
[Tue Apr 18 16:58:56.556722 2017] [proxy_http:error] [pid 31966] [client 93.182.244.38:60339] AH01114: HTTP: failed to make connection to backend: 127.0.0.1, referer: https://gitlab.mydomain.com/users/sign_in 

下面是使用虚拟主机：

<VirtualHost *:443> 
    ServerName gitlab.mydomain.com 
    ServerSignature Off 
    SSLEngine on 
    SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem 
    SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem 

    ProxyPreserveHost On 

    # Ensure that encoded slashes are not decoded but left in their encoded state. 
    # http://doc.gitlab.com/ce/api/projects.html#get-single-project 
    AllowEncodedSlashes NoDecode 

    <Location /> 
    # New authorization commands for apache 2.4 and up 
    # http://httpd.apache.org/docs/2.4/upgrading.html#access 
    Require all granted 

    #Allow forwarding to gitlab-workhorse 
    ProxyPassReverse https://127.0.0.1:8181 
    ProxyPassReverse https://gitlab.mydomain.com/ 
    </Location> 

    # Apache equivalent of nginx try files 
    # http://serverfault.com/questions/290784/what-is-apaches-equivalent-of-nginxs-try-files 
    # http://stackoverflow.com/questions/10954516/apache2-proxypass-for-rails-app-gitlab 
    RewriteEngine on 

    #Forward all requests to gitlab-workhorse 
    RewriteRule .* https://127.0.0.1:8181%{REQUEST_URI} [P,QSA] 

    # needed for downloading attachments 
    DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public 

    #Set up apache error documents, if back end goes down (i.e. 503 error) then a maintenance/deploy page is thrown up. 
    ErrorDocument 404 /404.html 
    ErrorDocument 422 /422.html 
    ErrorDocument 500 /500.html 
    ErrorDocument 503 /deploy.html 

    # It is assumed that the log directory is in /var/log/httpd. 
    # For Debian distributions you might want to change this to 
    # /var/log/apache2. 
    LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common_forwarded 
    ErrorLog ${APACHE_LOG_DIR}/gitlab_error.log 
    CustomLog ${APACHE_LOG_DIR}/gitlab_forwarded.log common_forwarded 
    CustomLog ${APACHE_LOG_DIR}/gitlab_access.log combined env=!dontlog 
    CustomLog ${APACHE_LOG_DIR}/gitlab.log combined 
</VirtualHost> 

我做了什么错？

谢谢你的帮助。

Answer 1

gitlab-workhorsedoesn't support SSL connections

驮马可以处理，而不涉及的Rails都有些要求： 例如，JavaScript文件和CSS文件是从磁盘直接 服务。

驮马可以修改的Rails发送的响应：例如，如果你在Rails中使用 由send_file然后gitlab，主力将打开 磁盘上的文件和发送它的内容作为响应体到客户端。

在征得Rails许可后，主力可以接管请求。 示例：处理git clone。

Workhorse可以在将请求传递给Rails之前修改请求。例如： 当处理Git LFS上传时，Workhorse首先请求来自 Rails的权限，然后它将请求正文存储在一个临时文件中，然后它发送一个修改的请求，包含temp文件路径到Rails。

工作人员可以管理Rails的长期WebSocket连接。例如：处理终端websocket的环境。

Workhorse不连接到Postgres，只连接到Rails和（可选）Redis。

我们假设所有到达Workhorse的请求都首先通过 上游代理（如NGINX或Apache）。

主力不接受HTTPS连接。

工作人员不清理空闲的客户端连接。

我们假设所有对Rails的请求都通过了Workhorse。