Error 500 on Gitlab Core Container Registry (OpenSSL::PKey::RSAError)
Summary
When I try to go to a project container registry, an error 500
is thrown.
Environment
Version : GitLab Core 11.11 (Omnibus)
System : Debian 9
Steps to reproduce
- Enable SSL in
gitlab.rb
(Self-signed company CA) - Enable Gitlab Container Registry under an existing Gitlab domain
- Go to the Registry tab of any project
- The following error 500 is thrown :
Logs (production.log)
Started GET "xxxx/container_registry" for 10.128.12.37 at 2019-05-27 15:09:58 +0200
Started GET "xxxx/issues/108/realtime_changes" for 10.128.12.96 at 2019-05-27 15:09:58 +0200
Processing by Projects::Registry::RepositoriesController#index as HTML
Parameters: {"namespace_id"=>"xxxx", "project_id"=>"xxxx"}
Completed 500 Internal Server Error in 14ms (ActiveRecord: 2.1ms)
OpenSSL::PKey::RSAError (Neither PUB key nor PRIV key: not enough data):
lib/json_web_token/rsa_token.rb:27:in `initialize'
lib/json_web_token/rsa_token.rb:27:in `new'
lib/json_web_token/rsa_token.rb:27:in `key'
lib/json_web_token/rsa_token.rb:31:in `public_key'
lib/json_web_token/rsa_token.rb:36:in `kid'
lib/json_web_token/rsa_token.rb:14:in `encoded'
app/services/auth/container_registry_authentication_service.rb:31:in `full_access_token'
app/models/container_repository.rb:18:in `registry'
app/models/container_repository.rb:11:in `client'
app/models/container_repository.rb:42:in `manifest'
app/models/container_repository.rb:46:in `tags'
app/models/container_repository.rb:60:in `has_tags?'
app/controllers/projects/registry/repositories_controller.rb:46:in `block (2 levels) in ensure_root_container_repository!'
app/controllers/projects/registry/repositories_controller.rb:45:in `tap'
app/controllers/projects/registry/repositories_controller.rb:45:in `block in ensure_root_container_repository!'
app/controllers/projects/registry/repositories_controller.rb:42:in `tap'
app/controllers/projects/registry/repositories_controller.rb:42:in `ensure_root_container_repository!'
lib/gitlab/session.rb:11:in `with_session'
app/controllers/application_controller.rb:439:in `set_session_storage'
lib/gitlab/i18n.rb:55:in `with_locale'
lib/gitlab/i18n.rb:61:in `with_user_locale'
app/controllers/application_controller.rb:435:in `set_locale'
lib/gitlab/middleware/multipart.rb:103:in `call'
lib/gitlab/request_profiler/middleware.rb:16:in `call'
lib/gitlab/middleware/go.rb:20:in `call'
lib/gitlab/etag_caching/middleware.rb:13:in `call'
lib/gitlab/middleware/correlation_id.rb:16:in `block in call'
lib/gitlab/middleware/correlation_id.rb:15:in `call'
lib/gitlab/middleware/read_only/controller.rb:40:in `call'
lib/gitlab/middleware/read_only.rb:18:in `call'
lib/gitlab/middleware/basic_health_check.rb:25:in `call'
lib/gitlab/request_context.rb:26:in `call'
lib/gitlab/metrics/requests_rack_middleware.rb:29:in `call'
lib/gitlab/middleware/release_env.rb:12:in `call'
Additional informations
The SSL certificate works for other operations like git clone
or Gitlab https access.
openssl s_client output :
New, TLSv1.2, Cipher is ECDHE-ECDSA-AES256-GCM-SHA384
Server public key is 256 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Edited by Florent Yu