Fix use of FQDN in file links

Summary

This is a regression in version 12.x of GitLab, version 11.11.2-ce.0 (and at least some subsequent ones) performed as expected.

GitLab-CE inserts FQDNs into the links in the project file listings. This breaks these links when accessing GitLab via a a VPN or SSH tunnel which changes the server URL. In our case, GitLab is configured with a local network external_url of mysite.local but external access via VPN is routed via mysite.vpn.

Steps to reproduce

(Irrelevant configuration changes omitted.)

See below for a definition of the (Bash syntax) shell variables.
docker run "${opts[@]}" gitlab/gitlab-ce:12.10.6-ce.0
docker cp "$iname":/etc/gitlab/gitlab.rb .
sed -i "s/^# external_url 'GENERATED_EXTERNAL_URL'$/external_url 'http:\\/\\/$url'/" gitlab.rb
docker cp gitlab.rb "$iname":/etc/gitlab/gitlab.rb
docker exec "$iname" gitlab-ctl reconfigure
Visit the instance’s web URL via a VPN or an SSH tunnel configured such that the URL differs from that configured in step 3 (e.g. mysite.vpn or localhost:8000).
Browse to a Git project overview page.
Click on any file (not folder!) link in the project’s file list view, or on the commit message link of the last commit, or of the author name link of the last commit.

(Irrelevant configuration changes omitted; see below for gitlab-ctl diff-config output.)

Environment:

url=mysite.local
iname=gitlab-test
base=path/to/gitlab

opts=(
  -d -h 0.0.0.0 -p 80:80 -p 2222:22
  -v $base/config:/etc/gitlab
  -v $base/logs:/var/log/gitlab
  -v $base/data:/var/opt/gitlab
  --name $iname
)

Example Project

n/a

What is the current bug behavior?

For the links noted above, the browser navigates to a URL starting with http://mysite.local/.

All (?) other links are correct (see next section). Notably, while the “last commit” link in the overview includes the (wrong) FQDN, the commit links in the commit overview (relative URL group/project/-/commits) does not include a domain name and thus work correctly.

What is the expected correct behavior?

File link hrefs should start with / instead of an FQDN; the browser should navigate to a URL starting with http://mysite.vpn/http://localhost:8000/ (or whatever IP/domain name is configured for the VPN connection).

Relevant logs and/or screenshots

Expand for output of gitlab-ctl diff-config

error: cannot run less: No such file or directory
diff --git a/etc/gitlab/gitlab.rb b/opt/gitlab/etc/gitlab.rb.template
index 4454a99..bc2bb7d 100644
--- a/etc/gitlab/gitlab.rb
+++ b/opt/gitlab/etc/gitlab.rb.template
@@ -26,7 +26,7 @@
 ##! On AWS EC2 instances, we also attempt to fetch the public hostname/IP
 ##! address from AWS. For more details, see:
 ##! https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-retrieval.html
-external_url 'http://mysite.local'
+# external_url 'GENERATED_EXTERNAL_URL'

 ## Roles for multi-instance GitLab
 ##! The default is to have no roles enabled, which results in GitLab running as an all-in-one instance.
@@ -59,7 +59,7 @@ external_url 'http://mysite.local'
 ## gitlab.yml configuration
 ##! Docs: https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/doc/settings/gitlab.yml.md
 ################################################################################
-gitlab_rails['gitlab_ssh_host'] = 'mysite.local:2222'
+# gitlab_rails['gitlab_ssh_host'] = 'ssh.host_example.com'
 # gitlab_rails['gitlab_ssh_user'] = ''
 # gitlab_rails['time_zone'] = 'UTC'

@@ -346,32 +346,53 @@ gitlab_rails['gitlab_ssh_host'] = 'mysite.local:2222'
 ###! **Be careful not to break the indentation in the ldap_servers block. It is
 ###!   in yaml format and the spaces must be retained. Using tabs will not work.**

-gitlab_rails['ldap_enabled'] = true
+# gitlab_rails['ldap_enabled'] = false
 # gitlab_rails['prevent_ldap_sign_in'] = false

-gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
-  main: # 'main' is the GitLab 'provider ID' of this LDAP server
-    label: 'LDAP'
-    host: 'redacted'
-    port: 389
-    uid: 'uid'
-    bind_dn: 'cn=gitlab,ou=services,dc=redacted,dc=com'
-    password: 'redacted'
-    encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
-    verify_certificates: true
-    smartcard_auth: false
-    active_directory: false
-    allow_username_or_email_login: true
-    lowercase_usernames: false
-    block_auto_created_users: false
-    base: 'dc=redacted,dc=com'
-    user_filter: ''
-    ## EE only
-    group_base: ''
-    admin_group: ''
-    sync_ssh_keys: false
-EOS
+###! **remember to close this block with 'EOS' below**
+# gitlab_rails['ldap_servers'] = YAML.load <<-'EOS'
+#   main: # 'main' is the GitLab 'provider ID' of this LDAP server
+#     label: 'LDAP'
+#     host: '_your_ldap_server'
+#     port: 389
+#     uid: 'sAMAccountName'
+#     bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
+#     password: '_the_password_of_the_bind_user'
+#     encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
+#     verify_certificates: true
+#     smartcard_auth: false
+#     active_directory: true
+#     allow_username_or_email_login: false
+#     lowercase_usernames: false
+#     block_auto_created_users: false
+#     base: ''
+#     user_filter: ''
+#     ## EE only
+#     group_base: ''
+#     admin_group: ''
+#     sync_ssh_keys: false
+#
+#   secondary: # 'secondary' is the GitLab 'provider ID' of second LDAP server
+#     label: 'LDAP'
+#     host: '_your_ldap_server'
+#     port: 389
+#     uid: 'sAMAccountName'
+#     bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
+#     password: '_the_password_of_the_bind_user'
+#     encryption: 'plain' # "start_tls" or "simple_tls" or "plain"
+#     verify_certificates: true
+#     smartcard_auth: false
+#     active_directory: true
+#     allow_username_or_email_login: false
+#     lowercase_usernames: false
+#     block_auto_created_users: false
+#     base: ''
+#     user_filter: ''
+#     ## EE only
+#     group_base: ''
+#     admin_group: ''
+#     sync_ssh_keys: false
+# EOS

 ### Smartcard authentication settings
 ###! Docs: https://docs.gitlab.com/ee/administration/auth/smartcard.html
@@ -478,7 +499,7 @@ EOS
 # high_availability['mountpoint'] = ["/var/opt/gitlab/git-data", "/var/opt/gitlab/gitlab-rails/shared"]

 ### GitLab Shell settings for GitLab
-gitlab_rails['gitlab_shell_ssh_port'] = 22
+# gitlab_rails['gitlab_shell_ssh_port'] = 22
 # gitlab_rails['gitlab_shell_git_timeout'] = 800

 ### Extra customization
@@ -1173,7 +1194,7 @@ gitlab_rails['gitlab_shell_ssh_port'] = 22

 ##! **Override only if you use a reverse proxy**
 ##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#setting-the-nginx-listen-port
-nginx['listen_port'] = 80
+# nginx['listen_port'] = nil

 ##! **Override only if your reverse proxy internally communicates over HTTP**
 ##! Docs: https://docs.gitlab.com/omnibus/settings/nginx.html#supporting-proxied-ssl

Output of checks

(If you are reporting a bug on GitLab.com, write: This bug happens on GitLab.com)

Results of GitLab environment info

Expand for output related to GitLab environment info

System information
System:
Current User:   git
Using RVM:      no
Ruby Version:   2.6.5p114
Gem Version:    2.7.10
Bundler Version:1.17.3
Rake Version:   12.3.3
Redis Version:  5.0.7
Git Version:    2.26.2
Sidekiq Version:5.2.7
Go Version:     unknown

GitLab information
Version:        12.10.6
Revision:       833223f2a7f
Directory:      /opt/gitlab/embedded/service/gitlab-rails
DB Adapter:     PostgreSQL
DB Version:     11.7
URL:            http://mysite.local
HTTP Clone URL: http://mysite.local/some-group/some-project.git
SSH Clone URL:  [git@mysite.local:2222]:some-group/some-project.git
Using LDAP:     yes
Using Omniauth: yes
Omniauth Providers:

GitLab Shell
Version:        12.2.0
Repository storage paths:
- default:      /var/opt/gitlab/git-data/repositories
GitLab Shell path:              /opt/gitlab/embedded/service/gitlab-shell
Git:            /opt/gitlab/embedded/bin/git

Results of GitLab application Check

Expand for output related to the GitLab application check

Checking GitLab subtasks ...

Checking GitLab Shell ...

GitLab Shell: ... GitLab Shell version >= 12.2.0 ? ... OK (12.2.0) Running /opt/gitlab/embedded/service/gitlab-shell/bin/check Internal API available: OK Redis available via internal API: OK gitlab-shell self-check successful

Checking GitLab Shell ... Finished

Checking Gitaly ...

Gitaly: ... default ... OK

Checking Gitaly ... Finished

Checking Sidekiq ...

Sidekiq: ... Running? ... yes Number of Sidekiq processes ... 1

Checking Sidekiq ... Finished

Checking Incoming Email ...

Incoming Email: ... Reply by email is disabled in config/gitlab.yml

Checking Incoming Email ... Finished

Checking LDAP ...

LDAP: ... Server: ldapmain LDAP authentication... Success LDAP users with access to your GitLab server (only showing the first 100 results) User output sanitized. Found 17 users of 100 limit.

Checking LDAP ... Finished

Checking GitLab App ...

Git configured correctly? ... yes Database config exists? ... yes All migrations up? ... yes Database contains orphaned GroupMembers? ... no GitLab config exists? ... yes GitLab config up to date? ... yes Log directory writable? ... yes Tmp directory writable? ... yes Uploads directory exists? ... yes Uploads directory has correct permissions? ... yes Uploads directory tmp has correct permissions? ... yes Init script exists? ... skipped (omnibus-gitlab has no init script) Init script up-to-date? ... skipped (omnibus-gitlab has no init script) Projects have namespace: ... 5/82 ... yes 5/83 ... yes 5/84 ... yes 5/85 ... yes 5/86 ... yes 5/87 ... yes 5/88 ... yes 5/89 ... yes 7/90 ... yes 2/91 ... yes 7/92 ... yes 7/93 ... yes 5/94 ... yes 2/95 ... yes 5/96 ... yes 7/97 ... yes 5/98 ... yes 5/99 ... yes 5/100 ... yes 5/101 ... yes 5/102 ... yes 5/103 ... yes 5/104 ... yes 5/105 ... yes 5/106 ... yes 5/107 ... yes 5/108 ... yes 5/109 ... yes 2/110 ... yes 2/111 ... yes 5/112 ... yes 5/113 ... yes 5/115 ... yes 5/119 ... yes 5/120 ... yes 2/122 ... yes 2/123 ... yes 5/125 ... yes 5/126 ... yes 5/127 ... yes 5/128 ... yes 5/129 ... yes 5/130 ... yes 7/131 ... yes 7/132 ... yes 7/133 ... yes 7/134 ... yes 7/135 ... yes 2/136 ... yes 5/137 ... yes 2/138 ... yes 5/139 ... yes 5/142 ... yes 2/143 ... yes 2/144 ... yes 2/145 ... yes 5/146 ... yes 5/147 ... yes 5/148 ... yes 5/149 ... yes 5/151 ... yes 5/152 ... yes 5/153 ... yes 6/154 ... yes 5/155 ... yes 5/156 ... yes 5/157 ... yes 6/158 ... yes 5/159 ... yes 5/160 ... yes 7/161 ... yes 6/162 ... yes 6/163 ... yes Redis version >= 4.0.0? ... yes Ruby version >= 2.5.3 ? ... yes (2.6.5) Git version >= 2.22.0 ? ... yes (2.26.2) Git user has default SSH configuration? ... yes Active users: ... 15 Is authorized keys file accessible? ... yes

Checking GitLab App ... Finished

Checking GitLab subtasks ... Finished

Possible fixes

n/a

Edited May 22, 2020 by Konrad Rudolph