Redirect HTTP to HTTPS should use the Nginx Listen Ports
Summary
I'm currently in the process of setting up a gitlab-ee on an Ubuntu 16.04.3 machine that has been installed via apt
. Since I'm already running an nginx with SSL on that machine I decided to set it up as a reverse proxy for gitlab's embedded nginx.
Following various tutorials on how to properly set up gitlab using SSL behind a reverse proxy, I stumbled upon the configuration nginx['redirect_http_to_https'] = true
, which sounded useful and is in fact what we also do for other sites.
Since my standalone nginx is already using port 80, I've both set the following options:
nginx['listen_port'] = 10200
nginx['listen_https'] = 10300
However, running gitlab-ctl reconfigure
gitlab's embedded nginx correctly moans that port 80 is already in use:
2018-02-15_09:08:17.82462 2018/02/15 10:08:17 [emerg] 28964#0: bind() to 127.0.0.1:80 failed (98: Address already in use)
2018-02-15_09:08:17.82484 2018/02/15 10:08:17 [emerg] 28964#0: bind() to [::1]:80 failed (98: Address already in use)
2018-02-15_09:08:18.32506 2018/02/15 10:08:17 [emerg] 28964#0: bind() to 127.0.0.1:80 failed (98: Address already in use)
2018-02-15_09:08:18.32579 2018/02/15 10:08:17 [emerg] 28964#0: bind() to [::1]:80 failed (98: Address already in use)
2018-02-15_09:08:18.82517 2018/02/15 10:08:17 [emerg] 28964#0: bind() to 127.0.0.1:80 failed (98: Address already in use)
2018-02-15_09:08:18.82537 2018/02/15 10:08:17 [emerg] 28964#0: bind() to [::1]:80 failed (98: Address already in use)
2018-02-15_09:08:19.32552 2018/02/15 10:08:17 [emerg] 28964#0: bind() to 127.0.0.1:80 failed (98: Address already in use)
2018-02-15_09:08:19.32566 2018/02/15 10:08:17 [emerg] 28964#0: bind() to [::1]:80 failed (98: Address already in use)
2018-02-15_09:08:19.82564 2018/02/15 10:08:17 [emerg] 28964#0: bind() to 127.0.0.1:80 failed (98: Address already in use)
2018-02-15_09:08:19.82579 2018/02/15 10:08:17 [emerg] 28964#0: bind() to [::1]:80 failed (98: Address already in use)
2018-02-15_09:08:20.32609 2018/02/15 10:08:17 [emerg] 28964#0: still could not bind()
After googling for a while and reading through the generated config files, I've found that nginx['redirect_http_to_https'] = true
generates an nginx server block that uses port 80 instead of the configured nginx['listen_port']
, which is what I expected it to do.
Steps to reproduce
- Open
/etc/gitlab/gitlab.rb
with your favourite editor - Configure the following settings
nginx['redirect_http_to_https'] = true
nginx['listen_port'] = 10200
nginx['listen_https'] = 10300
- Run
gitlab-ctl reconfigure
- Open
/var/opt/gitlab/nginx/conf/gitlab-http.conf
and notice the new server block:
## Redirects all HTTP traffic to the HTTPS host
server {
listen 127.0.0.1:80;
listen [::1]:80;
server_name your-server-name;
server_tokens off; ## Don't show the nginx version number, a security best practice
return 301 https://your-server-name:443$request_uri;
access_log /var/log/gitlab/nginx/gitlab_access.log gitlab_access;
error_log /var/log/gitlab/nginx/gitlab_error.log;
}
Example Project
None
What is the current bug behavior?
The "Redirects all HTTP traffic to the HTTPS host" ignores the configured nginx['listen_http']
port and instead hardcodes it to port 80.
What is the expected correct behavior?
Use the configured nginx['listen_http']
port.
Relevant logs and/or screenshots
2018-02-15_09:08:17.82462 2018/02/15 10:08:17 [emerg] 28964#0: bind() to 127.0.0.1:80 failed (98: Address already in use)
2018-02-15_09:08:17.82484 2018/02/15 10:08:17 [emerg] 28964#0: bind() to [::1]:80 failed (98: Address already in use)
2018-02-15_09:08:18.32506 2018/02/15 10:08:17 [emerg] 28964#0: bind() to 127.0.0.1:80 failed (98: Address already in use)
2018-02-15_09:08:18.32579 2018/02/15 10:08:17 [emerg] 28964#0: bind() to [::1]:80 failed (98: Address already in use)
2018-02-15_09:08:18.82517 2018/02/15 10:08:17 [emerg] 28964#0: bind() to 127.0.0.1:80 failed (98: Address already in use)
2018-02-15_09:08:18.82537 2018/02/15 10:08:17 [emerg] 28964#0: bind() to [::1]:80 failed (98: Address already in use)
2018-02-15_09:08:19.32552 2018/02/15 10:08:17 [emerg] 28964#0: bind() to 127.0.0.1:80 failed (98: Address already in use)
2018-02-15_09:08:19.32566 2018/02/15 10:08:17 [emerg] 28964#0: bind() to [::1]:80 failed (98: Address already in use)
2018-02-15_09:08:19.82564 2018/02/15 10:08:17 [emerg] 28964#0: bind() to 127.0.0.1:80 failed (98: Address already in use)
2018-02-15_09:08:19.82579 2018/02/15 10:08:17 [emerg] 28964#0: bind() to [::1]:80 failed (98: Address already in use)
2018-02-15_09:08:20.32609 2018/02/15 10:08:17 [emerg] 28964#0: still could not bind()