<!--IssueSummary start--> <details> <summary> Everyone can contribute. [Help move this issue forward](https://handbook.gitlab.com/handbook/marketing/developer-relations/contributor-success/community-contributors-workflows/#contributor-links) while earning points, leveling up and collecting rewards. </summary> - [Label this issue](https://contributors.gitlab.com/manage-issue?action=label&projectId=278964&issueIid=387148) - [Close this issue](https://contributors.gitlab.com/manage-issue?action=close&projectId=278964&issueIid=387148) </details> <!--IssueSummary end--> Hello, I have a working gitlab deployment on machine **A**. I’d like to add a gitlab pages deployment, hosted on A, but proxied by **B**. These are the three main points: 1. **pages**, hosted on machine A, is reverse proxied by machine **B** 1. machine B has an nginx reverse proxy that applies the **wildcard ssl certificate**. 1. **authentication** for pages is enabled **ISSUE:** I have a working setup with points 1+2, which however breaks when I enable authentication (3). **ERROR:** The procedure breaks when gitlab tries to set the secrets (`gitlab-ctl reconfigure`): ``` * ruby_block[authorize pages with gitlab] action run[2022-12-27T15:22:34+00:00] WARN: Connecting to GitLab to generate new app_id and app_secret for GitLab Pages. [2022-12-27T15:22:57+00:00] WARN: Something went wrong while executing gitlab-rails runner command to get or create the app ID and secret. [2022-12-27T15:22:57+00:00] INFO: ruby_block[authorize pages with gitlab] called ``` ## Technical details: - both A and B have 2 eth interfaces, one public and one on a private network - A public eth serves gitlab - B public eth has wildcard alias for gitlab pages - A and B can communicate through the private interface (`192.168.32.0/24`, see addresses below) ### relevant `gitlab.rb` configuration on A: ``` pages_external_url "https://pages.XXX" gitlab_pages['enable'] = true ## from bug https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/4890#note_261373269 ## WHEN I ENABLE AUTHENTICATION IT BREAKS! gitlab_rails["pages_enabled"] = false ##! Configure to expose GitLab Pages on external IP address, serving the HTTP gitlab_pages['external_http'] = ['192.168.32.5:82'] gitlab_pages['propagate_correlation_id'] = false ``` ### nginx reverse-proxy config on B ``` server { listen 443 ssl ; listen [::]:443 ssl ; server_name ~.*.pages.<omissis>; location / { proxy_pass http://192.168.32.5:82; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forward-For $proxy_add_x_forwarded_for; proxy_set_header X-Forward-Proto http; proxy_set_header X-Nginx-Proxy true; proxy_redirect off; } ssl_certificate /XXX; ssl_certificate_key /XXX; ssl_password_file /XXX; } ``` Any help appreciated.