External GitLab Pages and pages_external_url using HTTPS - Nginx fails to restart
Summary
When using an external GitLab Pages server, Nginx on the the main GitLab server fails to start after a reconfigure if pages_external_url is set to a https url.
Steps to reproduce
On the GitLab server, use this configuration in the /etc/gitlab/gitlab.rb file:
pages_external_url "https://<GITLAB_PAGES_DOMAIN>"
gitlab_pages['enable'] = falseAfter a reconfigure, Nginx will fail to restart as it is expecting a certificate to exist in /etc/gitlab/ssl for the pages hostname.
If gitlab_pages['enable'] is false but no pages_external_url is specified, there is no problem.
If gitlab_pages['enable'] is false and pages_external_url is set to a https url, GitLab creates the Nginx Pages vhost file /var/opt/gitlab/nginx/conf/gitlab-pages.conf which should not be created, since we are using an external GitLab Pages.
What is the current bug behavior?
gitlab_pages['enable'] = false seems to be ignored and a Nginx vhost is created if pages_external_url with a https url exists.
What is the expected correct behavior?
gitlab_pages['enable'] = false should be respected and the Nginx vhost for Pages should not be created if pages_external_url with a https url exists.
Workarounds
- Use a
http(insecure) url forpages_external_url - Add a SSL certificate to
/etc/gitlab/ssl(untested)
Relevant logs
Relevant logs
==> /var/log/gitlab/nginx/current <==
2019-12-02_06:29:59.78343 nginx: [emerg] cannot load certificate "/etc/gitlab/ssl/GITLAB_PAGES_DOMAIN.crt": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/gitlab/ssl/GITLAB_PAGES_DOMAIN.crt','r') error:2006D080:BIO routines:BIO_new_file:no such file)